@bastion-ai/openclaw-plugin 0.1.0

package/README.md

@@ -0,0 +1,186 @@
+# @bastion-ai/openclaw-plugin
+
+OpenClaw plugin for [Bastion](https://github.com/Matthieuhakim/Bastion).
+
+It ships a `bastion_fetch` tool that sends outbound HTTP requests through Bastion, so Bastion can enforce policy, inject credentials, handle HITL approval, and append audit records. It can also block direct calls to protected URLs on built-in tools like `web_fetch`.
+
+## Compatibility
+
+- OpenClaw `2026.3.13+`
+- Node.js `22+`
+- A running Bastion server
+
+This plugin targets the current released OpenClaw runtime by registering an explicit tool. It does not rely on unreleased transparent result-injection hooks.
+
+## Installation
+
+### From npm
+
+```bash
+openclaw plugins install @bastion-ai/openclaw-plugin
+```
+
+The installed plugin ID is `bastion-fetch`, so configure it under `plugins.entries["bastion-fetch"]`.
+
+### Local development / pre-publish
+
+From the Bastion repo root:
+
+```bash
+npm run build --workspace=packages/openclaw-plugin
+openclaw plugins install -l ./packages/openclaw-plugin
+```
+
+Or install a packed tarball:
+
+```bash
+npm pack --workspace=packages/openclaw-plugin
+openclaw plugins install ./packages/openclaw-plugin/bastion-ai-openclaw-plugin-0.1.0.tgz
+```
+
+## Bastion Setup
+
+1. Create an agent and save the returned `agentSecret` (`bst_...`):
+
+```bash
+curl -X POST http://localhost:3000/v1/agents \
+  -H "Authorization: Bearer $PROJECT_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"name": "my-openclaw-agent"}'
+```
+
+2. Store the upstream credential Bastion should inject:
+
+```bash
+curl -X POST http://localhost:3000/v1/credentials \
+  -H "Authorization: Bearer $PROJECT_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"name": "Stripe API Key", "type": "API_KEY", "value": "sk_live_...", "agentId": "<agentId>"}'
+```
+
+3. Create a policy that allows the action:
+
+```bash
+curl -X POST http://localhost:3000/v1/policies \
+  -H "Authorization: Bearer $PROJECT_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"agentId": "<agentId>", "credentialId": "<credentialId>", "allowedActions": ["stripe.*"]}'
+```
+
+## OpenClaw Configuration
+
+Add this to `openclaw.json`:
+
+```json
+{
+  "plugins": {
+    "entries": {
+      "bastion-fetch": {
+        "enabled": true,
+        "config": {
+          "serverUrl": "http://localhost:3000",
+          "agentSecret": { "$env": "BASTION_AGENT_SECRET" },
+          "rules": [
+            {
+              "tool": "web_fetch",
+              "urlPattern": "https://api.stripe.com/**",
+              "credentialId": "cred_abc123",
+              "action": "stripe.charges"
+            },
+            {
+              "tool": "web_fetch",
+              "urlPattern": "https://api.github.com/**",
+              "credentialId": "cred_def456",
+              "action": "github.api",
+              "injection": { "location": "header", "key": "Authorization" }
+            }
+          ],
+          "timeout": 30000
+        }
+      }
+    }
+  }
+}
+```
+
+Set your agent secret:
+
+```bash
+export BASTION_AGENT_SECRET=bst_...
+```
+
+## How Users Implement It
+
+Agents should call `bastion_fetch` for protected outbound API requests.
+
+Example tool call:
+
+```json
+{
+  "tool": "bastion_fetch",
+  "params": {
+    "url": "https://api.stripe.com/v1/charges",
+    "method": "POST",
+    "body": {
+      "amount": 5000,
+      "currency": "usd"
+    }
+  }
+}
+```
+
+The plugin matches the request URL against the configured rules, resolves the Bastion credential/action pair, calls Bastion's `/v1/proxy/execute`, and returns a structured tool result containing:
+
+- `status`
+- `headers`
+- `body`
+- `url`
+- `_bastion` metadata (`credentialId`, `action`, `policyDecision`, `durationMs`, optional `hitlRequestId`)
+
+If a rule includes `tool`, the plugin also blocks direct calls to that tool for matching URLs. For example, `tool: "web_fetch"` prevents the model from bypassing Bastion for those domains.
+
+## Prompting Guidance
+
+In your agent instructions, tell the model:
+
+```text
+Use `bastion_fetch` for requests to protected APIs such as Stripe or GitHub. Do not use `web_fetch` for those domains.
+```
+
+That keeps the workflow deterministic and lets the plugin enforce policy cleanly.
+
+## `agentSecret` formats
+
+| Format | Example |
+|--------|---------|
+| Plain string | `"bst_abc123..."` |
+| Environment variable | `{ "$env": "BASTION_AGENT_SECRET" }` |
+| File | `{ "$file": "/run/secrets/bastion_secret" }` |
+| Command | `{ "$exec": "vault read -field=secret secret/bastion" }` |
+
+## Rule Options
+
+| Field | Required | Description |
+|-------|----------|-------------|
+| `tool` | No | Built-in tool to block for matching URLs, e.g. `web_fetch` |
+| `urlPattern` | Yes | Glob pattern. `*` matches one path segment, `**` matches any depth |
+| `credentialId` | Yes | Bastion credential ID |
+| `action` | Yes | Action name for Bastion policy evaluation |
+| `injection` | No | Override credential injection (`header` / `query` / `body`) |
+| `params` | No | Dot-paths to extract Bastion policy params, e.g. `{ "amount": "body.amount" }` |
+
+Rules are evaluated in order. Put more specific patterns before broader wildcards.
+
+## Troubleshooting
+
+**Plugin logs "server is unreachable"**  
+Bastion is not running or not reachable from OpenClaw. Start it with `docker compose up -d && npm run dev`.
+
+**`bastion_fetch` returns "Blocked by Bastion policy"**  
+The agent's policy denied the action. Check Bastion policies or audit entries.
+
+**`bastion_fetch` hangs for minutes**  
+The request hit a HITL rule and Bastion is waiting for approval. Review pending requests via `GET /v1/hitl/pending`.
+
+**Direct `web_fetch` calls are blocked**  
+That is expected when a matching rule defines `tool: "web_fetch"`. Use `bastion_fetch` instead.

package/dist/bastionBridge.d.ts

@@ -0,0 +1,17 @@
+import type { ProxyExecuteResult } from '@bastion-ai/sdk';
+import type { CompiledRule } from './ruleEngine.js';
+export declare class BastionBridge {
+    private readonly client;
+    private readonly defaultTimeout;
+    constructor(serverUrl: string, agentSecret: string, defaultTimeout?: number);
+    /**
+     * Execute a proxied request through Bastion.
+     * Builds the ProxyExecuteInput from the matched rule and tool args, then
+     * delegates to the SDK. Throws BastionUnreachableError on network failures
+     * and BastionBlockedError when the policy denies the request.
+     */
+    executeProxy(rule: CompiledRule, toolArgs: Record<string, unknown>): Promise<ProxyExecuteResult>;
+    /** Check Bastion server availability. Returns false if unreachable. */
+    healthCheck(): Promise<boolean>;
+}
+//# sourceMappingURL=bastionBridge.d.ts.map

package/dist/bastionBridge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bastionBridge.d.ts","sourceRoot":"","sources":["../src/bastionBridge.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAI1D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAKpD,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;IACvC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;gBAE5B,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,SAAS;IAK3E;;;;;OAKG;IACG,YAAY,CAChB,IAAI,EAAE,YAAY,EAClB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,kBAAkB,CAAC;IAyC9B,uEAAuE;IACjE,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;CAQtC"}

package/dist/bastionBridge.js

@@ -0,0 +1,73 @@
+import { BastionClient } from '@bastion-ai/sdk';
+import { BastionForbiddenError } from '@bastion-ai/sdk';
+import { BastionUnreachableError, BastionBlockedError } from './errors.js';
+import { extractParams } from './ruleEngine.js';
+/** Timeout for HITL-escalated requests (5.5 min — slightly above Bastion's 5-min HITL window). */
+const HITL_CLIENT_TIMEOUT_MS = 330_000;
+export class BastionBridge {
+    client;
+    defaultTimeout;
+    constructor(serverUrl, agentSecret, defaultTimeout = 30_000) {
+        this.client = new BastionClient({ baseUrl: serverUrl, apiKey: agentSecret });
+        this.defaultTimeout = defaultTimeout;
+    }
+    /**
+     * Execute a proxied request through Bastion.
+     * Builds the ProxyExecuteInput from the matched rule and tool args, then
+     * delegates to the SDK. Throws BastionUnreachableError on network failures
+     * and BastionBlockedError when the policy denies the request.
+     */
+    async executeProxy(rule, toolArgs) {
+        const url = toolArgs['url'];
+        const method = typeof toolArgs['method'] === 'string' ? toolArgs['method'] : 'GET';
+        const headers = typeof toolArgs['headers'] === 'object' && toolArgs['headers'] !== null
+            ? toolArgs['headers']
+            : {};
+        const body = toolArgs['body'];
+        const requestedTimeout = typeof toolArgs['timeout'] === 'number' && toolArgs['timeout'] > 0
+            ? toolArgs['timeout']
+            : this.defaultTimeout;
+        const params = rule.params ? extractParams(toolArgs, rule.params) : undefined;
+        // For HITL escalations, Bastion may block up to 5 min — use a longer client timeout.
+        const timeout = Math.max(requestedTimeout, HITL_CLIENT_TIMEOUT_MS);
+        try {
+            return await this.client.execute({
+                credentialId: rule.credentialId,
+                action: rule.action,
+                params: Object.keys(params ?? {}).length > 0 ? params : undefined,
+                target: { url, method, headers, body },
+                injection: rule.injection,
+                timeout,
+            });
+        }
+        catch (error) {
+            if (error instanceof BastionForbiddenError) {
+                throw new BastionBlockedError(error.message);
+            }
+            // Network-level failure (TypeError from fetch, or any non-HTTP error)
+            if (error instanceof TypeError || isNetworkError(error)) {
+                throw new BastionUnreachableError(`Bastion server unreachable: ${error instanceof Error ? error.message : String(error)}`);
+            }
+            throw error;
+        }
+    }
+    /** Check Bastion server availability. Returns false if unreachable. */
+    async healthCheck() {
+        try {
+            await this.client.health();
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+}
+function isNetworkError(error) {
+    if (!(error instanceof Error))
+        return false;
+    // Node fetch throws TypeError for network errors; also check for ECONNREFUSED etc.
+    return (error.message.includes('ECONNREFUSED') ||
+        error.message.includes('ENOTFOUND') ||
+        error.message.includes('fetch failed'));
+}
+//# sourceMappingURL=bastionBridge.js.map

package/dist/bastionBridge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bastionBridge.js","sourceRoot":"","sources":["../src/bastionBridge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAC3E,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAGhD,kGAAkG;AAClG,MAAM,sBAAsB,GAAG,OAAO,CAAC;AAEvC,MAAM,OAAO,aAAa;IACP,MAAM,CAAgB;IACtB,cAAc,CAAS;IAExC,YAAY,SAAiB,EAAE,WAAmB,EAAE,cAAc,GAAG,MAAM;QACzE,IAAI,CAAC,MAAM,GAAG,IAAI,aAAa,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QAC7E,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;IACvC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAChB,IAAkB,EAClB,QAAiC;QAEjC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAW,CAAC;QACtC,MAAM,MAAM,GAAG,OAAO,QAAQ,CAAC,QAAQ,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACnF,MAAM,OAAO,GACX,OAAO,QAAQ,CAAC,SAAS,CAAC,KAAK,QAAQ,IAAI,QAAQ,CAAC,SAAS,CAAC,KAAK,IAAI;YACrE,CAAC,CAAE,QAAQ,CAAC,SAAS,CAA4B;YACjD,CAAC,CAAC,EAAE,CAAC;QACT,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC9B,MAAM,gBAAgB,GACpB,OAAO,QAAQ,CAAC,SAAS,CAAC,KAAK,QAAQ,IAAI,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC;YAChE,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;YACrB,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;QAE1B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAE9E,qFAAqF;QACrF,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,sBAAsB,CAAC,CAAC;QAEnE,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;gBAC/B,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;gBACjE,MAAM,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE;gBACtC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,OAAO;aACR,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,qBAAqB,EAAE,CAAC;gBAC3C,MAAM,IAAI,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC/C,CAAC;YACD,sEAAsE;YACtE,IAAI,KAAK,YAAY,SAAS,IAAI,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxD,MAAM,IAAI,uBAAuB,CAC/B,+BAA+B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACxF,CAAC;YACJ,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC,CAAC,KAAK,YAAY,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5C,mFAAmF;IACnF,OAAO,CACL,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;QACtC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;QACnC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CACvC,CAAC;AACJ,CAAC"}

package/dist/errors.d.ts

@@ -0,0 +1,7 @@
+export declare class BastionUnreachableError extends Error {
+    constructor(message: string);
+}
+export declare class BastionBlockedError extends Error {
+    constructor(message: string);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,uBAAwB,SAAQ,KAAK;gBACpC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI5B"}

package/dist/errors.js

@@ -0,0 +1,13 @@
+export class BastionUnreachableError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'BastionUnreachableError';
+    }
+}
+export class BastionBlockedError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'BastionBlockedError';
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAChD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export { default } from './plugin.js';
+export { BASTION_FETCH_TOOL_NAME } from './plugin.js';
+export type { BastionPluginConfig, BastionFetchResponse, BastionFetchToolInput, InterceptionRule, SecretValue, InjectionConfig, } from './types.js';
+export { BastionUnreachableError, BastionBlockedError } from './errors.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AACtD,YAAY,EACV,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,WAAW,EACX,eAAe,GAChB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC"}

package/dist/index.js

@@ -0,0 +1,4 @@
+export { default } from './plugin.js';
+export { BASTION_FETCH_TOOL_NAME } from './plugin.js';
+export { BastionUnreachableError, BastionBlockedError } from './errors.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAStD,OAAO,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC"}

package/dist/plugin.d.ts

@@ -0,0 +1,4 @@
+import type { OpenClawPluginApi } from './types.js';
+export declare const BASTION_FETCH_TOOL_NAME = "bastion_fetch";
+export default function bastionPlugin(api: OpenClawPluginApi): Promise<void>;
+//# sourceMappingURL=plugin.d.ts.map

package/dist/plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACV,iBAAiB,EAKlB,MAAM,YAAY,CAAC;AAEpB,eAAO,MAAM,uBAAuB,kBAAkB,CAAC;AAqHvD,wBAA8B,aAAa,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAgFjF"}

package/dist/plugin.js

@@ -0,0 +1,177 @@
+import { resolveSecret } from './secretRef.js';
+import { compileRules, matchRule, matchRuleByUrl } from './ruleEngine.js';
+import { adaptToolResult } from './responseAdapter.js';
+import { BastionBridge } from './bastionBridge.js';
+import { BastionUnreachableError, BastionBlockedError } from './errors.js';
+export const BASTION_FETCH_TOOL_NAME = 'bastion_fetch';
+const HTTP_METHODS = ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'];
+const BASTION_FETCH_TOOL_SCHEMA = {
+    type: 'object',
+    additionalProperties: false,
+    required: ['url'],
+    properties: {
+        url: {
+            type: 'string',
+            description: 'Absolute URL to request through Bastion.',
+        },
+        method: {
+            type: 'string',
+            enum: [...HTTP_METHODS],
+            description: 'HTTP method. Defaults to GET.',
+        },
+        headers: {
+            type: 'object',
+            description: 'Optional request headers.',
+            additionalProperties: {
+                type: 'string',
+            },
+        },
+        body: {
+            description: 'Optional JSON request body forwarded through Bastion.',
+        },
+        timeout: {
+            type: 'number',
+            minimum: 1,
+            description: 'Optional per-request timeout in milliseconds.',
+        },
+    },
+};
+function validateConfig(config) {
+    if (!config || typeof config !== 'object') {
+        throw new Error('Bastion plugin: config is required');
+    }
+    const c = config;
+    if (!c['serverUrl'] || typeof c['serverUrl'] !== 'string') {
+        throw new Error('Bastion plugin: config.serverUrl is required and must be a string');
+    }
+    if (c['agentSecret'] === undefined || c['agentSecret'] === null) {
+        throw new Error('Bastion plugin: config.agentSecret is required');
+    }
+    if (!Array.isArray(c['rules']) || c['rules'].length === 0) {
+        throw new Error('Bastion plugin: config.rules must be a non-empty array');
+    }
+    return c;
+}
+function assertRecord(value, label) {
+    if (!value || typeof value !== 'object' || Array.isArray(value)) {
+        throw new Error(`Bastion plugin: ${label} must be an object`);
+    }
+    return value;
+}
+function normalizeFetchInput(params) {
+    const input = assertRecord(params, 'tool params');
+    if (typeof input['url'] !== 'string' || input['url'].length === 0) {
+        throw new Error('Bastion plugin: url is required');
+    }
+    const method = input['method'] ? String(input['method']).toUpperCase() : 'GET';
+    if (!HTTP_METHODS.includes(method)) {
+        throw new Error(`Bastion plugin: method must be one of ${HTTP_METHODS.join(', ')}`);
+    }
+    let headers;
+    if (input['headers'] !== undefined) {
+        const rawHeaders = assertRecord(input['headers'], 'headers');
+        headers = {};
+        for (const [key, value] of Object.entries(rawHeaders)) {
+            if (typeof value !== 'string') {
+                throw new Error(`Bastion plugin: headers["${key}"] must be a string`);
+            }
+            headers[key] = value;
+        }
+    }
+    let timeout;
+    if (input['timeout'] !== undefined) {
+        if (typeof input['timeout'] !== 'number' || input['timeout'] <= 0) {
+            throw new Error('Bastion plugin: timeout must be a positive number');
+        }
+        timeout = input['timeout'];
+    }
+    return {
+        url: input['url'],
+        method,
+        headers,
+        body: input['body'],
+        timeout,
+    };
+}
+function toToolArgs(input) {
+    return input;
+}
+function normalizeExecutionError(error) {
+    if (error instanceof BastionBlockedError) {
+        return new Error(`Blocked by Bastion policy: ${error.message}`);
+    }
+    if (error instanceof BastionUnreachableError) {
+        return new Error('Bastion server unreachable. Request blocked (fail-closed).');
+    }
+    return error instanceof Error ? error : new Error(String(error));
+}
+export default async function bastionPlugin(api) {
+    // 1. Validate config from the released OpenClaw plugin API surface.
+    const pluginConfig = validateConfig(api.pluginConfig);
+    // 2. Resolve agent secret
+    const agentSecret = await resolveSecret(pluginConfig.agentSecret);
+    // 3. Compile rules (glob → regex) at startup
+    const compiledRules = compileRules(pluginConfig.rules);
+    // 4. Instantiate Bastion bridge
+    const bridge = new BastionBridge(pluginConfig.serverUrl, agentSecret, pluginConfig.timeout);
+    // 5. Non-blocking health check at startup — just warn if unreachable
+    bridge
+        .healthCheck()
+        .then((ok) => {
+        if (!ok) {
+            api.logger.warn(`Bastion plugin: server at ${pluginConfig.serverUrl} is unreachable. ` +
+                `${BASTION_FETCH_TOOL_NAME} requests will fail closed.`);
+        }
+        else {
+            api.logger.info(`Bastion plugin: connected to ${pluginConfig.serverUrl}`);
+        }
+    })
+        .catch(() => {
+        // healthCheck already catches internally — this is just a safety net
+    });
+    // 6. Register the Bastion-backed tool for current OpenClaw releases.
+    api.registerTool({
+        name: BASTION_FETCH_TOOL_NAME,
+        label: 'Bastion Fetch',
+        description: 'Execute outbound HTTP requests through Bastion using configured URL rules.',
+        parameters: BASTION_FETCH_TOOL_SCHEMA,
+        async execute(_toolCallId, params) {
+            const input = normalizeFetchInput(params);
+            const toolArgs = toToolArgs(input);
+            const rule = matchRuleByUrl(toolArgs, compiledRules);
+            if (!rule) {
+                throw new Error(`No Bastion rule matches ${input.url}`);
+            }
+            try {
+                const result = await bridge.executeProxy(rule, toolArgs);
+                return adaptToolResult(result, input.url);
+            }
+            catch (error) {
+                throw normalizeExecutionError(error);
+            }
+        },
+    });
+    // 7. Register a bypass-blocking hook for tools explicitly listed in rules.
+    api.on('before_tool_call', (event) => {
+        const { toolName, params } = event;
+        if (toolName === BASTION_FETCH_TOOL_NAME) {
+            return undefined;
+        }
+        const rule = matchRule(toolName, params, compiledRules);
+        if (!rule) {
+            return undefined;
+        }
+        const url = typeof params['url'] === 'string' ? params['url'] : 'the requested URL';
+        return {
+            block: true,
+            blockReason: `Requests to ${url} must use ${BASTION_FETCH_TOOL_NAME} so Bastion can enforce policy and inject credentials.`,
+        };
+    });
+    // 8. Register service for lifecycle awareness
+    api.registerService({
+        id: 'bastion-fetch',
+        start: () => api.logger.info('Bastion fetch plugin active'),
+        stop: () => api.logger.info('Bastion fetch plugin stopped'),
+    });
+}
+//# sourceMappingURL=plugin.js.map

package/dist/plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"plugin.js","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAC1E,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAS3E,MAAM,CAAC,MAAM,uBAAuB,GAAG,eAAe,CAAC;AAEvD,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAU,CAAC;AAE3F,MAAM,yBAAyB,GAAG;IAChC,IAAI,EAAE,QAAQ;IACd,oBAAoB,EAAE,KAAK;IAC3B,QAAQ,EAAE,CAAC,KAAK,CAAC;IACjB,UAAU,EAAE;QACV,GAAG,EAAE;YACH,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,0CAA0C;SACxD;QACD,MAAM,EAAE;YACN,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,GAAG,YAAY,CAAC;YACvB,WAAW,EAAE,+BAA+B;SAC7C;QACD,OAAO,EAAE;YACP,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,2BAA2B;YACxC,oBAAoB,EAAE;gBACpB,IAAI,EAAE,QAAQ;aACf;SACF;QACD,IAAI,EAAE;YACJ,WAAW,EAAE,uDAAuD;SACrE;QACD,OAAO,EAAE;YACP,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,CAAC;YACV,WAAW,EAAE,+CAA+C;SAC7D;KACF;CACgC,CAAC;AAEpC,SAAS,cAAc,CAAC,MAAe;IACrC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,MAAM,CAAC,GAAG,MAAiC,CAAC;IAE5C,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,CAAC,WAAW,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACvF,CAAC;IACD,IAAI,CAAC,CAAC,aAAa,CAAC,KAAK,SAAS,IAAI,CAAC,CAAC,aAAa,CAAC,KAAK,IAAI,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO,CAAmC,CAAC;AAC7C,CAAC;AAED,SAAS,YAAY,CAAC,KAAc,EAAE,KAAa;IACjD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,mBAAmB,KAAK,oBAAoB,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAgC,CAAC;AAC1C,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAe;IAC1C,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAElD,IAAI,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,QAAQ,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;IAC/E,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAuC,CAAC,EAAE,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,yCAAyC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtF,CAAC;IAED,IAAI,OAA2C,CAAC;IAChD,IAAI,KAAK,CAAC,SAAS,CAAC,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,CAAC;QAC7D,OAAO,GAAG,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YACtD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,qBAAqB,CAAC,CAAC;YACxE,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACvB,CAAC;IACH,CAAC;IAED,IAAI,OAA2B,CAAC;IAChC,IAAI,KAAK,CAAC,SAAS,CAAC,KAAK,SAAS,EAAE,CAAC;QACnC,IAAI,OAAO,KAAK,CAAC,SAAS,CAAC,KAAK,QAAQ,IAAI,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YAClE,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO;QACL,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC;QACjB,MAAM;QACN,OAAO;QACP,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC;QACnB,OAAO;KACR,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,KAA4B;IAC9C,OAAO,KAA2C,CAAC;AACrD,CAAC;AAED,SAAS,uBAAuB,CAAC,KAAc;IAC7C,IAAI,KAAK,YAAY,mBAAmB,EAAE,CAAC;QACzC,OAAO,IAAI,KAAK,CAAC,8BAA8B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,KAAK,YAAY,uBAAuB,EAAE,CAAC;QAC7C,OAAO,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;IACjF,CAAC;IACD,OAAO,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,aAAa,CAAC,GAAsB;IAChE,oEAAoE;IACpE,MAAM,YAAY,GAAG,cAAc,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAEtD,0BAA0B;IAC1B,MAAM,WAAW,GAAG,MAAM,aAAa,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;IAElE,6CAA6C;IAC7C,MAAM,aAAa,GAAG,YAAY,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAEvD,gCAAgC;IAChC,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,YAAY,CAAC,SAAS,EAAE,WAAW,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;IAE5F,qEAAqE;IACrE,MAAM;SACH,WAAW,EAAE;SACb,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE;QACX,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,6BAA6B,YAAY,CAAC,SAAS,mBAAmB;gBACpE,GAAG,uBAAuB,6BAA6B,CAC1D,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,YAAY,CAAC,SAAS,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,EAAE;QACV,qEAAqE;IACvE,CAAC,CAAC,CAAC;IAEL,qEAAqE;IACrE,GAAG,CAAC,YAAY,CAAC;QACf,IAAI,EAAE,uBAAuB;QAC7B,KAAK,EAAE,eAAe;QACtB,WAAW,EACT,4EAA4E;QAC9E,UAAU,EAAE,yBAAyB;QACrC,KAAK,CAAC,OAAO,CAAC,WAA+B,EAAE,MAAe;YAC5D,MAAM,KAAK,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,cAAc,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;YAErD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;YAC1D,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;gBACzD,OAAO,eAAe,CAAC,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;YAC5C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;KACF,CAAC,CAAC;IAEH,2EAA2E;IAC3E,GAAG,CAAC,EAAE,CAAC,kBAAkB,EAAE,CAAC,KAAc,EAAoB,EAAE;QAC9D,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,KAAwB,CAAC;QACtD,IAAI,QAAQ,KAAK,uBAAuB,EAAE,CAAC;YACzC,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;QACxD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,GAAG,GAAG,OAAO,MAAM,CAAC,KAAK,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC;QACpF,OAAO;YACL,KAAK,EAAE,IAAI;YACX,WAAW,EAAE,eAAe,GAAG,aAAa,uBAAuB,wDAAwD;SAC5H,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,8CAA8C;IAC9C,GAAG,CAAC,eAAe,CAAC;QAClB,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC;QAC3D,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC;KAC5D,CAAC,CAAC;AACL,CAAC"}

package/dist/responseAdapter.d.ts

@@ -0,0 +1,10 @@
+import type { ProxyExecuteResult } from '@bastion-ai/sdk';
+import type { BastionFetchResponse, OpenClawToolResult } from './types.js';
+export declare function buildBastionResponse(result: ProxyExecuteResult, originalUrl: string): BastionFetchResponse;
+/**
+ * Adapt the Bastion response into a standard OpenClaw tool result.
+ * `details` keeps the structured payload, while `content` gives the model a
+ * readable JSON summary in the same turn.
+ */
+export declare function adaptToolResult(result: ProxyExecuteResult, originalUrl: string): OpenClawToolResult;
+//# sourceMappingURL=responseAdapter.d.ts.map

package/dist/responseAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"responseAdapter.d.ts","sourceRoot":"","sources":["../src/responseAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,KAAK,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAE3E,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,kBAAkB,EAC1B,WAAW,EAAE,MAAM,GAClB,oBAAoB,CAgBtB;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,kBAAkB,EAC1B,WAAW,EAAE,MAAM,GAClB,kBAAkB,CAYpB"}

package/dist/responseAdapter.js

@@ -0,0 +1,35 @@
+export function buildBastionResponse(result, originalUrl) {
+    return {
+        status: result.upstream.status,
+        headers: result.upstream.headers,
+        body: result.upstream.body ?? null,
+        url: originalUrl,
+        _bastion: {
+            credentialId: result.meta.credentialId,
+            action: result.meta.action,
+            policyDecision: result.meta.policyDecision,
+            durationMs: result.meta.durationMs,
+            ...(result.meta.hitlRequestId !== undefined
+                ? { hitlRequestId: result.meta.hitlRequestId }
+                : {}),
+        },
+    };
+}
+/**
+ * Adapt the Bastion response into a standard OpenClaw tool result.
+ * `details` keeps the structured payload, while `content` gives the model a
+ * readable JSON summary in the same turn.
+ */
+export function adaptToolResult(result, originalUrl) {
+    const payload = buildBastionResponse(result, originalUrl);
+    return {
+        content: [
+            {
+                type: 'text',
+                text: JSON.stringify(payload, null, 2),
+            },
+        ],
+        details: payload,
+    };
+}
+//# sourceMappingURL=responseAdapter.js.map

package/dist/responseAdapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"responseAdapter.js","sourceRoot":"","sources":["../src/responseAdapter.ts"],"names":[],"mappings":"AAGA,MAAM,UAAU,oBAAoB,CAClC,MAA0B,EAC1B,WAAmB;IAEnB,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;QAC9B,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO;QAChC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI;QAClC,GAAG,EAAE,WAAW;QAChB,QAAQ,EAAE;YACR,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY;YACtC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM;YAC1B,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc;YAC1C,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;YAClC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,KAAK,SAAS;gBACzC,CAAC,CAAC,EAAE,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE;gBAC9C,CAAC,CAAC,EAAE,CAAC;SACR;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAC7B,MAA0B,EAC1B,WAAmB;IAEnB,MAAM,OAAO,GAAG,oBAAoB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAE1D,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;aACvC;SACF;QACD,OAAO,EAAE,OAAO;KACjB,CAAC;AACJ,CAAC"}

package/dist/ruleEngine.d.ts

@@ -0,0 +1,23 @@
+import type { InterceptionRule, ParamsMapping } from './types.js';
+export interface CompiledRule extends InterceptionRule {
+    urlRegex: RegExp;
+}
+/** Compile all rules, converting urlPattern globs to RegExp at startup. */
+export declare function compileRules(rules: InterceptionRule[]): CompiledRule[];
+/**
+ * Find the first matching rule for this tool call.
+ * Only rules with an explicit `tool` are considered, since this matcher is
+ * used for bypass-blocking hooks on built-in tools like `web_fetch`.
+ */
+export declare function matchRule(toolName: string, toolArgs: Record<string, unknown>, rules: CompiledRule[]): CompiledRule | null;
+/**
+ * Find the first matching rule by URL only.
+ * Used by the plugin's registered `bastion_fetch` tool.
+ */
+export declare function matchRuleByUrl(toolArgs: Record<string, unknown>, rules: CompiledRule[]): CompiledRule | null;
+/** Extract Bastion policy params from tool args using a ParamsMapping. */
+export declare function extractParams(args: Record<string, unknown>, mapping: ParamsMapping): {
+    amount?: number;
+    ip?: string;
+};
+//# sourceMappingURL=ruleEngine.d.ts.map

package/dist/ruleEngine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ruleEngine.d.ts","sourceRoot":"","sources":["../src/ruleEngine.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAElE,MAAM,WAAW,YAAa,SAAQ,gBAAgB;IACpD,QAAQ,EAAE,MAAM,CAAC;CAClB;AA+BD,2EAA2E;AAC3E,wBAAgB,YAAY,CAAC,KAAK,EAAE,gBAAgB,EAAE,GAAG,YAAY,EAAE,CAKtE;AAMD;;;;GAIG;AACH,wBAAgB,SAAS,CACvB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,KAAK,EAAE,YAAY,EAAE,GACpB,YAAY,GAAG,IAAI,CAWrB;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,KAAK,EAAE,YAAY,EAAE,GACpB,YAAY,GAAG,IAAI,CAWrB;AAaD,0EAA0E;AAC1E,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,aAAa,GACrB;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,EAAE,CAAC,EAAE,MAAM,CAAA;CAAE,CAqBlC"}

package/dist/ruleEngine.js

@@ -0,0 +1,103 @@
+/**
+ * Converts a glob URL pattern to a RegExp.
+ * - `**` matches anything (including path separators)
+ * - `*` matches any character except `/`
+ * - All other characters are escaped
+ */
+function globToRegex(pattern) {
+    let regexStr = '';
+    for (let i = 0; i < pattern.length; i++) {
+        const ch = pattern[i];
+        if (ch === '*' && pattern[i + 1] === '*') {
+            regexStr += '.*';
+            i++; // skip second *
+            // skip optional trailing slash after **
+            if (pattern[i + 1] === '/') {
+                regexStr += '/?';
+                i++;
+            }
+        }
+        else if (ch === '*') {
+            regexStr += '[^/]*';
+        }
+        else {
+            regexStr += ch.replace(/[.+^${}()|[\]\\]/g, '\\$&');
+        }
+    }
+    return new RegExp(`^${regexStr}$`);
+}
+/** Compile all rules, converting urlPattern globs to RegExp at startup. */
+export function compileRules(rules) {
+    return rules.map((rule) => ({
+        ...rule,
+        urlRegex: globToRegex(rule.urlPattern),
+    }));
+}
+function getUrl(toolArgs) {
+    return typeof toolArgs['url'] === 'string' ? toolArgs['url'] : null;
+}
+/**
+ * Find the first matching rule for this tool call.
+ * Only rules with an explicit `tool` are considered, since this matcher is
+ * used for bypass-blocking hooks on built-in tools like `web_fetch`.
+ */
+export function matchRule(toolName, toolArgs, rules) {
+    const url = getUrl(toolArgs);
+    if (!url)
+        return null;
+    for (const rule of rules) {
+        if (rule.tool === toolName && rule.urlRegex.test(url)) {
+            return rule;
+        }
+    }
+    return null;
+}
+/**
+ * Find the first matching rule by URL only.
+ * Used by the plugin's registered `bastion_fetch` tool.
+ */
+export function matchRuleByUrl(toolArgs, rules) {
+    const url = getUrl(toolArgs);
+    if (!url)
+        return null;
+    for (const rule of rules) {
+        if (rule.urlRegex.test(url)) {
+            return rule;
+        }
+    }
+    return null;
+}
+/** Resolve a dot-path like "body.amount" against an args object. */
+function resolvePath(args, path) {
+    const parts = path.split('.');
+    let current = args;
+    for (const part of parts) {
+        if (current === null || typeof current !== 'object')
+            return undefined;
+        current = current[part];
+    }
+    return current;
+}
+/** Extract Bastion policy params from tool args using a ParamsMapping. */
+export function extractParams(args, mapping) {
+    const result = {};
+    if (mapping.amount !== undefined) {
+        const raw = resolvePath(args, mapping.amount);
+        if (typeof raw === 'number') {
+            result.amount = raw;
+        }
+        else if (typeof raw === 'string') {
+            const parsed = parseFloat(raw);
+            if (!isNaN(parsed))
+                result.amount = parsed;
+        }
+    }
+    if (mapping.ip !== undefined) {
+        const raw = resolvePath(args, mapping.ip);
+        if (typeof raw === 'string') {
+            result.ip = raw;
+        }
+    }
+    return result;
+}
+//# sourceMappingURL=ruleEngine.js.map

package/dist/ruleEngine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ruleEngine.js","sourceRoot":"","sources":["../src/ruleEngine.ts"],"names":[],"mappings":"AAMA;;;;;GAKG;AACH,SAAS,WAAW,CAAC,OAAe;IAClC,IAAI,QAAQ,GAAG,EAAE,CAAC;IAElB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,EAAE,KAAK,GAAG,IAAI,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YACzC,QAAQ,IAAI,IAAI,CAAC;YACjB,CAAC,EAAE,CAAC,CAAC,gBAAgB;YACrB,wCAAwC;YACxC,IAAI,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAC3B,QAAQ,IAAI,IAAI,CAAC;gBACjB,CAAC,EAAE,CAAC;YACN,CAAC;QACH,CAAC;aAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACtB,QAAQ,IAAI,OAAO,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,QAAQ,IAAI,EAAE,CAAC,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,OAAO,IAAI,MAAM,CAAC,IAAI,QAAQ,GAAG,CAAC,CAAC;AACrC,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,YAAY,CAAC,KAAyB;IACpD,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1B,GAAG,IAAI;QACP,QAAQ,EAAE,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC;KACvC,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,MAAM,CAAC,QAAiC;IAC/C,OAAO,OAAO,QAAQ,CAAC,KAAK,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACtE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CACvB,QAAgB,EAChB,QAAiC,EACjC,KAAqB;IAErB,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC7B,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAC5B,QAAiC,EACjC,KAAqB;IAErB,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC7B,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,oEAAoE;AACpE,SAAS,WAAW,CAAC,IAA6B,EAAE,IAAY;IAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,OAAO,GAAY,IAAI,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,OAAO,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QACtE,OAAO,GAAI,OAAmC,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,0EAA0E;AAC1E,MAAM,UAAU,aAAa,CAC3B,IAA6B,EAC7B,OAAsB;IAEtB,MAAM,MAAM,GAAqC,EAAE,CAAC;IAEpD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,CAAC,MAAM,GAAG,GAAG,CAAC;QACtB,CAAC;aAAM,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACnC,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;gBAAE,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QAC1C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,CAAC,EAAE,GAAG,GAAG,CAAC;QAClB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/secretRef.d.ts

@@ -0,0 +1,7 @@
+import type { SecretValue } from './types.js';
+/**
+ * Resolves a SecretValue to a plain string at runtime.
+ * Supports plain strings, $env, $file, and $exec sources.
+ */
+export declare function resolveSecret(ref: SecretValue): Promise<string>;
+//# sourceMappingURL=secretRef.d.ts.map

package/dist/secretRef.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secretRef.d.ts","sourceRoot":"","sources":["../src/secretRef.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C;;;GAGG;AACH,wBAAsB,aAAa,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAwBrE"}

package/dist/secretRef.js

@@ -0,0 +1,32 @@
+import { readFileSync } from 'fs';
+import { execSync } from 'child_process';
+/**
+ * Resolves a SecretValue to a plain string at runtime.
+ * Supports plain strings, $env, $file, and $exec sources.
+ */
+export async function resolveSecret(ref) {
+    let value;
+    if (typeof ref === 'string') {
+        value = ref;
+    }
+    else if ('$env' in ref) {
+        const envValue = process.env[ref.$env];
+        if (!envValue) {
+            throw new Error(`Environment variable "${ref.$env}" is not set or empty`);
+        }
+        value = envValue;
+    }
+    else if ('$file' in ref) {
+        const contents = readFileSync(ref.$file, 'utf8');
+        value = contents.trim();
+    }
+    else {
+        const stdout = execSync(ref.$exec, { encoding: 'utf8' });
+        value = stdout.trim();
+    }
+    if (!value) {
+        throw new Error('Resolved secret is empty');
+    }
+    return value;
+}
+//# sourceMappingURL=secretRef.js.map

package/dist/secretRef.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secretRef.js","sourceRoot":"","sources":["../src/secretRef.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGzC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAAgB;IAClD,IAAI,KAAa,CAAC;IAElB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,KAAK,GAAG,GAAG,CAAC;IACd,CAAC;SAAM,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,IAAI,uBAAuB,CAAC,CAAC;QAC5E,CAAC;QACD,KAAK,GAAG,QAAQ,CAAC;IACnB,CAAC;SAAM,IAAI,OAAO,IAAI,GAAG,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACjD,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;QACzD,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,111 @@
+export interface OpenClawLogger {
+    info(msg: string): void;
+    warn(msg: string): void;
+    error(msg: string): void;
+}
+export interface OpenClawService {
+    id: string;
+    start?: () => void;
+    stop?: () => void;
+}
+export interface OpenClawToolTextContent {
+    type: 'text';
+    text: string;
+}
+export interface OpenClawToolResult {
+    content: OpenClawToolTextContent[];
+    details?: unknown;
+}
+export interface OpenClawToolDefinition {
+    name: string;
+    label?: string;
+    description: string;
+    parameters: Record<string, unknown>;
+    execute(toolCallId: string | undefined, params: unknown): Promise<OpenClawToolResult> | OpenClawToolResult;
+}
+export interface OpenClawPluginApi {
+    pluginConfig?: Record<string, unknown>;
+    on(event: string, handler: (...args: unknown[]) => unknown): void;
+    registerTool(tool: OpenClawToolDefinition): void;
+    registerService(service: OpenClawService): void;
+    logger: OpenClawLogger;
+}
+export interface BeforeCallEvent {
+    toolName: string;
+    params: Record<string, unknown>;
+    runId?: string;
+    toolCallId?: string;
+}
+export type BeforeCallResult = {
+    params?: Record<string, unknown>;
+    block?: boolean;
+    blockReason?: string;
+} | undefined;
+/** Resolves to a secret string at runtime. */
+export type SecretValue = string | {
+    $env: string;
+} | {
+    $file: string;
+} | {
+    $exec: string;
+};
+export interface InjectionConfig {
+    location: 'header' | 'query' | 'body';
+    key: string;
+}
+/**
+ * Dot-path mappings from tool args into Bastion policy params.
+ * e.g. amount: "body.amount" extracts args.body.amount as a number.
+ */
+export interface ParamsMapping {
+    amount?: string;
+    ip?: string;
+}
+export interface InterceptionRule {
+    /**
+     * Optional tool name to block for this URL pattern.
+     * Example: "web_fetch" to prevent bypassing `bastion_fetch`.
+     */
+    tool?: string;
+    /** Glob pattern for the URL (e.g. "https://api.stripe.com/**"). */
+    urlPattern: string;
+    /** Bastion credential ID to use for this call. */
+    credentialId: string;
+    /** Bastion action name (e.g. "stripe.charges"). */
+    action: string;
+    /** Override default credential injection location. */
+    injection?: InjectionConfig;
+    /** Extract policy params from tool args. */
+    params?: ParamsMapping;
+}
+export interface BastionPluginConfig {
+    /** URL of the Bastion server (e.g. "http://localhost:3000"). */
+    serverUrl: string;
+    /** Agent secret (bst_... token) — supports SecretRef pattern. */
+    agentSecret: SecretValue;
+    /** Ordered list of protected routes. First match wins. */
+    rules: InterceptionRule[];
+    /** Request timeout in ms. Default: 30000. */
+    timeout?: number;
+}
+export interface BastionFetchToolInput {
+    url: string;
+    method?: string;
+    headers?: Record<string, string>;
+    body?: unknown;
+    timeout?: number;
+}
+export interface BastionFetchResponse {
+    status: number;
+    headers: Record<string, string>;
+    body: unknown | null;
+    url: string;
+    _bastion: {
+        credentialId: string;
+        action: string;
+        policyDecision: string;
+        durationMs: number;
+        hitlRequestId?: string;
+    };
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,cAAc;IAC7B,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,IAAI,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,IAAI,CAAC;CACnB;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,uBAAuB,EAAE,CAAC;IACnC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,OAAO,CACL,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,MAAM,EAAE,OAAO,GACd,OAAO,CAAC,kBAAkB,CAAC,GAAG,kBAAkB,CAAC;CACrD;AAED,MAAM,WAAW,iBAAiB;IAChC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,GAAG,IAAI,CAAC;IAClE,YAAY,CAAC,IAAI,EAAE,sBAAsB,GAAG,IAAI,CAAC;IACjD,eAAe,CAAC,OAAO,EAAE,eAAe,GAAG,IAAI,CAAC;IAChD,MAAM,EAAE,cAAc,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,gBAAgB,GACxB;IACE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GACD,SAAS,CAAC;AAId,8CAA8C;AAC9C,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAE5F,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;IACtC,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mEAAmE;IACnE,UAAU,EAAE,MAAM,CAAC;IACnB,kDAAkD;IAClD,YAAY,EAAE,MAAM,CAAC;IACrB,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;IACf,sDAAsD;IACtD,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,4CAA4C;IAC5C,MAAM,CAAC,EAAE,aAAa,CAAC;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,gEAAgE;IAChE,SAAS,EAAE,MAAM,CAAC;IAClB,iEAAiE;IACjE,WAAW,EAAE,WAAW,CAAC;IACzB,0DAA0D;IAC1D,KAAK,EAAE,gBAAgB,EAAE,CAAC;IAC1B,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,qBAAqB;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE;QACR,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC;QACf,cAAc,EAAE,MAAM,CAAC;QACvB,UAAU,EAAE,MAAM,CAAC;QACnB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;CACH"}

package/dist/types.js

@@ -0,0 +1,3 @@
+// ── OpenClaw Plugin API (minimal surface — aligned to released runtime) ──────
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,gFAAgF"}

package/openclaw.plugin.json

@@ -0,0 +1,92 @@
+{
+  "id": "bastion-fetch",
+  "name": "Bastion Fetch",
+  "version": "0.1.0",
+  "description": "Secure outbound HTTP requests with Bastion — credential vault, policy engine, HITL gate, audit trail",
+  "uiHints": {
+    "serverUrl": {
+      "label": "Bastion Server URL",
+      "placeholder": "http://localhost:3000"
+    },
+    "agentSecret": {
+      "label": "Agent Secret",
+      "sensitive": true
+    },
+    "rules": {
+      "label": "Protected Routes"
+    },
+    "timeout": {
+      "label": "Default Timeout (ms)",
+      "advanced": true
+    }
+  },
+  "configSchema": {
+    "type": "object",
+    "additionalProperties": false,
+    "required": ["serverUrl", "agentSecret", "rules"],
+    "properties": {
+      "serverUrl": {
+        "type": "string",
+        "description": "URL of your Bastion server (e.g. http://localhost:3000)"
+      },
+      "agentSecret": {
+        "description": "Agent secret (bst_... token). Supports $env, $file, $exec SecretRef."
+      },
+      "rules": {
+        "type": "array",
+        "minItems": 1,
+        "description": "Ordered list of protected routes. First match wins.",
+        "items": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": ["urlPattern", "credentialId", "action"],
+          "properties": {
+            "tool": {
+              "type": "string",
+              "description": "Optional built-in tool to block for matching URLs (e.g. web_fetch)"
+            },
+            "urlPattern": {
+              "type": "string"
+            },
+            "credentialId": {
+              "type": "string"
+            },
+            "action": {
+              "type": "string"
+            },
+            "injection": {
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "location": {
+                  "type": "string",
+                  "enum": ["header", "query", "body"]
+                },
+                "key": {
+                  "type": "string"
+                }
+              }
+            },
+            "params": {
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "amount": {
+                  "type": "string"
+                },
+                "ip": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        }
+      },
+      "timeout": {
+        "type": "number",
+        "default": 30000,
+        "description": "Default request timeout in milliseconds"
+      }
+    }
+  }
+}

package/package.json

@@ -0,0 +1,67 @@
+{
+  "name": "@bastion-ai/openclaw-plugin",
+  "version": "0.1.0",
+  "description": "OpenClaw plugin for Bastion — adds a Bastion-backed HTTP tool and blocks direct bypasses for protected URLs",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "homepage": "https://github.com/Matthieuhakim/Bastion#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Matthieuhakim/Bastion.git",
+    "directory": "packages/openclaw-plugin"
+  },
+  "bugs": {
+    "url": "https://github.com/Matthieuhakim/Bastion/issues"
+  },
+  "keywords": [
+    "ai",
+    "agents",
+    "security",
+    "proxy",
+    "audit",
+    "openclaw",
+    "plugin",
+    "typescript"
+  ],
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "openclaw": {
+    "extensions": ["./dist/index.js"],
+    "install": {
+      "npmSpec": "@bastion-ai/openclaw-plugin",
+      "defaultChoice": "npm"
+    }
+  },
+  "files": ["dist", "openclaw.plugin.json"],
+  "sideEffects": false,
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=22.0.0"
+  },
+  "peerDependencies": {
+    "openclaw": ">=2026.3.13"
+  },
+  "scripts": {
+    "clean": "node --eval \"require('node:fs').rmSync('dist', { recursive: true, force: true })\"",
+    "build": "npm run clean && tsc",
+    "dev": "tsc --watch",
+    "prepack": "npm run build",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  },
+  "dependencies": {
+    "@bastion-ai/sdk": "^0.1.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.7.0",
+    "vitest": "^3.0.0"
+  }
+}