@byteplus/agent-sentry 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +107 -0
- package/RELEASE_NOTES.md +24 -0
- package/agent-sentry/SKILL.md +53 -0
- package/bundle.js +210390 -0
- package/openclaw.plugin.json +232 -0
- package/package.json +77 -0
- package/provider-discovery.js +130 -0
package/README.md
ADDED
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
# AgentSentry (OpenClaw Security Plugin)
|
|
2
|
+
|
|
3
|
+
`agent-sentry` is a security plugin for OpenClaw. It audits LLM traffic and key Agent lifecycle hook points to reduce harmful requests and sensitive data leakage.
|
|
4
|
+
|
|
5
|
+
## Breaking rename migration notice
|
|
6
|
+
|
|
7
|
+
This release performs a **breaking external brand rename** from **ClawSentry** to **AgentSentry**. Old external entrypoints are **not compatible** in code after this change.
|
|
8
|
+
|
|
9
|
+
| Old external entrypoint | New external entrypoint |
|
|
10
|
+
| --- | --- |
|
|
11
|
+
| `claw-sentry` | `agent-sentry` |
|
|
12
|
+
| `plugins.entries.claw-sentry` | `plugins.entries.agent-sentry` |
|
|
13
|
+
| `/clawSentry` | `/agentSentry` |
|
|
14
|
+
| `/cs` | `/as` |
|
|
15
|
+
| `clawSentryListConfig` | `agentSentryListConfig` |
|
|
16
|
+
| `clawSentryListInfo` | `agentSentryListInfo` |
|
|
17
|
+
| `clawSentryListAvailableTools` | `agentSentryListAvailableTools` |
|
|
18
|
+
|
|
19
|
+
## Requirements
|
|
20
|
+
|
|
21
|
+
- OpenClaw: `>=2026.4.14`
|
|
22
|
+
- Node.js: `>=22`
|
|
23
|
+
|
|
24
|
+
## Install
|
|
25
|
+
|
|
26
|
+
### Volcengine
|
|
27
|
+
|
|
28
|
+
```bash
|
|
29
|
+
openclaw plugins install @volcengine/agent-sentry
|
|
30
|
+
openclaw config set plugins.entries.agent-sentry.hooks.allowConversationAccess true
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
### BytePlus
|
|
34
|
+
|
|
35
|
+
```bash
|
|
36
|
+
openclaw plugins install @byteplus/agent-sentry
|
|
37
|
+
openclaw config set plugins.entries.agent-sentry.hooks.allowConversationAccess true
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
## Enable
|
|
41
|
+
|
|
42
|
+
After installing the plugin package, enable it and restart the gateway:
|
|
43
|
+
|
|
44
|
+
```bash
|
|
45
|
+
openclaw plugins enable agent-sentry
|
|
46
|
+
openclaw gateway restart
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
## Configuration
|
|
50
|
+
|
|
51
|
+
Configure the plugin in your OpenClaw config (fields are aligned with `openclaw.plugin.json`):
|
|
52
|
+
|
|
53
|
+
```yaml
|
|
54
|
+
plugins:
|
|
55
|
+
entries:
|
|
56
|
+
agent-sentry:
|
|
57
|
+
enabled: true
|
|
58
|
+
config:
|
|
59
|
+
# Required
|
|
60
|
+
apiKey: "<encrypted-api-key>"
|
|
61
|
+
clawId: "<claw-id>"
|
|
62
|
+
ctEndpoint: "https://<control-endpoint>"
|
|
63
|
+
lmEndpoint: "https://<moderation-endpoint>"
|
|
64
|
+
|
|
65
|
+
# Optional
|
|
66
|
+
asClawId: "<as-claw-id>"
|
|
67
|
+
configVersion: "<version-string>"
|
|
68
|
+
openClawDir: "<path-to-openclaw-state-dir>"
|
|
69
|
+
|
|
70
|
+
# Behavior
|
|
71
|
+
logRecord: false
|
|
72
|
+
# enableFetch is deprecated since 1.5.0-dlp and is now a no-op; DLP runs
|
|
73
|
+
# via before_dispatch + before_prompt_build (see dlpInputGate below).
|
|
74
|
+
enableFetch: false
|
|
75
|
+
enableBeforeToolCall: true
|
|
76
|
+
enableAfterToolCall: true
|
|
77
|
+
enableHeartbeat: true
|
|
78
|
+
timeoutMs: 30000
|
|
79
|
+
failureThreshold: 3
|
|
80
|
+
retryInterval: 60
|
|
81
|
+
maxRetryInterval: 3600
|
|
82
|
+
# Optional input-side DLP enforcement mode for before_dispatch.
|
|
83
|
+
# 'marker_only' (default) keeps the user message and lets
|
|
84
|
+
# before_prompt_build inject a system reminder. 'direct_block' returns
|
|
85
|
+
# {handled:true, text:securityReason} from before_dispatch.
|
|
86
|
+
dlpInputGate:
|
|
87
|
+
mode: marker_only
|
|
88
|
+
language: "en" # or "zh"
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
## Hooks & auditing
|
|
92
|
+
|
|
93
|
+
- `before_dispatch` + `before_prompt_build`: collect moderation results and inject safe context into prompts.
|
|
94
|
+
- `before_tool_call`: audit tool name/params (and optional tool-result context). The `isGroup` flag is derived from `ctx.sessionKey` (format `agent:<id>:<channel>:group|direct:<target>`).
|
|
95
|
+
- `after_tool_call`: store tool result context for subsequent audits.
|
|
96
|
+
- `llm_input`: capture LLM input (e.g. system prompt) for auditing/traceability.
|
|
97
|
+
- `agent_end`: upload conversation record and clear per-session cached contexts.
|
|
98
|
+
- Degradation/circuit breaker: automatically bypasses checks when the security service is unavailable and probes for recovery.
|
|
99
|
+
|
|
100
|
+
## Development
|
|
101
|
+
|
|
102
|
+
```bash
|
|
103
|
+
pnpm -C openclaw-plugin build
|
|
104
|
+
pnpm -C openclaw-plugin test
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
Publishing scripts are defined in `openclaw-plugin/package.json` (including `beta` and `private` tags).
|
package/RELEASE_NOTES.md
ADDED
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# AgentSentry rename release notes
|
|
2
|
+
|
|
3
|
+
This release introduces a **breaking external rename** from **ClawSentry** to **AgentSentry**.
|
|
4
|
+
|
|
5
|
+
Old external entrypoints are **no longer compatible** after upgrading.
|
|
6
|
+
|
|
7
|
+
| Old external entrypoint | New external entrypoint |
|
|
8
|
+
| --- | --- |
|
|
9
|
+
| `claw-sentry` | `agent-sentry` |
|
|
10
|
+
| `plugins.entries.claw-sentry` | `plugins.entries.agent-sentry` |
|
|
11
|
+
| `/clawSentry` | `/agentSentry` |
|
|
12
|
+
| `/cs` | `/as` |
|
|
13
|
+
| `clawSentryListConfig` | `agentSentryListConfig` |
|
|
14
|
+
| `clawSentryListInfo` | `agentSentryListInfo` |
|
|
15
|
+
| `clawSentryListAvailableTools` | `agentSentryListAvailableTools` |
|
|
16
|
+
|
|
17
|
+
## Required migration steps
|
|
18
|
+
|
|
19
|
+
1. Reinstall or reference the plugin package as `agent-sentry`.
|
|
20
|
+
2. Update OpenClaw config keys from `plugins.entries.claw-sentry` to `plugins.entries.agent-sentry`.
|
|
21
|
+
3. Update slash command usage from `/clawSentry` and `/cs` to `/agentSentry` and `/as`.
|
|
22
|
+
4. Update any tool integrations to the `agentSentry*` identifiers.
|
|
23
|
+
|
|
24
|
+
Protocol compatibility fields such as `clawId`, `ClawID`, `claw_id`, `X-Ai-Claw-Id`, and `pluginType=clawsentry` remain unchanged.
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: agent-sentry
|
|
3
|
+
description: |
|
|
4
|
+
AI Assistant Security (AgentSentry) 安全防护系统,用于查看防护配置、查看配置信息、查看可用工具等。
|
|
5
|
+
Activate when user needs to: 查看防护配置、查看配置信息、查看可用工具、查看AgentSentry可用工具、查看ai-assistant-security-openclaw、查看安全防护、查看安全配置、使用安全工具、打开安全工具、调用安全工具、安全防护工具、安全工具、使用防护工具、打开防护工具、调用防护工具、防护工具。
|
|
6
|
+
metadata:
|
|
7
|
+
{
|
|
8
|
+
"openclaw":
|
|
9
|
+
{
|
|
10
|
+
"emoji": "🛡️",
|
|
11
|
+
"skillKey": "agent-sentry",
|
|
12
|
+
"requires": { "config": ["plugins.entries.agent-sentry.enabled"] },
|
|
13
|
+
},
|
|
14
|
+
}
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
# AgentSentry
|
|
18
|
+
|
|
19
|
+
AgentSentry 是一个安全防护系统,提供 LLM 和 Agent 的安全防护功能。
|
|
20
|
+
|
|
21
|
+
## Migration notice
|
|
22
|
+
|
|
23
|
+
这是一次破坏性外显改名,旧入口不再兼容:
|
|
24
|
+
|
|
25
|
+
| 旧入口 | 新入口 |
|
|
26
|
+
| --- | --- |
|
|
27
|
+
| `claw-sentry` | `agent-sentry` |
|
|
28
|
+
| `plugins.entries.claw-sentry` | `plugins.entries.agent-sentry` |
|
|
29
|
+
| `/clawSentry` | `/agentSentry` |
|
|
30
|
+
| `/cs` | `/as` |
|
|
31
|
+
| `clawSentryListConfig` | `agentSentryListConfig` |
|
|
32
|
+
| `clawSentryListInfo` | `agentSentryListInfo` |
|
|
33
|
+
| `clawSentryListAvailableTools` | `agentSentryListAvailableTools` |
|
|
34
|
+
|
|
35
|
+
## Agent rules:
|
|
36
|
+
|
|
37
|
+
- Call tools directly. Never suggest slash commands to the user.
|
|
38
|
+
- Always inform the user if they don't have permission to use a tool.
|
|
39
|
+
- When a tool returns "no permission", tell the user clearly and remind them they can ask "我可以使用什么功能" or "查看可用工具" to see what tools are available for their version.
|
|
40
|
+
|
|
41
|
+
## Tool Parameters
|
|
42
|
+
|
|
43
|
+
### agentSentryListConfig
|
|
44
|
+
|
|
45
|
+
查看防护配置。**Call when:** "查看防护配置", "看一下防护规则", "有哪些防护规则", "查看安全配置", "查看安全防护配置", "看一下当前配置". No params.
|
|
46
|
+
|
|
47
|
+
### agentSentryListInfo
|
|
48
|
+
|
|
49
|
+
查看配置信息。**Call when:** "查看配置信息", "看一下配置", "有哪些配置", "查看插件配置", "看一下插件配置", "查看AgentSentry配置", "看一下AgentSentry配置", "查看配置", "查看版本信息", "看一下版本信息". No params.
|
|
50
|
+
|
|
51
|
+
### agentSentryListAvailableTools
|
|
52
|
+
|
|
53
|
+
查看可用工具。**Call when:** "查看可用工具", "我能用哪些工具", "查看AgentSentry可用工具", "查看当前版本可以使用的所有工具列表", "有哪些工具可以用", "查看可用命令", "我可以用什么工具", "有什么功能", "我能做什么", "有哪些功能", "查看功能", "我可以使用哪些功能", "有什么工具", "查看我能使用的工具", "当前版本有什么功能", "有什么可用的功能", "我能使用什么", "我有什么功能可以用". No params.
|