@cdot65/prisma-airs 0.2.2 → 0.2.4

package/hooks/prisma-airs-tools/handler.ts

@@ -32,6 +32,7 @@ interface PluginConfig {
         config?: {
           tool_gating_enabled?: boolean;
           high_risk_tools?: string[];
+          api_key?: string;
         };
       };
     };
@@ -45,81 +46,84 @@ interface HookResult {
   blockReason?: string;
 }
 
+// Shared tool lists
+const ALL_EXTERNAL_TOOLS = [
+  "exec",
+  "Bash",
+  "bash",
+  "write",
+  "Write",
+  "edit",
+  "Edit",
+  "gateway",
+  "message",
+  "cron",
+  "browser",
+  "web_fetch",
+  "WebFetch",
+  "database",
+  "query",
+  "sql",
+  "eval",
+  "NotebookEdit",
+];
+const DB_TOOLS = ["exec", "Bash", "bash", "database", "query", "sql", "eval"];
+const CODE_TOOLS = [
+  "exec",
+  "Bash",
+  "bash",
+  "write",
+  "Write",
+  "edit",
+  "Edit",
+  "eval",
+  "NotebookEdit",
+];
+const SENSITIVE_TOOLS = ["exec", "Bash", "bash", "gateway", "message", "cron"];
+const WEB_TOOLS = ["web_fetch", "WebFetch", "browser", "Browser", "curl"];
+
 // Tool blocking rules by threat category
 const TOOL_BLOCKS: Record<string, string[]> = {
   // AI Agent threats - block ALL external actions
-  "agent-threat": [
-    "exec",
-    "Bash",
-    "bash",
-    "write",
-    "Write",
-    "edit",
-    "Edit",
-    "gateway",
-    "message",
-    "cron",
-    "browser",
-    "web_fetch",
-    "WebFetch",
-    "database",
-    "query",
-    "sql",
-    "eval",
-    "NotebookEdit",
-  ],
+  "agent-threat": ALL_EXTERNAL_TOOLS,
+  agent_threat: ALL_EXTERNAL_TOOLS,
+  agent_threat_prompt: ALL_EXTERNAL_TOOLS,
+  agent_threat_response: ALL_EXTERNAL_TOOLS,
 
   // SQL/Database injection - block database and exec tools
-  "sql-injection": ["exec", "Bash", "bash", "database", "query", "sql", "eval"],
-  db_security: ["exec", "Bash", "bash", "database", "query", "sql", "eval"],
-  "db-security": ["exec", "Bash", "bash", "database", "query", "sql", "eval"],
+  "sql-injection": DB_TOOLS,
+  db_security: DB_TOOLS,
+  "db-security": DB_TOOLS,
+  db_security_response: DB_TOOLS,
 
   // Malicious code - block code execution and file writes
-  "malicious-code": [
-    "exec",
-    "Bash",
-    "bash",
-    "write",
-    "Write",
-    "edit",
-    "Edit",
-    "eval",
-    "NotebookEdit",
-  ],
-  malicious_code: [
-    "exec",
-    "Bash",
-    "bash",
-    "write",
-    "Write",
-    "edit",
-    "Edit",
-    "eval",
-    "NotebookEdit",
-  ],
+  "malicious-code": CODE_TOOLS,
+  malicious_code: CODE_TOOLS,
+  malicious_code_prompt: CODE_TOOLS,
+  malicious_code_response: CODE_TOOLS,
 
   // Prompt injection - block sensitive tools
-  "prompt-injection": ["exec", "Bash", "bash", "gateway", "message", "cron"],
-  prompt_injection: ["exec", "Bash", "bash", "gateway", "message", "cron"],
+  "prompt-injection": SENSITIVE_TOOLS,
+  prompt_injection: SENSITIVE_TOOLS,
 
   // Malicious URLs - block web access
-  "malicious-url": ["web_fetch", "WebFetch", "browser", "Browser", "curl"],
-  malicious_url: ["web_fetch", "WebFetch", "browser", "Browser", "curl"],
-  url_filtering_prompt: ["web_fetch", "WebFetch", "browser", "Browser", "curl"],
+  "malicious-url": WEB_TOOLS,
+  malicious_url: WEB_TOOLS,
+  url_filtering_prompt: WEB_TOOLS,
+  url_filtering_response: WEB_TOOLS,
+
+  // Toxic content - block code/write tools
+  toxic_content: CODE_TOOLS,
+  toxic_content_prompt: CODE_TOOLS,
+  toxic_content_response: CODE_TOOLS,
+
+  // Topic violations - block sensitive tools
+  topic_violation: SENSITIVE_TOOLS,
+  topic_violation_prompt: SENSITIVE_TOOLS,
+  topic_violation_response: SENSITIVE_TOOLS,
 
   // Scan failure - block high-risk tools
-  "scan-failure": [
-    "exec",
-    "Bash",
-    "bash",
-    "write",
-    "Write",
-    "edit",
-    "Edit",
-    "gateway",
-    "message",
-    "cron",
-  ],
+  "scan-failure": SENSITIVE_TOOLS.concat(["write", "Write", "edit", "Edit"]),
 };
 
 // Default high-risk tools (blocked on any threat)

package/index.ts

@@ -11,13 +11,17 @@
  */
 
 import { scan, isConfigured, ScanRequest } from "./src/scanner";
-import { fileURLToPath } from "url";
-import { dirname, join } from "path";
+import guardHandler from "./hooks/prisma-airs-guard/handler";
+import auditHandler from "./hooks/prisma-airs-audit/handler";
+import contextHandler from "./hooks/prisma-airs-context/handler";
+import outboundHandler from "./hooks/prisma-airs-outbound/handler";
+import toolsHandler from "./hooks/prisma-airs-tools/handler";
 
 // Plugin config interface
 interface PrismaAirsConfig {
   profile_name?: string;
   app_name?: string;
+  api_key?: string;
   reminder_enabled?: boolean;
 }
 
@@ -72,7 +76,8 @@ interface PluginApi {
     execute: (_id: string, params: ScanRequest) => Promise<ToolResult>;
   }) => void;
   registerCli: (setup: (ctx: { program: unknown }) => void, opts: { commands: string[] }) => void;
-  registerPluginHooksFromDir?: (dir: string) => void;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  on: (hookName: string, handler: (...args: any[]) => any, opts?: { priority?: number }) => void;
 }
 
 // Get plugin config from OpenClaw config
@@ -91,6 +96,7 @@ function buildScanRequest(params: ScanRequest | undefined, config: PrismaAirsCon
     appName: params?.appName ?? config.app_name ?? "openclaw",
     appUser: params?.appUser,
     aiModel: params?.aiModel,
+    apiKey: config.api_key,
   };
 }
 
@@ -101,22 +107,71 @@ export default function register(api: PluginApi): void {
     `Prisma AIRS plugin loaded (reminder_enabled=${config.reminder_enabled ?? true})`
   );
 
-  // Register hooks from the hooks directory
-  if (api.registerPluginHooksFromDir) {
-    const __filename = fileURLToPath(import.meta.url);
-    const __dirname = dirname(__filename);
-    const hooksDir = join(__dirname, "hooks");
-    api.registerPluginHooksFromDir(hooksDir);
-    api.logger.info(`Registered hooks from ${hooksDir}`);
-  }
+  // Register lifecycle hooks via api.on()
+  // Each adapter injects api.config as cfg for handler compatibility.
+
+  // Guard: inject security scanning reminder at agent bootstrap
+  api.on(
+    "before_agent_start",
+    async () => {
+      const files: { path: string; content: string; source?: string }[] = [];
+      await guardHandler({
+        type: "agent",
+        action: "bootstrap",
+        context: { bootstrapFiles: files, cfg: api.config },
+      });
+      if (files.length > 0) {
+        return { systemPrompt: files.map((f) => f.content).join("\n\n") };
+      }
+      return undefined;
+    },
+    { priority: 100 }
+  );
+
+  // Audit: fire-and-forget inbound message scan logging
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  api.on("message_received", async (event: any, ctx: any) => {
+    await auditHandler(event, { ...ctx, cfg: api.config });
+  });
+
+  // Context: inject security warnings before agent processes message
+  api.on(
+    "before_agent_start",
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    async (event: any, ctx: any) => {
+      return await contextHandler(
+        {
+          sessionKey: ctx.sessionKey,
+          message: { content: event.prompt },
+          messages: event.messages,
+        },
+        { ...ctx, cfg: api.config }
+      );
+    },
+    { priority: 50 }
+  );
+
+  // Outbound: scan and block/mask outgoing responses
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  api.on("message_sending", async (event: any, ctx: any) => {
+    return await outboundHandler(event, { ...ctx, cfg: api.config });
+  });
+
+  // Tools: block dangerous tool calls during active threats
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  api.on("before_tool_call", async (event: any, ctx: any) => {
+    return await toolsHandler(event, { ...ctx, cfg: api.config });
+  });
+
+  api.logger.info("Registered 5 lifecycle hooks");
 
   // Register RPC method for status check
   api.registerGatewayMethod("prisma-airs.status", ({ respond }) => {
     const cfg = getPluginConfig(api);
-    const hasApiKey = isConfigured();
+    const hasApiKey = isConfigured(cfg.api_key);
     respond(true, {
       plugin: "prisma-airs",
-      version: "0.2.0",
+      version: "0.2.4",
       config: {
         profile_name: cfg.profile_name ?? "default",
         app_name: cfg.app_name ?? "openclaw",
@@ -159,7 +214,8 @@ export default function register(api: PluginApi): void {
     name: "prisma_airs_scan",
     description:
       "Scan content for security threats via Prisma AIRS. " +
-      "Detects prompt injection, data leakage, malicious URLs, and other threats. " +
+      "Detects prompt injection, DLP, malicious URLs, toxic content, malicious code, " +
+      "agent threats, topic violations, DB security, and ungrounded responses. " +
       "Returns action (allow/warn/block), severity, and detected categories.",
     parameters: {
       type: "object",
@@ -212,16 +268,16 @@ export default function register(api: PluginApi): void {
         .description("Show Prisma AIRS plugin status")
         .action(() => {
           const cfg = getPluginConfig(api);
-          const hasKey = isConfigured();
+          const hasKey = isConfigured(cfg.api_key);
           console.log("Prisma AIRS Plugin Status");
           console.log("-------------------------");
-          console.log(`Version: 0.2.0`);
+          console.log(`Version: 0.2.4`);
           console.log(`Profile: ${cfg.profile_name ?? "default"}`);
           console.log(`App Name: ${cfg.app_name ?? "openclaw"}`);
           console.log(`Reminder: ${cfg.reminder_enabled ?? true}`);
           console.log(`API Key: ${hasKey ? "configured" : "MISSING"}`);
           if (!hasKey) {
-            console.log("\nSet PANW_AI_SEC_API_KEY environment variable");
+            console.log("\nSet API key in plugin config");
           }
         });
 
@@ -266,7 +322,7 @@ export default function register(api: PluginApi): void {
 // Export plugin metadata for discovery
 export const id = "prisma-airs";
 export const name = "Prisma AIRS Security";
-export const version = "0.2.0";
+export const version = "0.2.4";
 
 // Re-export scanner types and functions
 export { scan, isConfigured } from "./src/scanner";

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "prisma-airs",
   "name": "Prisma AIRS Security",
   "description": "AI Runtime Security - full AIRS detection suite with audit logging, context injection, outbound blocking, and tool gating",
-  "version": "0.2.2",
+  "version": "0.2.4",
   "entrypoint": "index.ts",
   "hooks": [
     "hooks/prisma-airs-guard",
@@ -63,12 +63,32 @@
       "high_risk_tools": {
         "type": "array",
         "items": { "type": "string" },
-        "default": ["exec", "Bash", "write", "Write", "edit", "Edit", "gateway", "message", "cron"],
+        "default": [
+          "exec",
+          "Bash",
+          "bash",
+          "write",
+          "Write",
+          "edit",
+          "Edit",
+          "gateway",
+          "message",
+          "cron"
+        ],
         "description": "Tools to block on any detected threat"
+      },
+      "api_key": {
+        "type": "string",
+        "description": "Prisma AIRS API key from Strata Cloud Manager"
       }
     }
   },
   "uiHints": {
+    "api_key": {
+      "label": "API Key",
+      "sensitive": true,
+      "placeholder": "Enter your PANW AI Security API key"
+    },
     "profile_name": {
       "label": "Profile Name",
       "placeholder": "default"
@@ -109,8 +129,5 @@
       "description": "Tools blocked on any threat detection"
     }
   },
-  "requires": {
-    "env": ["PANW_AI_SEC_API_KEY"],
-    "envOptional": ["PANW_AI_SEC_PROFILE_NAME"]
-  }
+  "requires": {}
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cdot65/prisma-airs",
-  "version": "0.2.2",
+  "version": "0.2.4",
   "description": "Prisma AIRS (AI Runtime Security) plugin for OpenClaw - Full security suite with audit logging, context injection, outbound blocking, and tool gating",
   "type": "module",
   "main": "index.ts",

package/src/scan-cache.test.ts

@@ -13,6 +13,7 @@ import {
   stopCleanup,
   startCleanup,
 } from "./scan-cache";
+import { defaultPromptDetected, defaultResponseDetected } from "./scanner";
 import type { ScanResult } from "./scanner";
 
 // Mock scan result
@@ -23,9 +24,12 @@ const mockScanResult: ScanResult = {
   scanId: "scan_123",
   reportId: "report_456",
   profileName: "default",
-  promptDetected: { injection: true, dlp: false, urlCats: false },
-  responseDetected: { dlp: false, urlCats: false },
+  promptDetected: { ...defaultPromptDetected(), injection: true },
+  responseDetected: defaultResponseDetected(),
   latencyMs: 100,
+  timeout: false,
+  hasError: false,
+  contentErrors: [],
 };
 
 describe("scan-cache", () => {