@clawdreyhepburn/carapace 1.0.2 → 1.0.4

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "carapace",
   "name": "Carapace",
   "description": "Cedar policy enforcement for agent tool access via before_tool_call hook. Your agent's exoskeleton.",
-  "version": "1.0.0",
+  "version": "1.0.4",
   "configSchema": {
     "type": "object",
     "additionalProperties": true,
@@ -20,13 +20,31 @@
           "properties": {
             "transport": {
               "type": "string",
-              "enum": ["stdio", "http", "sse"],
+              "enum": [
+                "stdio",
+                "http",
+                "sse"
+              ],
               "default": "stdio"
             },
-            "command": { "type": "string" },
-            "args": { "type": "array", "items": { "type": "string" } },
-            "env": { "type": "object", "additionalProperties": { "type": "string" } },
-            "url": { "type": "string" }
+            "command": {
+              "type": "string"
+            },
+            "args": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            },
+            "env": {
+              "type": "object",
+              "additionalProperties": {
+                "type": "string"
+              }
+            },
+            "url": {
+              "type": "string"
+            }
           }
         }
       },
@@ -37,7 +55,10 @@
       },
       "defaultPolicy": {
         "type": "string",
-        "enum": ["deny-all", "allow-all"],
+        "enum": [
+          "deny-all",
+          "allow-all"
+        ],
         "default": "allow-all",
         "description": "Default policy when no Cedar policies match. allow-all passes everything through; deny-all blocks everything not explicitly permitted."
       },
@@ -49,9 +70,18 @@
     }
   },
   "uiHints": {
-    "guiPort": { "label": "GUI Port", "placeholder": "19820" },
-    "policyDir": { "label": "Policy Directory" },
-    "defaultPolicy": { "label": "Default Policy" },
-    "verify": { "label": "Enable Formal Verification" }
+    "guiPort": {
+      "label": "GUI Port",
+      "placeholder": "19820"
+    },
+    "policyDir": {
+      "label": "Policy Directory"
+    },
+    "defaultPolicy": {
+      "label": "Default Policy"
+    },
+    "verify": {
+      "label": "Enable Formal Verification"
+    }
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdreyhepburn/carapace",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "Cedar policy enforcement for agent tool access via OpenClaw's before_tool_call hook.",
   "license": "Apache-2.0",
   "type": "module",

package/src/cedar-engine-cedarling.ts

@@ -627,10 +627,21 @@ export class CedarlingEngine {
     let hasForbid = false;
     const reasons: string[] = [];
 
+    const principalId = request.principal;
+    const actionId = request.action;
+    const resourceId = request.resource;
+
     for (const [id, policy] of this.policies) {
-      // Simple: check if resource appears in the policy
-      const resourceId = request.resource.replace(/.*::"/g, "").replace(/"$/, "");
-      if (!policy.raw.includes(`"${resourceId}"`)) continue;
+      // Parse constraints from raw policy text
+      const hasPrincipalConstraint = /principal\s*==/.test(policy.raw);
+      const hasActionConstraint = /action\s*==/.test(policy.raw);
+      const hasResourceConstraint = /resource\s*==/.test(policy.raw);
+
+      // Check if this policy matches the request
+      // Unconstrained fields match everything (Cedar semantics)
+      if (hasPrincipalConstraint && !policy.raw.includes(principalId)) continue;
+      if (hasActionConstraint && !policy.raw.includes(actionId)) continue;
+      if (hasResourceConstraint && !policy.raw.includes(resourceId)) continue;
 
       if (policy.effect === "forbid") {
         hasForbid = true;

package/src/index.ts

@@ -107,9 +107,12 @@ export default function register(api: OpenClawPluginApi) {
   // --- Register before_tool_call hook ---
   if (api.on) {
     api.on("before_tool_call", async (event: any) => {
+      logger.info(`[Carapace] HOOK FIRED: keys=${JSON.stringify(Object.keys(event))}`);
+      logger.info(`[Carapace] before_tool_call fired: ${JSON.stringify(Object.keys(event))}`);
       const toolName: string = event.toolName ?? event.tool ?? event.name ?? "";
       const params: Record<string, unknown> = event.params ?? event.arguments ?? event.input ?? {};
 
+      logger.info(`[Carapace] tool=${toolName} defaultPolicy=${config.defaultPolicy ?? "allow-all"}`);
       if (!toolName) return {};
 
       stats.toolCallsEvaluated++;
@@ -147,6 +150,15 @@ export default function register(api: OpenClawPluginApi) {
         context = params ? { arguments: params } : {};
       }
 
+      // Short-circuit: if default policy is allow-all and no Cedar policies are loaded,
+      // skip Cedar evaluation entirely (Cedar is deny-by-default with no policies)
+      const effectiveDefault = config.defaultPolicy ?? "allow-all";
+      const policies = cedar.getPolicies?.() ?? [];
+      if (effectiveDefault === "allow-all" && policies.length === 0) {
+        logger.info(`✅ [Carapace] ALLOW (no policies, default allow-all): ${toolName}`);
+        return {};
+      }
+
       const decision = await cedar.authorize({
         principal: `Agent::"openclaw"`,
         action: `Action::"${action}"`,
@@ -154,6 +166,11 @@ export default function register(api: OpenClawPluginApi) {
         context,
       });
 
+      // If Cedar returns no definitive decision and default is allow-all, allow
+      if (effectiveDefault === "allow-all" && decision.decision !== "deny") {
+        return {};
+      }
+
       const auditEntry = {
         timestamp: new Date().toISOString(),
         tool: toolName,
@@ -171,6 +188,9 @@ export default function register(api: OpenClawPluginApi) {
       }
 
       return {};
+    }, {
+      name: "carapace.cedar-enforcement",
+      description: "Cedar policy enforcement for all tool calls",
     });
     logger.info("Registered before_tool_call hook for Cedar policy enforcement");
   } else {