@clawdstrike/openclaw 0.1.0

package/dist/tools/policy-check.js

@@ -0,0 +1,141 @@
+import { PolicyEngine } from '../policy/engine.js';
+function parseNetworkTarget(target) {
+    const trimmed = target.trim();
+    if (!trimmed)
+        return { host: '', port: 0 };
+    const tryParse = (value) => {
+        try {
+            const parsed = new URL(value);
+            const port = parsed.port ? Number.parseInt(parsed.port, 10) : parsed.protocol === 'http:' ? 80 : 443;
+            return { host: parsed.hostname, port, url: value };
+        }
+        catch {
+            return null;
+        }
+    };
+    return (tryParse(trimmed) ??
+        tryParse(`https://${trimmed}`) ??
+        { host: trimmed.split('/')[0] ?? trimmed, port: 443 });
+}
+function buildEvent(action, resource) {
+    const now = new Date();
+    const eventId = `policy-check-${now.getTime()}-${Math.random().toString(36).slice(2, 8)}`;
+    const timestamp = now.toISOString();
+    switch (action) {
+        case 'file_read':
+            return {
+                eventId,
+                eventType: 'file_read',
+                timestamp,
+                data: { type: 'file', path: resource, operation: 'read' },
+            };
+        case 'file_write':
+            return {
+                eventId,
+                eventType: 'file_write',
+                timestamp,
+                data: { type: 'file', path: resource, operation: 'write' },
+            };
+        case 'network':
+        case 'network_egress': {
+            const { host, port, url } = parseNetworkTarget(resource);
+            return {
+                eventId,
+                eventType: 'network_egress',
+                timestamp,
+                data: { type: 'network', host, port, url },
+            };
+        }
+        case 'command':
+        case 'command_exec': {
+            const parts = resource.trim().split(/\s+/).filter(Boolean);
+            const [command, ...args] = parts;
+            return {
+                eventId,
+                eventType: 'command_exec',
+                timestamp,
+                data: { type: 'command', command: command ?? '', args },
+            };
+        }
+        case 'tool_call':
+        default:
+            return {
+                eventId,
+                eventType: 'tool_call',
+                timestamp,
+                data: { type: 'tool', toolName: resource, parameters: {} },
+            };
+    }
+}
+function formatDecision(decision) {
+    const isDenied = decision.status === 'deny' || decision.denied;
+    const isWarn = decision.status === 'warn' || decision.warn;
+    if (isDenied) {
+        const guard = decision.guard ? ` by ${decision.guard}` : '';
+        const reason = decision.reason ? `: ${decision.reason}` : '';
+        return `Denied${guard}${reason}`;
+    }
+    if (isWarn) {
+        const msg = decision.message ?? decision.reason ?? 'Policy warning';
+        return `Warning: ${msg}`;
+    }
+    return 'Action allowed';
+}
+export async function checkPolicy(config, action, resource) {
+    const engine = new PolicyEngine(config);
+    const event = buildEvent(action, resource);
+    const decision = await engine.evaluate(event);
+    const isDenied = decision.status === 'deny' || decision.denied;
+    return { ...decision, message: formatDecision(decision), suggestion: isDenied ? getSuggestion(action, resource) : undefined };
+}
+export function policyCheckTool(engine) {
+    return {
+        name: 'policy_check',
+        description: 'Check if an action is allowed by the security policy. Use this BEFORE attempting potentially restricted operations.',
+        schema: {
+            type: 'object',
+            properties: {
+                action: {
+                    type: 'string',
+                    enum: ['file_read', 'file_write', 'network', 'command', 'tool_call'],
+                    description: 'The type of action to check',
+                },
+                resource: {
+                    type: 'string',
+                    description: 'The resource to check (path, domain, command, or tool name)',
+                },
+            },
+            required: ['action', 'resource'],
+        },
+        execute: async (params) => {
+            const action = params.action ?? 'tool_call';
+            const resource = typeof params.resource === 'string' ? params.resource : '';
+            const event = buildEvent(action, resource);
+            const decision = await engine.evaluate(event);
+            return {
+                ...decision,
+                message: formatDecision(decision),
+                suggestion: (decision.status === 'deny' || decision.denied) ? getSuggestion(action, resource) : undefined,
+            };
+        },
+    };
+}
+function getSuggestion(action, resource) {
+    if ((action === 'file_write' || action === 'file_read') && resource.includes('.ssh')) {
+        return 'SSH keys are protected. Consider using a different credential storage method.';
+    }
+    if ((action === 'file_write' || action === 'file_read') && resource.includes('.aws')) {
+        return 'AWS credentials are protected. Use environment variables or IAM roles instead.';
+    }
+    if (action === 'network_egress' || action === 'network') {
+        return 'Try using an allowed domain like api.github.com or pypi.org.';
+    }
+    if ((action === 'command_exec' || action === 'command') && resource.includes('sudo')) {
+        return 'Privileged commands are restricted. Try running without sudo.';
+    }
+    if ((action === 'command_exec' || action === 'command') && (resource.includes('rm -rf') || resource.includes('dd if='))) {
+        return 'Destructive commands are blocked. Consider safer alternatives.';
+    }
+    return 'Consider an alternative approach that works within the security policy.';
+}
+//# sourceMappingURL=policy-check.js.map

package/dist/tools/policy-check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-check.js","sourceRoot":"","sources":["../../src/tools/policy-check.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAgBnD,SAAS,kBAAkB,CAAC,MAAc;IACxC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAE3C,MAAM,QAAQ,GAAG,CAAC,KAAa,EAAuD,EAAE;QACtF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;YAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;YACrG,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC,CAAC;IAEF,OAAO,CACL,QAAQ,CAAC,OAAO,CAAC;QACjB,QAAQ,CAAC,WAAW,OAAO,EAAE,CAAC;QAC9B,EAAE,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CACtD,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,MAAyB,EAAE,QAAgB;IAC7D,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,OAAO,GAAG,gBAAgB,GAAG,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IAC1F,MAAM,SAAS,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAEpC,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,WAAW;YACd,OAAO;gBACL,OAAO;gBACP,SAAS,EAAE,WAAW;gBACtB,SAAS;gBACT,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE;aAC1D,CAAC;QACJ,KAAK,YAAY;YACf,OAAO;gBACL,OAAO;gBACP,SAAS,EAAE,YAAY;gBACvB,SAAS;gBACT,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE;aAC3D,CAAC;QACJ,KAAK,SAAS,CAAC;QACf,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YACzD,OAAO;gBACL,OAAO;gBACP,SAAS,EAAE,gBAAgB;gBAC3B,SAAS;gBACT,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE;aAC3C,CAAC;QACJ,CAAC;QACD,KAAK,SAAS,CAAC;QACf,KAAK,cAAc,CAAC,CAAC,CAAC;YACpB,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC3D,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,KAAK,CAAC;YACjC,OAAO;gBACL,OAAO;gBACP,SAAS,EAAE,cAAc;gBACzB,SAAS;gBACT,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE,EAAE,IAAI,EAAE;aACxD,CAAC;QACJ,CAAC;QACD,KAAK,WAAW,CAAC;QACjB;YACE,OAAO;gBACL,OAAO;gBACP,SAAS,EAAE,WAAW;gBACtB,SAAS;gBACT,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE;aAC3D,CAAC;IACN,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,QAAkB;IACxC,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,KAAK,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC;IAC/D,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,KAAK,MAAM,IAAI,QAAQ,CAAC,IAAI,CAAC;IAC3D,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,OAAO,SAAS,KAAK,GAAG,MAAM,EAAE,CAAC;IACnC,CAAC;IACD,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,MAAM,IAAI,gBAAgB,CAAC;QACpE,OAAO,YAAY,GAAG,EAAE,CAAC;IAC3B,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,MAAyB,EACzB,MAAyB,EACzB,QAAgB;IAEhB,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,KAAK,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC;IAC/D,OAAO,EAAE,GAAG,QAAQ,EAAE,OAAO,EAAE,cAAc,CAAC,QAAQ,CAAC,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;AAChI,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,MAAoB;IAClD,OAAO;QACL,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,qHAAqH;QAClI,MAAM,EAAE;YACN,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,WAAW,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC;oBACpE,WAAW,EAAE,6BAA6B;iBAC3C;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,6DAA6D;iBAC3E;aACF;YACD,QAAQ,EAAE,CAAC,QAAQ,EAAE,UAAU,CAAC;SACjC;QACD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;YACxB,MAAM,MAAM,GAAI,MAAM,CAAC,MAA4B,IAAI,WAAW,CAAC;YACnE,MAAM,QAAQ,GAAG,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5E,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC3C,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC9C,OAAO;gBACL,GAAG,QAAQ;gBACX,OAAO,EAAE,cAAc,CAAC,QAAQ,CAAC;gBACjC,UAAU,EAAE,CAAC,QAAQ,CAAC,MAAM,KAAK,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;aAC1G,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,MAAc,EAAE,QAAgB;IACrD,IAAI,CAAC,MAAM,KAAK,YAAY,IAAI,MAAM,KAAK,WAAW,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACrF,OAAO,+EAA+E,CAAC;IACzF,CAAC;IACD,IAAI,CAAC,MAAM,KAAK,YAAY,IAAI,MAAM,KAAK,WAAW,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACrF,OAAO,gFAAgF,CAAC;IAC1F,CAAC;IACD,IAAI,MAAM,KAAK,gBAAgB,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACxD,OAAO,8DAA8D,CAAC;IACxE,CAAC;IACD,IAAI,CAAC,MAAM,KAAK,cAAc,IAAI,MAAM,KAAK,SAAS,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACrF,OAAO,+DAA+D,CAAC;IACzE,CAAC;IACD,IAAI,CAAC,MAAM,KAAK,cAAc,IAAI,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QACxH,OAAO,gEAAgE,CAAC;IAC1E,CAAC;IACD,OAAO,yEAAyE,CAAC;AACnF,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,413 @@
+/**
+ * @clawdstrike/openclaw - Type Definitions
+ *
+ * Core types for the Clawdstrike security plugin for OpenClaw.
+ */
+/**
+ * Severity level for policy violations
+ */
+export type Severity = 'low' | 'medium' | 'high' | 'critical';
+/**
+ * Enforcement mode for policy evaluation
+ */
+export type EvaluationMode = 'deterministic' | 'advisory' | 'audit';
+/**
+ * Log level for plugin output
+ */
+export type LogLevel = 'debug' | 'info' | 'warn' | 'error';
+/**
+ * Action to take on policy violation
+ */
+export type ViolationAction = 'cancel' | 'warn' | 'isolate' | 'escalate';
+/**
+ * Network egress mode
+ */
+export type EgressMode = 'allowlist' | 'denylist' | 'open' | 'deny_all';
+/**
+ * Event type discriminator for policy evaluation
+ */
+export type EventType = 'file_read' | 'file_write' | 'command_exec' | 'network_egress' | 'tool_call' | 'patch_apply' | 'secret_access';
+/**
+ * Plugin configuration schema
+ */
+export interface ClawdstrikeConfig {
+    /** Path to policy YAML or built-in ruleset name */
+    policy?: string;
+    /** Enforcement mode */
+    mode?: EvaluationMode;
+    /** Logging level */
+    logLevel?: LogLevel;
+    /** Guard enable/disable toggles */
+    guards?: GuardToggles;
+}
+/**
+ * Guard enable/disable toggles
+ */
+export interface GuardToggles {
+    forbidden_path?: boolean;
+    egress?: boolean;
+    secret_leak?: boolean;
+    patch_integrity?: boolean;
+    mcp_tool?: boolean;
+}
+/**
+ * Execution event to be evaluated by policy engine
+ */
+export interface PolicyEvent {
+    /** Unique event identifier */
+    eventId: string;
+    /** Event type */
+    eventType: EventType;
+    /** Event timestamp (ISO 8601) */
+    timestamp: string;
+    /** Associated session/run identifier */
+    sessionId?: string;
+    /** Event-specific data */
+    data: EventData;
+    /** Optional metadata */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Union type for event-specific data
+ */
+export type EventData = FileEventData | CommandEventData | NetworkEventData | ToolEventData | PatchEventData | SecretEventData;
+/**
+ * File read/write event data
+ */
+export interface FileEventData {
+    type: 'file';
+    /** Absolute path to the file */
+    path: string;
+    /** Optional raw content (small files only; best-effort) */
+    content?: string;
+    /** Optional base64-encoded content */
+    contentBase64?: string;
+    /** Optional content hash (for write verification) */
+    contentHash?: string;
+    /** Operation type */
+    operation: 'read' | 'write';
+}
+/**
+ * Command execution event data
+ */
+export interface CommandEventData {
+    type: 'command';
+    /** Command name or path */
+    command: string;
+    /** Command arguments */
+    args: string[];
+    /** Working directory */
+    workingDir?: string;
+}
+/**
+ * Network egress event data
+ */
+export interface NetworkEventData {
+    type: 'network';
+    /** Target hostname or IP */
+    host: string;
+    /** Target port */
+    port: number;
+    /** Protocol (tcp, udp, etc.) */
+    protocol?: string;
+    /** Full URL if available */
+    url?: string;
+}
+/**
+ * Tool invocation event data
+ */
+export interface ToolEventData {
+    type: 'tool';
+    /** Tool name (e.g., "bash", "file_write", "web_search") */
+    toolName: string;
+    /** Tool parameters */
+    parameters: Record<string, unknown>;
+    /** Tool result (for post-execution checks) */
+    result?: string;
+}
+/**
+ * Patch/diff application event data
+ */
+export interface PatchEventData {
+    type: 'patch';
+    /** Target file path */
+    filePath: string;
+    /** Patch content (diff or full content) */
+    patchContent: string;
+    /** Optional patch hash */
+    patchHash?: string;
+}
+/**
+ * Secret access event data
+ */
+export interface SecretEventData {
+    type: 'secret';
+    /** Secret identifier or name */
+    secretName: string;
+    /** Scope (environment, file, etc.) */
+    scope: string;
+}
+/**
+ * Decision status for security checks.
+ * - 'allow': Operation is permitted
+ * - 'warn': Operation is permitted but flagged for review
+ * - 'deny': Operation is blocked
+ */
+export type DecisionStatus = 'allow' | 'warn' | 'deny';
+/**
+ * Result of policy evaluation
+ */
+export interface Decision {
+    /** The decision status: 'allow', 'warn', or 'deny' */
+    status: DecisionStatus;
+    /** Whether the event is allowed @deprecated Use status === 'allow' || status === 'warn' */
+    allowed: boolean;
+    /** Whether the event is explicitly denied @deprecated Use status === 'deny' */
+    denied: boolean;
+    /** Whether to show a warning @deprecated Use status === 'warn' */
+    warn: boolean;
+    /** Reason for denial (if denied) */
+    reason?: string;
+    /** Guard that made the decision */
+    guard?: string;
+    /** Severity of the violation */
+    severity?: Severity;
+    /** Additional message */
+    message?: string;
+}
+/**
+ * Result from a single guard check
+ */
+export interface GuardResult {
+    /** Guard status */
+    status: 'allow' | 'deny' | 'warn';
+    /** Reason message */
+    reason?: string;
+    /** Severity (for deny) */
+    severity?: Severity;
+    /** Guard name */
+    guard: string;
+}
+/**
+ * Security policy configuration
+ */
+export interface Policy {
+    /** Policy version identifier */
+    version?: string;
+    /** Base policy to extend */
+    extends?: string;
+    /** Network egress configuration */
+    egress?: EgressPolicy;
+    /** Filesystem access configuration */
+    filesystem?: FilesystemPolicy;
+    /** Command execution configuration */
+    execution?: ExecutionPolicy;
+    /** Tool/MCP restrictions */
+    tools?: ToolPolicy;
+    /** Resource limits */
+    limits?: ResourceLimits;
+    /** Guard-level toggles */
+    guards?: GuardToggles & {
+        custom?: unknown;
+    };
+    /** Action to take on violation */
+    on_violation?: ViolationAction;
+}
+/**
+ * Network egress policy
+ */
+export interface EgressPolicy {
+    /** Egress mode */
+    mode: EgressMode;
+    /** Allowed domains (for allowlist mode) */
+    allowed_domains?: string[];
+    /** Allowed IP CIDRs */
+    allowed_cidrs?: string[];
+    /** Denied domains (takes precedence) */
+    denied_domains?: string[];
+}
+/**
+ * Filesystem access policy
+ */
+export interface FilesystemPolicy {
+    /** Directories where writes are allowed */
+    allowed_write_roots?: string[];
+    /** Paths that must never be accessed */
+    forbidden_paths?: string[];
+    /** Allowed read paths (empty = all allowed) */
+    allowed_read_paths?: string[];
+}
+/**
+ * Command execution policy
+ */
+export interface ExecutionPolicy {
+    /** Allowed commands (empty = all allowed) */
+    allowed_commands?: string[];
+    /** Denied command patterns (regex) */
+    denied_patterns?: string[];
+}
+/**
+ * Tool access policy
+ */
+export interface ToolPolicy {
+    /** Allowed tools (empty = all allowed) */
+    allowed?: string[];
+    /** Denied tools */
+    denied?: string[];
+}
+/**
+ * Resource limits
+ */
+export interface ResourceLimits {
+    /** Maximum execution time in seconds */
+    max_execution_seconds?: number;
+    /** Maximum memory in MB */
+    max_memory_mb?: number;
+    /** Maximum output size in bytes */
+    max_output_bytes?: number;
+}
+/**
+ * Policy lint result
+ */
+export interface PolicyLintResult {
+    /** Whether policy is valid */
+    valid: boolean;
+    /** Validation errors */
+    errors: string[];
+    /** Validation warnings */
+    warnings: string[];
+}
+/**
+ * Secret pattern for detection
+ */
+export interface SecretPattern {
+    /** Pattern name */
+    name: string;
+    /** Regex pattern */
+    pattern: RegExp;
+    /** Severity if detected */
+    severity: Severity;
+    /** Description */
+    description: string;
+}
+/**
+ * Dangerous pattern for patch integrity
+ */
+export interface DangerousPattern {
+    /** Pattern name */
+    name: string;
+    /** Regex pattern */
+    pattern: RegExp;
+    /** Severity if detected */
+    severity: Severity;
+    /** Description */
+    description: string;
+}
+/**
+ * OpenClaw Plugin API interface (minimal for type safety)
+ */
+export interface PluginAPI {
+    /** Get plugin configuration */
+    getConfig<T = ClawdstrikeConfig>(): T;
+    /** Register a tool */
+    registerTool(tool: ToolDefinition): void;
+    /** Register CLI commands */
+    registerCli(callback: (ctx: CliContext) => void): void;
+    /** Register a background service */
+    registerService(service: ServiceDefinition): void;
+    /** Get logger */
+    getLogger(): Logger;
+}
+/**
+ * Tool definition for registration
+ */
+export interface ToolDefinition {
+    /** Tool name */
+    name: string;
+    /** Tool description */
+    description: string;
+    /** JSON Schema for parameters */
+    schema: Record<string, unknown>;
+    /** Tool execution function */
+    execute: (params: Record<string, unknown>) => Promise<unknown>;
+}
+/**
+ * CLI context for command registration
+ */
+export interface CliContext {
+    program: {
+        command(name: string): CommandBuilder;
+    };
+}
+/**
+ * Command builder interface
+ */
+export interface CommandBuilder {
+    description(desc: string): CommandBuilder;
+    command(name: string): CommandBuilder;
+    action(fn: (...args: unknown[]) => Promise<void> | void): CommandBuilder;
+    argument(name: string, desc?: string): CommandBuilder;
+    option(flags: string, desc?: string, defaultValue?: unknown): CommandBuilder;
+}
+/**
+ * Service definition for background processes
+ */
+export interface ServiceDefinition {
+    /** Service ID */
+    id: string;
+    /** Start function */
+    start: () => Promise<void>;
+    /** Stop function */
+    stop: () => Promise<void>;
+}
+/**
+ * Logger interface
+ */
+export interface Logger {
+    debug(message: string, ...args: unknown[]): void;
+    info(message: string, ...args: unknown[]): void;
+    warn(message: string, ...args: unknown[]): void;
+    error(message: string, ...args: unknown[]): void;
+}
+/**
+ * Hook event context for tool_result_persist
+ */
+export interface ToolResultPersistEvent {
+    type: 'tool_result_persist';
+    timestamp: string;
+    context: {
+        sessionId: string;
+        toolResult: {
+            toolName: string;
+            params: Record<string, unknown>;
+            result: unknown;
+            error?: string;
+        };
+    };
+    messages: string[];
+}
+/**
+ * Hook event context for agent:bootstrap
+ */
+export interface AgentBootstrapEvent {
+    type: 'agent:bootstrap';
+    timestamp: string;
+    context: {
+        sessionId: string;
+        agentId: string;
+        bootstrapFiles: Array<{
+            path: string;
+            content: string;
+        }>;
+        cfg: ClawdstrikeConfig;
+    };
+}
+/**
+ * Generic hook event type
+ */
+export type HookEvent = ToolResultPersistEvent | AgentBootstrapEvent;
+/**
+ * Hook handler function type
+ */
+export type HookHandler = (event: HookEvent) => Promise<void> | void;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE9D;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,eAAe,GAAG,UAAU,GAAG,OAAO,CAAC;AAEpE;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAE3D;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;AAEzE;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,UAAU,CAAC;AAExE;;GAEG;AACH,MAAM,MAAM,SAAS,GACjB,WAAW,GACX,YAAY,GACZ,cAAc,GACd,gBAAgB,GAChB,WAAW,GACX,aAAa,GACb,eAAe,CAAC;AAEpB;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,mDAAmD;IACnD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,uBAAuB;IACvB,IAAI,CAAC,EAAE,cAAc,CAAC;IACtB,oBAAoB;IACpB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,mCAAmC;IACnC,MAAM,CAAC,EAAE,YAAY,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,8BAA8B;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB;IACjB,SAAS,EAAE,SAAS,CAAC;IACrB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,wCAAwC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0BAA0B;IAC1B,IAAI,EAAE,SAAS,CAAC;IAChB,wBAAwB;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,MAAM,SAAS,GACjB,aAAa,GACb,gBAAgB,GAChB,gBAAgB,GAChB,aAAa,GACb,cAAc,GACd,eAAe,CAAC;AAEpB;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,2DAA2D;IAC3D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sCAAsC;IACtC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,qDAAqD;IACrD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qBAAqB;IACrB,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,SAAS,CAAC;IAChB,2BAA2B;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,wBAAwB;IACxB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,wBAAwB;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,SAAS,CAAC;IAChB,4BAA4B;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,gCAAgC;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,4BAA4B;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,2DAA2D;IAC3D,QAAQ,EAAE,MAAM,CAAC;IACjB,sBAAsB;IACtB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,8CAA8C;IAC9C,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,OAAO,CAAC;IACd,uBAAuB;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,YAAY,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,QAAQ,CAAC;IACf,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,sCAAsC;IACtC,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;GAKG;AACH,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,sDAAsD;IACtD,MAAM,EAAE,cAAc,CAAC;IACvB,2FAA2F;IAC3F,OAAO,EAAE,OAAO,CAAC;IACjB,+EAA+E;IAC/E,MAAM,EAAE,OAAO,CAAC;IAChB,kEAAkE;IAClE,IAAI,EAAE,OAAO,CAAC;IACd,oCAAoC;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,yBAAyB;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,mBAAmB;IACnB,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;IAClC,qBAAqB;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,iBAAiB;IACjB,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB,gCAAgC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4BAA4B;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mCAAmC;IACnC,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,sCAAsC;IACtC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,sCAAsC;IACtC,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,4BAA4B;IAC5B,KAAK,CAAC,EAAE,UAAU,CAAC;IACnB,sBAAsB;IACtB,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,0BAA0B;IAC1B,MAAM,CAAC,EAAE,YAAY,GAAG;QAAE,MAAM,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAC7C,kCAAkC;IAClC,YAAY,CAAC,EAAE,eAAe,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,kBAAkB;IAClB,IAAI,EAAE,UAAU,CAAC;IACjB,2CAA2C;IAC3C,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB;IACvB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,wCAAwC;IACxC,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,2CAA2C;IAC3C,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,wCAAwC;IACxC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,+CAA+C;IAC/C,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,6CAA6C;IAC7C,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,sCAAsC;IACtC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,mBAAmB;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,wCAAwC;IACxC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,2BAA2B;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mCAAmC;IACnC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8BAA8B;IAC9B,KAAK,EAAE,OAAO,CAAC;IACf,wBAAwB;IACxB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,0BAA0B;IAC1B,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,2BAA2B;IAC3B,QAAQ,EAAE,QAAQ,CAAC;IACnB,kBAAkB;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,2BAA2B;IAC3B,QAAQ,EAAE,QAAQ,CAAC;IACnB,kBAAkB;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,+BAA+B;IAC/B,SAAS,CAAC,CAAC,GAAG,iBAAiB,KAAK,CAAC,CAAC;IACtC,sBAAsB;IACtB,YAAY,CAAC,IAAI,EAAE,cAAc,GAAG,IAAI,CAAC;IACzC,4BAA4B;IAC5B,WAAW,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,UAAU,KAAK,IAAI,GAAG,IAAI,CAAC;IACvD,oCAAoC;IACpC,eAAe,CAAC,OAAO,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAClD,iBAAiB;IACjB,SAAS,IAAI,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,gBAAgB;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,iCAAiC;IACjC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,8BAA8B;IAC9B,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAChE;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE;QACP,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,CAAC;KACvC,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,CAAC;IAC1C,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,CAAC;IACtC,MAAM,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,cAAc,CAAC;IACzE,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,cAAc,CAAC;IACtD,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,OAAO,GAAG,cAAc,CAAC;CAC9E;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,iBAAiB;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,qBAAqB;IACrB,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,oBAAoB;IACpB,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACjD,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAChD,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAChD,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;CAClD;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,qBAAqB,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE;YACV,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAChC,MAAM,EAAE,OAAO,CAAC;YAChB,KAAK,CAAC,EAAE,MAAM,CAAC;SAChB,CAAC;KACH,CAAC;IACF,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,iBAAiB,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,EAAE,KAAK,CAAC;YACpB,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;SACjB,CAAC,CAAC;QACH,GAAG,EAAE,iBAAiB,CAAC;KACxB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,sBAAsB,GAAG,mBAAmB,CAAC;AAErE;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,KAAK,EAAE,SAAS,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC"}

package/dist/types.js

@@ -0,0 +1,7 @@
+/**
+ * @clawdstrike/openclaw - Type Definitions
+ *
+ * Core types for the Clawdstrike security plugin for OpenClaw.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/package.json

@@ -0,0 +1,85 @@
+{
+  "name": "@clawdstrike/openclaw",
+  "version": "0.1.0",
+  "description": "Clawdstrike security plugin for OpenClaw",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./cli": {
+      "import": "./dist/cli/index.js",
+      "types": "./dist/cli/index.d.ts"
+    }
+  },
+  "bin": {
+    "clawdstrike": "./dist/cli/bin.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "e2e": "npm run build && node dist/e2e/openclaw-e2e.js",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "lint": "npm run typecheck",
+    "typecheck": "tsc --noEmit",
+    "bench": "npm run build && node benchmarks/policy-engine.bench.mjs",
+    "bench:json": "npm run build && OUTPUT_JSON=1 node benchmarks/policy-engine.bench.mjs"
+  },
+  "dependencies": {
+    "@clawdstrike/adapter-core": "^0.1.0",
+    "@clawdstrike/policy": "^0.1.0",
+    "chalk": "^5.3.0",
+    "commander": "^14.0.3",
+    "glob": "^13.0.1",
+    "js-yaml": "^4.1.0"
+  },
+  "devDependencies": {
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^25.2.0",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18"
+  },
+  "peerDependencies": {
+    "openclaw": ">=0.1.0"
+  },
+  "peerDependenciesMeta": {
+    "openclaw": {
+      "optional": true
+    }
+  },
+  "files": [
+    "dist",
+    "rulesets",
+    "README.md"
+  ],
+  "keywords": [
+    "openclaw",
+    "security",
+    "clawdstrike",
+    "ai-agent"
+  ],
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/backbay-labs/clawdstrike.git",
+    "directory": "packages/adapters/clawdstrike-openclaw"
+  },
+  "homepage": "https://github.com/backbay-labs/clawdstrike",
+  "bugs": {
+    "url": "https://github.com/backbay-labs/clawdstrike/issues"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "openclaw": {
+    "extensions": [
+      "./dist/plugin.js"
+    ]
+  }
+}