@clawdstrike/openclaw 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/README.md +7 -0
  2. package/dist/audit/store.d.ts +26 -0
  3. package/dist/audit/store.d.ts.map +1 -0
  4. package/dist/audit/store.js +59 -0
  5. package/dist/audit/store.js.map +1 -0
  6. package/dist/cli/bin.d.ts +3 -0
  7. package/dist/cli/bin.d.ts.map +1 -0
  8. package/dist/cli/bin.js +5 -0
  9. package/dist/cli/bin.js.map +1 -0
  10. package/dist/cli/commands/audit.d.ts +19 -0
  11. package/dist/cli/commands/audit.d.ts.map +1 -0
  12. package/dist/cli/commands/audit.js +93 -0
  13. package/dist/cli/commands/audit.js.map +1 -0
  14. package/dist/cli/commands/policy.d.ts +11 -0
  15. package/dist/cli/commands/policy.d.ts.map +1 -0
  16. package/dist/cli/commands/policy.js +101 -0
  17. package/dist/cli/commands/policy.js.map +1 -0
  18. package/dist/cli/index.d.ts +4 -0
  19. package/dist/cli/index.d.ts.map +1 -0
  20. package/dist/cli/index.js +91 -0
  21. package/dist/cli/index.js.map +1 -0
  22. package/dist/config.d.ts +27 -0
  23. package/dist/config.d.ts.map +1 -0
  24. package/dist/config.js +88 -0
  25. package/dist/config.js.map +1 -0
  26. package/dist/e2e/openclaw-e2e.d.ts +2 -0
  27. package/dist/e2e/openclaw-e2e.d.ts.map +1 -0
  28. package/dist/e2e/openclaw-e2e.js +129 -0
  29. package/dist/e2e/openclaw-e2e.js.map +1 -0
  30. package/dist/guards/egress.d.ts +25 -0
  31. package/dist/guards/egress.d.ts.map +1 -0
  32. package/dist/guards/egress.js +146 -0
  33. package/dist/guards/egress.js.map +1 -0
  34. package/dist/guards/forbidden-path.d.ts +22 -0
  35. package/dist/guards/forbidden-path.d.ts.map +1 -0
  36. package/dist/guards/forbidden-path.js +132 -0
  37. package/dist/guards/forbidden-path.js.map +1 -0
  38. package/dist/guards/index.d.ts +12 -0
  39. package/dist/guards/index.d.ts.map +1 -0
  40. package/dist/guards/index.js +11 -0
  41. package/dist/guards/index.js.map +1 -0
  42. package/dist/guards/patch-integrity.d.ts +27 -0
  43. package/dist/guards/patch-integrity.d.ts.map +1 -0
  44. package/dist/guards/patch-integrity.js +219 -0
  45. package/dist/guards/patch-integrity.js.map +1 -0
  46. package/dist/guards/secret-leak.d.ts +31 -0
  47. package/dist/guards/secret-leak.d.ts.map +1 -0
  48. package/dist/guards/secret-leak.js +235 -0
  49. package/dist/guards/secret-leak.js.map +1 -0
  50. package/dist/guards/types.d.ts +46 -0
  51. package/dist/guards/types.d.ts.map +1 -0
  52. package/dist/guards/types.js +36 -0
  53. package/dist/guards/types.js.map +1 -0
  54. package/dist/hooks/agent-bootstrap/handler.d.ts +10 -0
  55. package/dist/hooks/agent-bootstrap/handler.d.ts.map +1 -0
  56. package/dist/hooks/agent-bootstrap/handler.js +35 -0
  57. package/dist/hooks/agent-bootstrap/handler.js.map +1 -0
  58. package/dist/hooks/audit-logger/handler.d.ts +16 -0
  59. package/dist/hooks/audit-logger/handler.d.ts.map +1 -0
  60. package/dist/hooks/audit-logger/handler.js +70 -0
  61. package/dist/hooks/audit-logger/handler.js.map +1 -0
  62. package/dist/hooks/tool-guard/handler.d.ts +16 -0
  63. package/dist/hooks/tool-guard/handler.d.ts.map +1 -0
  64. package/dist/hooks/tool-guard/handler.js +335 -0
  65. package/dist/hooks/tool-guard/handler.js.map +1 -0
  66. package/dist/index.d.ts +10 -0
  67. package/dist/index.d.ts.map +1 -0
  68. package/dist/index.js +15 -0
  69. package/dist/index.js.map +1 -0
  70. package/dist/plugin.d.ts +11 -0
  71. package/dist/plugin.d.ts.map +1 -0
  72. package/dist/plugin.js +234 -0
  73. package/dist/plugin.js.map +1 -0
  74. package/dist/policy/engine.d.ts +31 -0
  75. package/dist/policy/engine.d.ts.map +1 -0
  76. package/dist/policy/engine.js +282 -0
  77. package/dist/policy/engine.js.map +1 -0
  78. package/dist/policy/index.d.ts +4 -0
  79. package/dist/policy/index.d.ts.map +1 -0
  80. package/dist/policy/index.js +4 -0
  81. package/dist/policy/index.js.map +1 -0
  82. package/dist/policy/loader.d.ts +10 -0
  83. package/dist/policy/loader.d.ts.map +1 -0
  84. package/dist/policy/loader.js +262 -0
  85. package/dist/policy/loader.js.map +1 -0
  86. package/dist/policy/validator.d.ts +4 -0
  87. package/dist/policy/validator.d.ts.map +1 -0
  88. package/dist/policy/validator.js +409 -0
  89. package/dist/policy/validator.js.map +1 -0
  90. package/dist/sanitizer/output-sanitizer.d.ts +15 -0
  91. package/dist/sanitizer/output-sanitizer.d.ts.map +1 -0
  92. package/dist/sanitizer/output-sanitizer.js +47 -0
  93. package/dist/sanitizer/output-sanitizer.js.map +1 -0
  94. package/dist/security-prompt.d.ts +3 -0
  95. package/dist/security-prompt.d.ts.map +1 -0
  96. package/dist/security-prompt.js +70 -0
  97. package/dist/security-prompt.js.map +1 -0
  98. package/dist/tools/policy-check.d.ts +10 -0
  99. package/dist/tools/policy-check.d.ts.map +1 -0
  100. package/dist/tools/policy-check.js +141 -0
  101. package/dist/tools/policy-check.js.map +1 -0
  102. package/dist/types.d.ts +413 -0
  103. package/dist/types.d.ts.map +1 -0
  104. package/dist/types.js +7 -0
  105. package/dist/types.js.map +1 -0
  106. package/package.json +85 -0
  107. package/rulesets/ai-agent-minimal.yaml +42 -0
  108. package/rulesets/ai-agent.yaml +70 -0
package/rulesets/ai-agent-minimal.yaml ADDED
@@ -0,0 +1,42 @@
1
+ # Clawdstrike AI Agent Minimal Policy
2
+ # Basic protection for AI-assisted development
3
+
4
+ version: "clawdstrike-v1.0"
5
+
6
+ egress:
7
+ mode: allowlist
8
+ allowed_domains:
9
+ # AI Provider APIs
10
+ - "api.anthropic.com"
11
+ - "api.openai.com"
12
+ # Package Registries
13
+ - "pypi.org"
14
+ - "registry.npmjs.org"
15
+ - "crates.io"
16
+ # Source Control
17
+ - "github.com"
18
+ - "api.github.com"
19
+ denied_domains:
20
+ - "*.onion"
21
+ - "localhost"
22
+ - "127.*"
23
+ - "10.*"
24
+ - "192.168.*"
25
+ - "172.16.*"
26
+
27
+ filesystem:
28
+ forbidden_paths:
29
+ - "~/.ssh"
30
+ - "~/.aws"
31
+ - "~/.gnupg"
32
+ - ".env"
33
+ - "*.pem"
34
+ - "*.key"
35
+
36
+ execution:
37
+ denied_patterns:
38
+ - "rm -rf /"
39
+ - "rm -rf /*"
40
+ - "curl.*|.*bash"
41
+
42
+ on_violation: cancel
package/rulesets/ai-agent.yaml ADDED
@@ -0,0 +1,70 @@
1
+ # Clawdstrike AI Agent Standard Policy
2
+ # Recommended for general AI-assisted development
3
+
4
+ version: "clawdstrike-v1.0"
5
+ extends: ai-agent-minimal
6
+
7
+ egress:
8
+ mode: allowlist
9
+ allowed_domains:
10
+ # AI Provider APIs
11
+ - "api.anthropic.com"
12
+ - "api.openai.com"
13
+ - "generativelanguage.googleapis.com"
14
+ # Package Registries
15
+ - "pypi.org"
16
+ - "files.pythonhosted.org"
17
+ - "registry.npmjs.org"
18
+ - "crates.io"
19
+ - "static.crates.io"
20
+ - "rubygems.org"
21
+ - "pkg.go.dev"
22
+ - "proxy.golang.org"
23
+ # Source Control
24
+ - "github.com"
25
+ - "api.github.com"
26
+ - "*.githubusercontent.com"
27
+ - "gitlab.com"
28
+ # Documentation
29
+ - "docs.python.org"
30
+ - "developer.mozilla.org"
31
+ - "docs.rs"
32
+ denied_domains:
33
+ - "*.onion"
34
+ - "localhost"
35
+ - "127.*"
36
+ - "10.*"
37
+ - "192.168.*"
38
+ - "172.16.*"
39
+
40
+ filesystem:
41
+ forbidden_paths:
42
+ - "~/.ssh"
43
+ - "~/.aws"
44
+ - "~/.gnupg"
45
+ - "~/.config/gcloud"
46
+ - "~/.kube"
47
+ - "~/.docker/config.json"
48
+ - "~/.npmrc"
49
+ - "~/.pypirc"
50
+ - "~/.netrc"
51
+ - "/etc/shadow"
52
+ - "/etc/passwd"
53
+ - ".env"
54
+ - ".env.*"
55
+ - "*.pem"
56
+ - "*.key"
57
+ - "**/secrets/*"
58
+
59
+ execution:
60
+ denied_patterns:
61
+ - "rm -rf /"
62
+ - "rm -rf /*"
63
+ - ":(){ :|:& };:"
64
+ - "curl.*|.*bash"
65
+ - "wget.*|.*sh"
66
+ - "dd if="
67
+ - "sudo su"
68
+ - "chmod 777"
69
+
70
+ on_violation: cancel