@clawdstrike/openclaw 0.1.1 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +79 -3
- package/clawdstrike-security.js +1 -0
- package/dist/audit/adapter-logger.d.ts +24 -0
- package/dist/audit/adapter-logger.d.ts.map +1 -0
- package/dist/audit/adapter-logger.js +42 -0
- package/dist/audit/adapter-logger.js.map +1 -0
- package/dist/classification.d.ts +41 -0
- package/dist/classification.d.ts.map +1 -0
- package/dist/classification.js +102 -0
- package/dist/classification.js.map +1 -0
- package/dist/cli/commands/policy.js +1 -1
- package/dist/cli/commands/policy.js.map +1 -1
- package/dist/e2e/openclaw-e2e.js +3 -3
- package/dist/e2e/openclaw-e2e.js.map +1 -1
- package/dist/engine-holder.d.ts +28 -0
- package/dist/engine-holder.d.ts.map +1 -0
- package/dist/engine-holder.js +38 -0
- package/dist/engine-holder.js.map +1 -0
- package/dist/guards/egress.d.ts.map +1 -1
- package/dist/guards/egress.js +20 -1
- package/dist/guards/egress.js.map +1 -1
- package/dist/guards/forbidden-path.d.ts.map +1 -1
- package/dist/guards/forbidden-path.js +6 -0
- package/dist/guards/forbidden-path.js.map +1 -1
- package/dist/guards/secret-leak.d.ts.map +1 -1
- package/dist/guards/secret-leak.js +21 -0
- package/dist/guards/secret-leak.js.map +1 -1
- package/dist/hooks/agent-bootstrap/handler.d.ts +4 -0
- package/dist/hooks/agent-bootstrap/handler.d.ts.map +1 -1
- package/dist/hooks/agent-bootstrap/handler.js +7 -7
- package/dist/hooks/agent-bootstrap/handler.js.map +1 -1
- package/dist/hooks/approval-state.d.ts +31 -0
- package/dist/hooks/approval-state.d.ts.map +1 -0
- package/dist/hooks/approval-state.js +189 -0
- package/dist/hooks/approval-state.js.map +1 -0
- package/dist/hooks/approval-utils.d.ts +5 -0
- package/dist/hooks/approval-utils.d.ts.map +1 -0
- package/dist/hooks/approval-utils.js +77 -0
- package/dist/hooks/approval-utils.js.map +1 -0
- package/dist/hooks/audit-logger/handler.d.ts +4 -0
- package/dist/hooks/audit-logger/handler.d.ts.map +1 -1
- package/dist/hooks/audit-logger/handler.js +4 -0
- package/dist/hooks/audit-logger/handler.js.map +1 -1
- package/dist/hooks/cua-bridge/handler.d.ts +57 -0
- package/dist/hooks/cua-bridge/handler.d.ts.map +1 -0
- package/dist/hooks/cua-bridge/handler.js +369 -0
- package/dist/hooks/cua-bridge/handler.js.map +1 -0
- package/dist/hooks/tool-guard/handler.d.ts +17 -2
- package/dist/hooks/tool-guard/handler.d.ts.map +1 -1
- package/dist/hooks/tool-guard/handler.js +200 -75
- package/dist/hooks/tool-guard/handler.js.map +1 -1
- package/dist/hooks/tool-preflight/handler.d.ts +34 -0
- package/dist/hooks/tool-preflight/handler.d.ts.map +1 -0
- package/dist/hooks/tool-preflight/handler.js +426 -0
- package/dist/hooks/tool-preflight/handler.js.map +1 -0
- package/dist/index.d.ts +8 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +9 -0
- package/dist/index.js.map +1 -1
- package/dist/openclaw-adapter.d.ts +48 -0
- package/dist/openclaw-adapter.d.ts.map +1 -0
- package/dist/openclaw-adapter.js +81 -0
- package/dist/openclaw-adapter.js.map +1 -0
- package/dist/plugin.d.ts +40 -1
- package/dist/plugin.d.ts.map +1 -1
- package/dist/plugin.js +125 -32
- package/dist/plugin.js.map +1 -1
- package/dist/policy/engine.d.ts +5 -0
- package/dist/policy/engine.d.ts.map +1 -1
- package/dist/policy/engine.js +580 -84
- package/dist/policy/engine.js.map +1 -1
- package/dist/policy/loader.js +57 -0
- package/dist/policy/loader.js.map +1 -1
- package/dist/policy/validator.d.ts.map +1 -1
- package/dist/policy/validator.js +97 -3
- package/dist/policy/validator.js.map +1 -1
- package/dist/receipt/signer.d.ts +42 -0
- package/dist/receipt/signer.d.ts.map +1 -0
- package/dist/receipt/signer.js +134 -0
- package/dist/receipt/signer.js.map +1 -0
- package/dist/receipt/types.d.ts +50 -0
- package/dist/receipt/types.d.ts.map +1 -0
- package/dist/receipt/types.js +9 -0
- package/dist/receipt/types.js.map +1 -0
- package/dist/security-prompt.js +1 -1
- package/dist/tools/policy-check.d.ts +2 -2
- package/dist/tools/policy-check.d.ts.map +1 -1
- package/dist/tools/policy-check.js +4 -7
- package/dist/tools/policy-check.js.map +1 -1
- package/dist/translator/openclaw-translator.d.ts +31 -0
- package/dist/translator/openclaw-translator.d.ts.map +1 -0
- package/dist/translator/openclaw-translator.js +314 -0
- package/dist/translator/openclaw-translator.js.map +1 -0
- package/dist/types.d.ts +86 -170
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +4 -0
- package/dist/types.js.map +1 -1
- package/package.json +5 -3
- package/rulesets/ai-agent-minimal.yaml +25 -0
- package/rulesets/ai-agent.yaml +25 -0
|
@@ -0,0 +1,426 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @clawdstrike/openclaw - Tool Pre-flight Hook Handler
|
|
3
|
+
*
|
|
4
|
+
* Intercepts tool calls BEFORE execution and enforces security policy
|
|
5
|
+
* on risky operations (filesystem access, command execution, patch apply, egress).
|
|
6
|
+
*
|
|
7
|
+
* Most read-only operations are skipped here and handled by the post-execution
|
|
8
|
+
* tool-guard hook for output sanitization, but we still preflight-check
|
|
9
|
+
* forbidden paths when a read targets a sensitive location.
|
|
10
|
+
*/
|
|
11
|
+
import { initializeEngine, getSharedEngine } from '../../engine-holder.js';
|
|
12
|
+
import { peekApproval, recordApproval } from '../approval-state.js';
|
|
13
|
+
import { extractPath, normalizeApprovalResource } from '../approval-utils.js';
|
|
14
|
+
import { tokenize, classifyTool, NETWORK_TOKENS, DESTRUCTIVE_EVENT_MAP, } from '../../classification.js';
|
|
15
|
+
/**
|
|
16
|
+
* Initialize the hook with configuration.
|
|
17
|
+
* Delegates to the shared engine holder so all hooks share one PolicyEngine.
|
|
18
|
+
*/
|
|
19
|
+
export function initialize(config) {
|
|
20
|
+
initializeEngine(config);
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* Get or create the policy engine.
|
|
24
|
+
* Delegates to the shared engine holder.
|
|
25
|
+
*/
|
|
26
|
+
export function getEngine(config) {
|
|
27
|
+
return getSharedEngine(config);
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Infer the event type for a tool based on its name tokens and parameters.
|
|
31
|
+
*
|
|
32
|
+
* Returns null for confirmed read-only tools that do not appear to touch the filesystem.
|
|
33
|
+
* Unknown/unclassified tools are still evaluated (best-effort inference).
|
|
34
|
+
*/
|
|
35
|
+
function inferPolicyEventType(toolName, params) {
|
|
36
|
+
const tokens = tokenize(toolName);
|
|
37
|
+
const classification = classifyTool(tokens);
|
|
38
|
+
if (classification === 'read_only') {
|
|
39
|
+
// Read-only tools can still be risky if they touch forbidden paths OR perform network egress.
|
|
40
|
+
// Do not skip preflight egress checks (eg. web_search/http_get) just because the tool name
|
|
41
|
+
// contains a read-only token like "get" or "search".
|
|
42
|
+
if (tokens.some(t => NETWORK_TOKENS.has(t)) || looksLikeNetworkEgress(params)) {
|
|
43
|
+
return 'network_egress';
|
|
44
|
+
}
|
|
45
|
+
// If it looks like a filesystem read, evaluate it as file_read.
|
|
46
|
+
const p = extractPath(params);
|
|
47
|
+
if (p)
|
|
48
|
+
return 'file_read';
|
|
49
|
+
return null;
|
|
50
|
+
}
|
|
51
|
+
// Check specific destructive event types
|
|
52
|
+
for (const { tokens: matchTokens, eventType } of DESTRUCTIVE_EVENT_MAP) {
|
|
53
|
+
if (tokens.some(t => matchTokens.has(t))) {
|
|
54
|
+
return eventType;
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
// Check network tokens
|
|
58
|
+
if (tokens.some(t => NETWORK_TOKENS.has(t))) {
|
|
59
|
+
return 'network_egress';
|
|
60
|
+
}
|
|
61
|
+
// Unknown/unclassified tools: infer from parameters (do not skip).
|
|
62
|
+
if (looksLikePatchApply(params))
|
|
63
|
+
return 'patch_apply';
|
|
64
|
+
if (looksLikeCommandExec(params))
|
|
65
|
+
return 'command_exec';
|
|
66
|
+
if (looksLikeNetworkEgress(params))
|
|
67
|
+
return 'network_egress';
|
|
68
|
+
const p = extractPath(params);
|
|
69
|
+
if (p) {
|
|
70
|
+
return looksLikeFileWrite(params) ? 'file_write' : 'file_read';
|
|
71
|
+
}
|
|
72
|
+
// Fall back to tool_call so tool allow/deny lists and defense-in-depth checks can run.
|
|
73
|
+
return 'tool_call';
|
|
74
|
+
}
|
|
75
|
+
/**
|
|
76
|
+
* Build a PolicyEvent from pre-execution context
|
|
77
|
+
*/
|
|
78
|
+
function buildPolicyEvent(sessionId, toolName, params, eventType) {
|
|
79
|
+
const eventId = `preflight-${sessionId}-${Date.now()}-${crypto.randomUUID()}`;
|
|
80
|
+
const timestamp = new Date().toISOString();
|
|
81
|
+
switch (eventType) {
|
|
82
|
+
case 'file_read': {
|
|
83
|
+
const path = extractPath(params) ?? '';
|
|
84
|
+
return {
|
|
85
|
+
eventId,
|
|
86
|
+
eventType: 'file_read',
|
|
87
|
+
timestamp,
|
|
88
|
+
sessionId,
|
|
89
|
+
data: { type: 'file', path, operation: 'read' },
|
|
90
|
+
metadata: { toolName, preflight: true },
|
|
91
|
+
};
|
|
92
|
+
}
|
|
93
|
+
case 'file_write': {
|
|
94
|
+
const path = extractPath(params) ?? '';
|
|
95
|
+
return {
|
|
96
|
+
eventId,
|
|
97
|
+
eventType: 'file_write',
|
|
98
|
+
timestamp,
|
|
99
|
+
sessionId,
|
|
100
|
+
data: { type: 'file', path, operation: 'write', content: typeof params.content === 'string' ? params.content : undefined },
|
|
101
|
+
metadata: { toolName, preflight: true },
|
|
102
|
+
};
|
|
103
|
+
}
|
|
104
|
+
case 'command_exec': {
|
|
105
|
+
const cmdLine = typeof params.command === 'string'
|
|
106
|
+
? params.command
|
|
107
|
+
: typeof params.cmd === 'string'
|
|
108
|
+
? params.cmd
|
|
109
|
+
: '';
|
|
110
|
+
// Some tools pass argv-style params (args/argv) instead of a shell command line.
|
|
111
|
+
const argv = Array.isArray(params.argv) && params.argv.every((a) => typeof a === 'string')
|
|
112
|
+
? params.argv
|
|
113
|
+
: Array.isArray(params.args) && params.args.every((a) => typeof a === 'string')
|
|
114
|
+
? params.args
|
|
115
|
+
: null;
|
|
116
|
+
let command = '';
|
|
117
|
+
let args = [];
|
|
118
|
+
if (cmdLine.trim()) {
|
|
119
|
+
const parts = cmdLine.trim().split(/\s+/).filter(Boolean);
|
|
120
|
+
command = parts[0] ?? '';
|
|
121
|
+
const inlineArgs = parts.slice(1);
|
|
122
|
+
if (inlineArgs.length > 0) {
|
|
123
|
+
// Treat `command`/`cmd` as the full command line when it includes args.
|
|
124
|
+
args = inlineArgs;
|
|
125
|
+
}
|
|
126
|
+
else if (argv && argv.length > 0) {
|
|
127
|
+
// Otherwise, if args/argv is present, treat it as args unless it redundantly includes the command.
|
|
128
|
+
args = argv[0] === command ? argv.slice(1) : argv;
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
else if (argv && argv.length > 0) {
|
|
132
|
+
[command, ...args] = argv;
|
|
133
|
+
}
|
|
134
|
+
return {
|
|
135
|
+
eventId,
|
|
136
|
+
eventType: 'command_exec',
|
|
137
|
+
timestamp,
|
|
138
|
+
sessionId,
|
|
139
|
+
data: { type: 'command', command, args },
|
|
140
|
+
metadata: { toolName, preflight: true },
|
|
141
|
+
};
|
|
142
|
+
}
|
|
143
|
+
case 'patch_apply': {
|
|
144
|
+
const filePath = typeof params.filePath === 'string' ? params.filePath : typeof params.path === 'string' ? params.path : '';
|
|
145
|
+
const patchContent = typeof params.patch === 'string' ? params.patch : typeof params.content === 'string' ? params.content : '';
|
|
146
|
+
return {
|
|
147
|
+
eventId,
|
|
148
|
+
eventType: 'patch_apply',
|
|
149
|
+
timestamp,
|
|
150
|
+
sessionId,
|
|
151
|
+
data: { type: 'patch', filePath, patchContent },
|
|
152
|
+
metadata: { toolName, preflight: true },
|
|
153
|
+
};
|
|
154
|
+
}
|
|
155
|
+
case 'network_egress': {
|
|
156
|
+
const { host, port, url } = extractNetworkInfo(params);
|
|
157
|
+
return {
|
|
158
|
+
eventId,
|
|
159
|
+
eventType: 'network_egress',
|
|
160
|
+
timestamp,
|
|
161
|
+
sessionId,
|
|
162
|
+
data: { type: 'network', host, port, url },
|
|
163
|
+
metadata: { toolName, preflight: true },
|
|
164
|
+
};
|
|
165
|
+
}
|
|
166
|
+
default: {
|
|
167
|
+
return {
|
|
168
|
+
eventId,
|
|
169
|
+
eventType: 'tool_call',
|
|
170
|
+
timestamp,
|
|
171
|
+
sessionId,
|
|
172
|
+
data: { type: 'tool', toolName, parameters: params },
|
|
173
|
+
metadata: { toolName, preflight: true },
|
|
174
|
+
};
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
function extractNetworkInfo(params) {
|
|
179
|
+
const url = typeof params.url === 'string' ? params.url
|
|
180
|
+
: typeof params.endpoint === 'string' ? params.endpoint
|
|
181
|
+
: typeof params.href === 'string' ? params.href
|
|
182
|
+
: undefined;
|
|
183
|
+
if (url) {
|
|
184
|
+
try {
|
|
185
|
+
const parsed = new URL(url);
|
|
186
|
+
return {
|
|
187
|
+
host: parsed.hostname,
|
|
188
|
+
port: parsed.port
|
|
189
|
+
? parseInt(parsed.port, 10)
|
|
190
|
+
: (parsed.protocol === 'https:' || parsed.protocol === 'wss:' ? 443 : 80),
|
|
191
|
+
url,
|
|
192
|
+
};
|
|
193
|
+
}
|
|
194
|
+
catch {
|
|
195
|
+
// Not a valid URL
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
const host = typeof params.host === 'string'
|
|
199
|
+
? params.host
|
|
200
|
+
: typeof params.hostname === 'string'
|
|
201
|
+
? params.hostname
|
|
202
|
+
: 'unknown';
|
|
203
|
+
const port = typeof params.port === 'number' ? params.port : 80;
|
|
204
|
+
return { host, port, url };
|
|
205
|
+
}
|
|
206
|
+
function looksLikePatchApply(params) {
|
|
207
|
+
return typeof params.patch === 'string'
|
|
208
|
+
|| typeof params.diff === 'string'
|
|
209
|
+
|| typeof params.patchContent === 'string';
|
|
210
|
+
}
|
|
211
|
+
function looksLikeCommandExec(params) {
|
|
212
|
+
if (typeof params.command === 'string' || typeof params.cmd === 'string')
|
|
213
|
+
return true;
|
|
214
|
+
if (Array.isArray(params.args) && params.args.every((a) => typeof a === 'string'))
|
|
215
|
+
return true;
|
|
216
|
+
if (Array.isArray(params.argv) && params.argv.every((a) => typeof a === 'string'))
|
|
217
|
+
return true;
|
|
218
|
+
return false;
|
|
219
|
+
}
|
|
220
|
+
function looksLikeNetworkEgress(params) {
|
|
221
|
+
if (typeof params.url === 'string' || typeof params.endpoint === 'string' || typeof params.href === 'string')
|
|
222
|
+
return true;
|
|
223
|
+
if (typeof params.host === 'string' || typeof params.hostname === 'string')
|
|
224
|
+
return true;
|
|
225
|
+
return false;
|
|
226
|
+
}
|
|
227
|
+
function looksLikeFileWrite(params) {
|
|
228
|
+
// Common write payload keys used by various tool APIs.
|
|
229
|
+
if (typeof params.content === 'string')
|
|
230
|
+
return true;
|
|
231
|
+
if (typeof params.text === 'string')
|
|
232
|
+
return true;
|
|
233
|
+
if (typeof params.contentBase64 === 'string')
|
|
234
|
+
return true;
|
|
235
|
+
if (typeof params.base64 === 'string')
|
|
236
|
+
return true;
|
|
237
|
+
if (typeof params.patch === 'string' || typeof params.diff === 'string')
|
|
238
|
+
return true;
|
|
239
|
+
if (typeof params.operation === 'string') {
|
|
240
|
+
const op = params.operation.toLowerCase();
|
|
241
|
+
if (op === 'write' || op === 'append' || op === 'delete' || op === 'remove' || op === 'truncate')
|
|
242
|
+
return true;
|
|
243
|
+
}
|
|
244
|
+
return false;
|
|
245
|
+
}
|
|
246
|
+
// Approval flow:
|
|
247
|
+
// 1. Pre-flight guard denies a non-critical action
|
|
248
|
+
// 2. If the agent's approval API is configured (CLAWDSTRIKE_APPROVAL_URL env),
|
|
249
|
+
// submit an approval request and poll for resolution
|
|
250
|
+
// 3. If no approval system configured or timeout, deny immediately
|
|
251
|
+
//
|
|
252
|
+
// The desktop agent's ApprovalQueue (/api/v1/approval/*) surfaces these
|
|
253
|
+
// to users via OS notifications and tray menu. The OpenClaw gateway
|
|
254
|
+
// exec_approval_queue is a separate system for gateway-specific flows.
|
|
255
|
+
const APPROVAL_POLL_INTERVAL_MS = 1_000;
|
|
256
|
+
const APPROVAL_POLL_TIMEOUT_MS = 60_000;
|
|
257
|
+
/**
|
|
258
|
+
* Submit an approval request and poll until resolved or expired.
|
|
259
|
+
* Returns the resolved approval status if the user approved, null otherwise.
|
|
260
|
+
*/
|
|
261
|
+
async function requestApproval(details) {
|
|
262
|
+
const approvalUrl = process.env.CLAWDSTRIKE_APPROVAL_URL;
|
|
263
|
+
if (!approvalUrl) {
|
|
264
|
+
return null;
|
|
265
|
+
}
|
|
266
|
+
const token = process.env.CLAWDSTRIKE_AGENT_TOKEN;
|
|
267
|
+
if (!token) {
|
|
268
|
+
console.warn('[clawdstrike] CLAWDSTRIKE_APPROVAL_URL is set but CLAWDSTRIKE_AGENT_TOKEN is missing — skipping approval request');
|
|
269
|
+
return null;
|
|
270
|
+
}
|
|
271
|
+
const authHeaders = {
|
|
272
|
+
'Content-Type': 'application/json',
|
|
273
|
+
'Authorization': 'Bearer ' + token,
|
|
274
|
+
};
|
|
275
|
+
let id;
|
|
276
|
+
try {
|
|
277
|
+
const submitRes = await fetch(`${approvalUrl}/api/v1/approval/request`, {
|
|
278
|
+
method: 'POST',
|
|
279
|
+
headers: authHeaders,
|
|
280
|
+
signal: AbortSignal.timeout(10_000),
|
|
281
|
+
body: JSON.stringify({
|
|
282
|
+
tool: details.toolName,
|
|
283
|
+
resource: details.resource,
|
|
284
|
+
guard: details.guard,
|
|
285
|
+
reason: details.reason,
|
|
286
|
+
severity: details.severity,
|
|
287
|
+
session_id: details.sessionId,
|
|
288
|
+
}),
|
|
289
|
+
});
|
|
290
|
+
if (!submitRes.ok) {
|
|
291
|
+
return null;
|
|
292
|
+
}
|
|
293
|
+
const body = (await submitRes.json());
|
|
294
|
+
id = body.id;
|
|
295
|
+
}
|
|
296
|
+
catch {
|
|
297
|
+
return null;
|
|
298
|
+
}
|
|
299
|
+
const deadline = Date.now() + APPROVAL_POLL_TIMEOUT_MS;
|
|
300
|
+
while (Date.now() < deadline) {
|
|
301
|
+
await new Promise((resolve) => setTimeout(resolve, APPROVAL_POLL_INTERVAL_MS));
|
|
302
|
+
try {
|
|
303
|
+
const pollRes = await fetch(`${approvalUrl}/api/v1/approval/${id}/status`, {
|
|
304
|
+
headers: { 'Authorization': 'Bearer ' + token },
|
|
305
|
+
signal: AbortSignal.timeout(10_000),
|
|
306
|
+
});
|
|
307
|
+
if (!pollRes.ok) {
|
|
308
|
+
return null;
|
|
309
|
+
}
|
|
310
|
+
const status = (await pollRes.json());
|
|
311
|
+
if (status.status === 'resolved') {
|
|
312
|
+
if (status.resolution !== null && status.resolution !== 'deny') {
|
|
313
|
+
return status;
|
|
314
|
+
}
|
|
315
|
+
return null;
|
|
316
|
+
}
|
|
317
|
+
if (status.status === 'expired') {
|
|
318
|
+
return null;
|
|
319
|
+
}
|
|
320
|
+
}
|
|
321
|
+
catch {
|
|
322
|
+
return null;
|
|
323
|
+
}
|
|
324
|
+
}
|
|
325
|
+
return null;
|
|
326
|
+
}
|
|
327
|
+
/**
|
|
328
|
+
* Hook handler for tool_call (pre-execution) events.
|
|
329
|
+
*
|
|
330
|
+
* If the tool is destructive, evaluates the policy engine.
|
|
331
|
+
* On deny: submits an approval request if the approval API is configured,
|
|
332
|
+
* and blocks unless the user approves.
|
|
333
|
+
* On warn: adds a warning message but allows execution.
|
|
334
|
+
* On allow / read-only: no-op.
|
|
335
|
+
*/
|
|
336
|
+
const handler = async (event, hookCtx) => {
|
|
337
|
+
const isModernBeforeToolCallEvent = (value) => {
|
|
338
|
+
if (value && typeof value === 'object' && 'type' in value)
|
|
339
|
+
return false;
|
|
340
|
+
return Boolean(value &&
|
|
341
|
+
typeof value === 'object' &&
|
|
342
|
+
typeof value.toolName === 'string' &&
|
|
343
|
+
typeof value.params === 'object' &&
|
|
344
|
+
value.params !== null);
|
|
345
|
+
};
|
|
346
|
+
const isModern = isModernBeforeToolCallEvent(event);
|
|
347
|
+
if (!isModern) {
|
|
348
|
+
if (event.type !== 'tool_call' && event.type !== 'before_tool_call') {
|
|
349
|
+
return;
|
|
350
|
+
}
|
|
351
|
+
}
|
|
352
|
+
const legacyToolEvent = isModern ? null : event;
|
|
353
|
+
// Skip if already handled by another hook registration (e.g. before_tool_call + tool_call dual registration)
|
|
354
|
+
if (!isModern && legacyToolEvent.preventDefault)
|
|
355
|
+
return;
|
|
356
|
+
// Skip if the CUA bridge handler already evaluated this tool call.
|
|
357
|
+
// CUA tools receive specialized policy evaluation via the bridge; running
|
|
358
|
+
// the general preflight handler as well would cause double evaluation.
|
|
359
|
+
if (event.__cuaBridgeEvaluated)
|
|
360
|
+
return;
|
|
361
|
+
const toolName = isModern ? event.toolName : legacyToolEvent.context.toolCall.toolName;
|
|
362
|
+
const params = isModern ? event.params : legacyToolEvent.context.toolCall.params;
|
|
363
|
+
const sessionId = isModern
|
|
364
|
+
? (hookCtx?.sessionKey ?? hookCtx?.agentId ?? 'openclaw-runtime')
|
|
365
|
+
: legacyToolEvent.context.sessionId;
|
|
366
|
+
// Determine if this tool is destructive
|
|
367
|
+
const eventType = inferPolicyEventType(toolName, params);
|
|
368
|
+
if (eventType === null) {
|
|
369
|
+
// Confirmed read-only tool: skip pre-flight, let post-execution handle it
|
|
370
|
+
return;
|
|
371
|
+
}
|
|
372
|
+
const policyEngine = getEngine();
|
|
373
|
+
const policyEvent = buildPolicyEvent(sessionId, toolName, params, eventType);
|
|
374
|
+
const decision = await policyEngine.evaluate(policyEvent);
|
|
375
|
+
if (decision.status === 'deny') {
|
|
376
|
+
const resource = normalizeApprovalResource(policyEngine, toolName, params);
|
|
377
|
+
const guard = decision.guard ?? 'unknown';
|
|
378
|
+
const severity = decision.severity ?? 'high';
|
|
379
|
+
// If the user previously approved this exact action for this session (or globally),
|
|
380
|
+
// honor it and avoid re-prompting.
|
|
381
|
+
if (severity !== 'critical') {
|
|
382
|
+
const prior = peekApproval(sessionId, toolName, resource);
|
|
383
|
+
if (prior) {
|
|
384
|
+
if (!isModern) {
|
|
385
|
+
legacyToolEvent.messages.push(`[clawdstrike] Pre-flight check: using prior ${prior.resolution} approval for ${toolName} on ${resource}`);
|
|
386
|
+
}
|
|
387
|
+
return;
|
|
388
|
+
}
|
|
389
|
+
}
|
|
390
|
+
// If the denial is non-critical and the approval API is configured,
|
|
391
|
+
// submit an approval request and wait for user resolution.
|
|
392
|
+
if (severity !== 'critical' && process.env.CLAWDSTRIKE_APPROVAL_URL) {
|
|
393
|
+
const approvalResult = await requestApproval({
|
|
394
|
+
toolName,
|
|
395
|
+
resource,
|
|
396
|
+
guard,
|
|
397
|
+
reason: decision.reason ?? 'Policy denied',
|
|
398
|
+
severity,
|
|
399
|
+
sessionId,
|
|
400
|
+
});
|
|
401
|
+
if (approvalResult) {
|
|
402
|
+
const resolution = approvalResult.resolution;
|
|
403
|
+
recordApproval(sessionId, toolName, resource, resolution);
|
|
404
|
+
if (!isModern) {
|
|
405
|
+
legacyToolEvent.messages.push(`[clawdstrike] Pre-flight check: ${toolName} on ${resource} was approved by user`);
|
|
406
|
+
}
|
|
407
|
+
return;
|
|
408
|
+
}
|
|
409
|
+
}
|
|
410
|
+
const blockReason = `blocked ${toolName} on ${resource}${decision.reason ? ` — ${decision.reason}` : ''}`;
|
|
411
|
+
if (isModern) {
|
|
412
|
+
return { block: true, blockReason, params };
|
|
413
|
+
}
|
|
414
|
+
legacyToolEvent.preventDefault = true;
|
|
415
|
+
legacyToolEvent.messages.push(`[clawdstrike] Pre-flight check: ${blockReason}`);
|
|
416
|
+
if (legacyToolEvent.type === 'before_tool_call') {
|
|
417
|
+
return { block: true, blockReason, params };
|
|
418
|
+
}
|
|
419
|
+
return;
|
|
420
|
+
}
|
|
421
|
+
if (!isModern && decision.status === 'warn') {
|
|
422
|
+
legacyToolEvent.messages.push(`[clawdstrike] Pre-flight warning: ${decision.message ?? decision.reason ?? 'Policy warning'} (${toolName})`);
|
|
423
|
+
}
|
|
424
|
+
};
|
|
425
|
+
export default handler;
|
|
426
|
+
//# sourceMappingURL=handler.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../src/hooks/tool-preflight/handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAaH,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,cAAc,EAA+B,MAAM,sBAAsB,CAAC;AACjG,OAAO,EAAE,WAAW,EAAE,yBAAyB,EAAE,MAAM,sBAAsB,CAAC;AAC9E,OAAO,EACL,QAAQ,EACR,YAAY,EACZ,cAAc,EACd,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AAEjC;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,MAAyB;IAClD,gBAAgB,CAAC,MAAM,CAAC,CAAC;AAC3B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,SAAS,CAAC,MAA0B;IAClD,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAKD;;;;;GAKG;AACH,SAAS,oBAAoB,CAAC,QAAgB,EAAE,MAA+B;IAC7E,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAClC,MAAM,cAAc,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAE5C,IAAI,cAAc,KAAK,WAAW,EAAE,CAAC;QACnC,8FAA8F;QAC9F,2FAA2F;QAC3F,qDAAqD;QACrD,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,sBAAsB,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9E,OAAO,gBAAgB,CAAC;QAC1B,CAAC;QAED,gEAAgE;QAChE,MAAM,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QAC9B,IAAI,CAAC;YAAE,OAAO,WAAW,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yCAAyC;IACzC,KAAK,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,qBAAqB,EAAE,CAAC;QACvE,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzC,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5C,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,mEAAmE;IACnE,IAAI,mBAAmB,CAAC,MAAM,CAAC;QAAE,OAAO,aAAa,CAAC;IACtD,IAAI,oBAAoB,CAAC,MAAM,CAAC;QAAE,OAAO,cAAc,CAAC;IACxD,IAAI,sBAAsB,CAAC,MAAM,CAAC;QAAE,OAAO,gBAAgB,CAAC;IAE5D,MAAM,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAC9B,IAAI,CAAC,EAAE,CAAC;QACN,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,WAAW,CAAC;IACjE,CAAC;IAED,uFAAuF;IACvF,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CACvB,SAAiB,EACjB,QAAgB,EAChB,MAA+B,EAC/B,SAAoB;IAEpB,MAAM,OAAO,GAAG,aAAa,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;IAC9E,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE3C,QAAQ,SAAS,EAAE,CAAC;QAClB,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,MAAM,IAAI,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACvC,OAAO;gBACL,OAAO;gBACP,SAAS,EAAE,WAAW;gBACtB,SAAS;gBACT,SAAS;gBACT,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE;gBAC/C,QAAQ,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE;aACxC,CAAC;QACJ,CAAC;QACD,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,MAAM,IAAI,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACvC,OAAO;gBACL,OAAO;gBACP,SAAS,EAAE,YAAY;gBACvB,SAAS;gBACT,SAAS;gBACT,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE;gBAC1H,QAAQ,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE;aACxC,CAAC;QACJ,CAAC;QACD,KAAK,cAAc,CAAC,CAAC,CAAC;YACpB,MAAM,OAAO,GACX,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ;gBAChC,CAAC,CAAC,MAAM,CAAC,OAAO;gBAChB,CAAC,CAAC,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;oBAC9B,CAAC,CAAC,MAAM,CAAC,GAAG;oBACZ,CAAC,CAAC,EAAE,CAAC;YAEX,iFAAiF;YACjF,MAAM,IAAI,GACR,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;gBAC3E,CAAC,CAAE,MAAM,CAAC,IAAiB;gBAC3B,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;oBAC7E,CAAC,CAAE,MAAM,CAAC,IAAiB;oBAC3B,CAAC,CAAC,IAAI,CAAC;YAEb,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,IAAI,GAAa,EAAE,CAAC;YAExB,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBACnB,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAC1D,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBACzB,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAElC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC1B,wEAAwE;oBACxE,IAAI,GAAG,UAAU,CAAC;gBACpB,CAAC;qBAAM,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACnC,mGAAmG;oBACnG,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBACpD,CAAC;YACH,CAAC;iBAAM,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACnC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;YAC5B,CAAC;YACD,OAAO;gBACL,OAAO;gBACP,SAAS,EAAE,cAAc;gBACzB,SAAS;gBACT,SAAS;gBACT,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE;gBACxC,QAAQ,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE;aACxC,CAAC;QACJ,CAAC;QACD,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,MAAM,QAAQ,GAAG,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5H,MAAM,YAAY,GAAG,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YAChI,OAAO;gBACL,OAAO;gBACP,SAAS,EAAE,aAAa;gBACxB,SAAS;gBACT,SAAS;gBACT,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE;gBAC/C,QAAQ,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE;aACxC,CAAC;QACJ,CAAC;QACD,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACvD,OAAO;gBACL,OAAO;gBACP,SAAS,EAAE,gBAAgB;gBAC3B,SAAS;gBACT,SAAS;gBACT,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE;gBAC1C,QAAQ,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE;aACxC,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;YACR,OAAO;gBACL,OAAO;gBACP,SAAS,EAAE,WAAW;gBACtB,SAAS;gBACT,SAAS;gBACT,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE;gBACpD,QAAQ,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE;aACxC,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,MAA+B;IACzD,MAAM,GAAG,GAAG,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG;QACrD,CAAC,CAAC,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ;YACvD,CAAC,CAAC,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI;gBAC/C,CAAC,CAAC,SAAS,CAAC;IACd,IAAI,GAAG,EAAE,CAAC;QACR,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAC5B,OAAO;gBACL,IAAI,EAAE,MAAM,CAAC,QAAQ;gBACrB,IAAI,EAAE,MAAM,CAAC,IAAI;oBACf,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;oBAC3B,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3E,GAAG;aACJ,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,kBAAkB;QACpB,CAAC;IACH,CAAC;IACD,MAAM,IAAI,GACR,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;QAC7B,CAAC,CAAC,MAAM,CAAC,IAAI;QACb,CAAC,CAAC,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ;YACnC,CAAC,CAAC,MAAM,CAAC,QAAQ;YACjB,CAAC,CAAC,SAAS,CAAC;IAClB,MAAM,IAAI,GAAG,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IAChE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;AAC7B,CAAC;AAED,SAAS,mBAAmB,CAAC,MAA+B;IAC1D,OAAO,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ;WAClC,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;WAC/B,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ,CAAC;AAC/C,CAAC;AAED,SAAS,oBAAoB,CAAC,MAA+B;IAC3D,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACtF,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/F,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/F,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,sBAAsB,CAAC,MAA+B;IAC7D,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC1H,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACxF,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,kBAAkB,CAAC,MAA+B;IACzD,uDAAuD;IACvD,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACpD,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,OAAO,MAAM,CAAC,aAAa,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC1D,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACrF,IAAI,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QACzC,MAAM,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QAC1C,IAAI,EAAE,KAAK,OAAO,IAAI,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,UAAU;YAAE,OAAO,IAAI,CAAC;IAChH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,iBAAiB;AACjB,mDAAmD;AACnD,+EAA+E;AAC/E,wDAAwD;AACxD,mEAAmE;AACnE,EAAE;AACF,wEAAwE;AACxE,oEAAoE;AACpE,uEAAuE;AAEvE,MAAM,yBAAyB,GAAG,KAAK,CAAC;AACxC,MAAM,wBAAwB,GAAG,MAAM,CAAC;AAaxC;;;GAGG;AACH,KAAK,UAAU,eAAe,CAAC,OAO9B;IACC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;IACzD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IAClD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,IAAI,CAAC,kHAAkH,CAAC,CAAC;QACjI,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG;QAClB,cAAc,EAAE,kBAAkB;QAClC,eAAe,EAAE,SAAS,GAAG,KAAK;KACnC,CAAC;IAEF,IAAI,EAAU,CAAC;IACf,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,0BAA0B,EAAE;YACtE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,WAAW;YACpB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;YACnC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,IAAI,EAAE,OAAO,CAAC,QAAQ;gBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,UAAU,EAAE,OAAO,CAAC,SAAS;aAC9B,CAAC;SACH,CAAC,CAAC;QACH,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,EAAE,CAA2B,CAAC;QAChE,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,wBAAwB,CAAC;IACvD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,yBAAyB,CAAC,CAAC,CAAC;QAE/E,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,oBAAoB,EAAE,SAAS,EAAE;gBACzE,OAAO,EAAE,EAAE,eAAe,EAAE,SAAS,GAAG,KAAK,EAAE;gBAC/C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;aACpC,CAAC,CAAC;YACH,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;gBAChB,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,MAAM,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAA2B,CAAC;YAEhE,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;gBACjC,IAAI,MAAM,CAAC,UAAU,KAAK,IAAI,IAAI,MAAM,CAAC,UAAU,KAAK,MAAM,EAAE,CAAC;oBAC/D,OAAO,MAAM,CAAC;gBAChB,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAChC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,OAAO,GAAgB,KAAK,EAChC,KAA0C,EAC1C,OAA6B,EACa,EAAE;IAC5C,MAAM,2BAA2B,GAAG,CAAC,KAA0C,EAAoC,EAAE;QACnH,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;QACxE,OAAO,OAAO,CACZ,KAAK;YACL,OAAO,KAAK,KAAK,QAAQ;YACzB,OAAQ,KAAgC,CAAC,QAAQ,KAAK,QAAQ;YAC9D,OAAQ,KAA8B,CAAC,MAAM,KAAK,QAAQ;YACzD,KAA8B,CAAC,MAAM,KAAK,IAAI,CAChD,CAAC;IACJ,CAAC,CAAC;IAEF,MAAM,QAAQ,GAAG,2BAA2B,CAAC,KAAK,CAAC,CAAC;IACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YACpE,OAAO;QACT,CAAC;IACH,CAAC;IAED,MAAM,eAAe,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAsB,CAAC;IAEjE,6GAA6G;IAC7G,IAAI,CAAC,QAAQ,IAAI,eAAgB,CAAC,cAAc;QAAE,OAAO;IAEzD,mEAAmE;IACnE,0EAA0E;IAC1E,uEAAuE;IACvE,IAAK,KAAa,CAAC,oBAAoB;QAAE,OAAO;IAEhD,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,eAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACxF,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,eAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;IAClF,MAAM,SAAS,GAAG,QAAQ;QACxB,CAAC,CAAC,CAAC,OAAO,EAAE,UAAU,IAAI,OAAO,EAAE,OAAO,IAAI,kBAAkB,CAAC;QACjE,CAAC,CAAC,eAAgB,CAAC,OAAO,CAAC,SAAS,CAAC;IAEvC,wCAAwC;IACxC,MAAM,SAAS,GAAG,oBAAoB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACzD,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,0EAA0E;QAC1E,OAAO;IACT,CAAC;IAED,MAAM,YAAY,GAAG,SAAS,EAAE,CAAC;IACjC,MAAM,WAAW,GAAG,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAC7E,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAE1D,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,yBAAyB,CAAC,YAAY,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC3E,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,IAAI,SAAS,CAAC;QAC1C,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,IAAI,MAAM,CAAC;QAE7C,oFAAoF;QACpF,mCAAmC;QACnC,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,YAAY,CAAC,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC1D,IAAI,KAAK,EAAE,CAAC;gBACV,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACd,eAAgB,CAAC,QAAQ,CAAC,IAAI,CAC5B,+CAA+C,KAAK,CAAC,UAAU,iBAAiB,QAAQ,OAAO,QAAQ,EAAE,CAC1G,CAAC;gBACJ,CAAC;gBACD,OAAO;YACT,CAAC;QACH,CAAC;QAED,oEAAoE;QACpE,2DAA2D;QAC3D,IAAI,QAAQ,KAAK,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,CAAC;YACpE,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC;gBAC3C,QAAQ;gBACR,QAAQ;gBACR,KAAK;gBACL,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,eAAe;gBAC1C,QAAQ;gBACR,SAAS;aACV,CAAC,CAAC;YACH,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,UAAU,GAAG,cAAc,CAAC,UAAoC,CAAC;gBACvE,cAAc,CAAC,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;gBAC1D,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACd,eAAgB,CAAC,QAAQ,CAAC,IAAI,CAC5B,mCAAmC,QAAQ,OAAO,QAAQ,uBAAuB,CAClF,CAAC;gBACJ,CAAC;gBACD,OAAO;YACT,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GACf,WAAW,QAAQ,OAAO,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QACxF,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC;QAC9C,CAAC;QACD,eAAgB,CAAC,cAAc,GAAG,IAAI,CAAC;QACvC,eAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,mCAAmC,WAAW,EAAE,CAAC,CAAC;QACjF,IAAI,eAAgB,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YACjD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC;QAC9C,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC5C,eAAgB,CAAC,QAAQ,CAAC,IAAI,CAC5B,qCAAqC,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,MAAM,IAAI,gBAAgB,KAAK,QAAQ,GAAG,CAC7G,CAAC;IACJ,CAAC;AACH,CAAC,CAAC;AAEF,eAAe,OAAO,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,10 +1,17 @@
|
|
|
1
1
|
export { PolicyEngine } from './policy/engine.js';
|
|
2
2
|
export { validatePolicy } from './policy/validator.js';
|
|
3
3
|
export { loadPolicy, loadPolicyFromString, PolicyLoadError } from './policy/loader.js';
|
|
4
|
-
export type { Decision, EvaluationMode, ClawdstrikeConfig, Policy, PolicyEvent, PolicyLintResult, } from './types.js';
|
|
4
|
+
export type { Decision, EvaluationMode, ClawdstrikeConfig, Policy, PolicyEvent, PolicyLintResult, ToolCallEvent, } from './types.js';
|
|
5
5
|
export { generateSecurityPrompt } from './security-prompt.js';
|
|
6
6
|
export { checkPolicy, policyCheckTool } from './tools/policy-check.js';
|
|
7
7
|
export { default as agentBootstrapHandler } from './hooks/agent-bootstrap/handler.js';
|
|
8
|
+
export { default as toolPreflightHandler } from './hooks/tool-preflight/handler.js';
|
|
9
|
+
export { default as cuaBridgeHandler, isCuaToolCall, CUA_ERROR_CODES } from './hooks/cua-bridge/handler.js';
|
|
8
10
|
export { AuditStore, type AuditEvent } from './audit/store.js';
|
|
11
|
+
export { OpenClawAuditLogger, type OpenClawAuditLoggerOptions } from './audit/adapter-logger.js';
|
|
9
12
|
export { registerCli, createCli } from './cli/index.js';
|
|
13
|
+
export { ReceiptSigner } from './receipt/signer.js';
|
|
14
|
+
export type { DecisionReceipt, ReceiptSignerConfig } from './receipt/types.js';
|
|
15
|
+
export { openclawTranslator, composeOpenClawConfig } from './translator/openclaw-translator.js';
|
|
16
|
+
export { OpenClawAdapter, type OpenClawAdapterOptions } from './openclaw-adapter.js';
|
|
10
17
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACvF,YAAY,EACV,QAAQ,EACR,cAAc,EACd,iBAAiB,EACjB,MAAM,EACN,WAAW,EACX,gBAAgB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACvF,YAAY,EACV,QAAQ,EACR,cAAc,EACd,iBAAiB,EACjB,MAAM,EACN,WAAW,EACX,gBAAgB,EAChB,aAAa,GACd,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAG9D,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAGvE,OAAO,EAAE,OAAO,IAAI,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AACtF,OAAO,EAAE,OAAO,IAAI,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACpF,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAG5G,OAAO,EAAE,UAAU,EAAE,KAAK,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,KAAK,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AAGjG,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAGxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,YAAY,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAG/E,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAGhG,OAAO,EAAE,eAAe,EAAE,KAAK,sBAAsB,EAAE,MAAM,uBAAuB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -8,8 +8,17 @@ export { generateSecurityPrompt } from './security-prompt.js';
|
|
|
8
8
|
export { checkPolicy, policyCheckTool } from './tools/policy-check.js';
|
|
9
9
|
// Hooks
|
|
10
10
|
export { default as agentBootstrapHandler } from './hooks/agent-bootstrap/handler.js';
|
|
11
|
+
export { default as toolPreflightHandler } from './hooks/tool-preflight/handler.js';
|
|
12
|
+
export { default as cuaBridgeHandler, isCuaToolCall, CUA_ERROR_CODES } from './hooks/cua-bridge/handler.js';
|
|
11
13
|
// Audit
|
|
12
14
|
export { AuditStore } from './audit/store.js';
|
|
15
|
+
export { OpenClawAuditLogger } from './audit/adapter-logger.js';
|
|
13
16
|
// CLI
|
|
14
17
|
export { registerCli, createCli } from './cli/index.js';
|
|
18
|
+
// Receipt/Attestation
|
|
19
|
+
export { ReceiptSigner } from './receipt/signer.js';
|
|
20
|
+
// Translator
|
|
21
|
+
export { openclawTranslator, composeOpenClawConfig } from './translator/openclaw-translator.js';
|
|
22
|
+
// Adapter (FrameworkAdapter interface from @clawdstrike/adapter-core)
|
|
23
|
+
export { OpenClawAdapter } from './openclaw-adapter.js';
|
|
15
24
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,SAAS;AACT,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,SAAS;AACT,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAWvF,kBAAkB;AAClB,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAE9D,QAAQ;AACR,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAEvE,QAAQ;AACR,OAAO,EAAE,OAAO,IAAI,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AACtF,OAAO,EAAE,OAAO,IAAI,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACpF,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAE5G,QAAQ;AACR,OAAO,EAAE,UAAU,EAAmB,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAmC,MAAM,2BAA2B,CAAC;AAEjG,MAAM;AACN,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAExD,sBAAsB;AACtB,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGpD,aAAa;AACb,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAEhG,sEAAsE;AACtE,OAAO,EAAE,eAAe,EAA+B,MAAM,uBAAuB,CAAC"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
import type { AdapterConfig, AuditLogger, FrameworkAdapter, FrameworkHooks, GenericToolCall, InterceptResult, PolicyEngineLike, ProcessedOutput, SecurityContext, SessionSummary } from '@clawdstrike/adapter-core';
|
|
2
|
+
import { PolicyEngine } from './policy/engine.js';
|
|
3
|
+
export interface OpenClawAdapterOptions extends AdapterConfig {
|
|
4
|
+
auditLogger?: AuditLogger;
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* OpenClawAdapter implements the standard `FrameworkAdapter` interface from
|
|
8
|
+
* `@clawdstrike/adapter-core`, providing a unified entry point that follows
|
|
9
|
+
* the same pattern as the Claude, Vercel AI, LangChain, and other adapters.
|
|
10
|
+
*
|
|
11
|
+
* It delegates to the existing openclaw `PolicyEngine` for all security
|
|
12
|
+
* evaluation while layering on the adapter-core interceptor, audit, and
|
|
13
|
+
* context-management infrastructure.
|
|
14
|
+
*
|
|
15
|
+
* Audit logging is enabled by default. Pass `auditLogger` to supply a custom
|
|
16
|
+
* logger, or rely on the built-in `OpenClawAuditLogger`.
|
|
17
|
+
*
|
|
18
|
+
* This is purely additive and does not change the existing hook-based
|
|
19
|
+
* integration path.
|
|
20
|
+
*
|
|
21
|
+
* @example
|
|
22
|
+
* ```ts
|
|
23
|
+
* import { OpenClawAdapter, PolicyEngine } from '@clawdstrike/openclaw';
|
|
24
|
+
*
|
|
25
|
+
* const engine = new PolicyEngine({ policy: 'strict' });
|
|
26
|
+
* const adapter = new OpenClawAdapter(engine);
|
|
27
|
+
*
|
|
28
|
+
* const ctx = adapter.createContext({ userId: 'user-1' });
|
|
29
|
+
* const result = await adapter.interceptToolCall(ctx, toolCall);
|
|
30
|
+
* ```
|
|
31
|
+
*/
|
|
32
|
+
export declare class OpenClawAdapter implements FrameworkAdapter {
|
|
33
|
+
private readonly delegate;
|
|
34
|
+
private readonly engine;
|
|
35
|
+
private readonly auditLogger;
|
|
36
|
+
constructor(engine: PolicyEngine, config?: OpenClawAdapterOptions);
|
|
37
|
+
get name(): string;
|
|
38
|
+
get version(): string;
|
|
39
|
+
initialize(config: AdapterConfig): Promise<void>;
|
|
40
|
+
createContext(metadata?: Record<string, unknown>): SecurityContext;
|
|
41
|
+
interceptToolCall(context: SecurityContext, toolCall: GenericToolCall): Promise<InterceptResult>;
|
|
42
|
+
processOutput(context: SecurityContext, toolCall: GenericToolCall, output: unknown): Promise<ProcessedOutput>;
|
|
43
|
+
finalizeContext(context: SecurityContext): Promise<SessionSummary>;
|
|
44
|
+
getEngine(): PolicyEngineLike;
|
|
45
|
+
getHooks(): FrameworkHooks;
|
|
46
|
+
getAuditLogger(): AuditLogger;
|
|
47
|
+
}
|
|
48
|
+
//# sourceMappingURL=openclaw-adapter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"openclaw-adapter.d.ts","sourceRoot":"","sources":["../src/openclaw-adapter.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,aAAa,EACb,WAAW,EACX,gBAAgB,EAChB,cAAc,EACd,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,eAAe,EACf,cAAc,EACf,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD,MAAM,WAAW,sBAAuB,SAAQ,aAAa;IAC3D,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,qBAAa,eAAgB,YAAW,gBAAgB;IACtD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAmB;IAC5C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAe;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;gBAE9B,MAAM,EAAE,YAAY,EAAE,MAAM,GAAE,sBAA2B;IAmBrE,IAAI,IAAI,IAAI,MAAM,CAEjB;IAED,IAAI,OAAO,IAAI,MAAM,CAEpB;IAEK,UAAU,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAItD,aAAa,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,eAAe;IAI5D,iBAAiB,CACrB,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,eAAe,GACxB,OAAO,CAAC,eAAe,CAAC;IAIrB,aAAa,CACjB,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,eAAe,EACzB,MAAM,EAAE,OAAO,GACd,OAAO,CAAC,eAAe,CAAC;IAIrB,eAAe,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC;IAIxE,SAAS,IAAI,gBAAgB;IAI7B,QAAQ,IAAI,cAAc;IAI1B,cAAc,IAAI,WAAW;CAG9B"}
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
import { createFrameworkAdapter } from '@clawdstrike/adapter-core';
|
|
2
|
+
import { OpenClawAuditLogger } from './audit/adapter-logger.js';
|
|
3
|
+
import { composeOpenClawConfig } from './translator/openclaw-translator.js';
|
|
4
|
+
/**
|
|
5
|
+
* OpenClawAdapter implements the standard `FrameworkAdapter` interface from
|
|
6
|
+
* `@clawdstrike/adapter-core`, providing a unified entry point that follows
|
|
7
|
+
* the same pattern as the Claude, Vercel AI, LangChain, and other adapters.
|
|
8
|
+
*
|
|
9
|
+
* It delegates to the existing openclaw `PolicyEngine` for all security
|
|
10
|
+
* evaluation while layering on the adapter-core interceptor, audit, and
|
|
11
|
+
* context-management infrastructure.
|
|
12
|
+
*
|
|
13
|
+
* Audit logging is enabled by default. Pass `auditLogger` to supply a custom
|
|
14
|
+
* logger, or rely on the built-in `OpenClawAuditLogger`.
|
|
15
|
+
*
|
|
16
|
+
* This is purely additive and does not change the existing hook-based
|
|
17
|
+
* integration path.
|
|
18
|
+
*
|
|
19
|
+
* @example
|
|
20
|
+
* ```ts
|
|
21
|
+
* import { OpenClawAdapter, PolicyEngine } from '@clawdstrike/openclaw';
|
|
22
|
+
*
|
|
23
|
+
* const engine = new PolicyEngine({ policy: 'strict' });
|
|
24
|
+
* const adapter = new OpenClawAdapter(engine);
|
|
25
|
+
*
|
|
26
|
+
* const ctx = adapter.createContext({ userId: 'user-1' });
|
|
27
|
+
* const result = await adapter.interceptToolCall(ctx, toolCall);
|
|
28
|
+
* ```
|
|
29
|
+
*/
|
|
30
|
+
export class OpenClawAdapter {
|
|
31
|
+
delegate;
|
|
32
|
+
engine;
|
|
33
|
+
auditLogger;
|
|
34
|
+
constructor(engine, config = {}) {
|
|
35
|
+
this.engine = engine;
|
|
36
|
+
this.auditLogger = config.auditLogger ?? new OpenClawAuditLogger();
|
|
37
|
+
const adapterConfig = {
|
|
38
|
+
...config,
|
|
39
|
+
audit: {
|
|
40
|
+
enabled: true,
|
|
41
|
+
logger: this.auditLogger,
|
|
42
|
+
logParameters: true,
|
|
43
|
+
logOutputs: false,
|
|
44
|
+
redactPII: true,
|
|
45
|
+
...config.audit,
|
|
46
|
+
},
|
|
47
|
+
};
|
|
48
|
+
this.delegate = createFrameworkAdapter('openclaw', engine, composeOpenClawConfig(adapterConfig));
|
|
49
|
+
}
|
|
50
|
+
get name() {
|
|
51
|
+
return this.delegate.name;
|
|
52
|
+
}
|
|
53
|
+
get version() {
|
|
54
|
+
return this.delegate.version;
|
|
55
|
+
}
|
|
56
|
+
async initialize(config) {
|
|
57
|
+
return this.delegate.initialize(config);
|
|
58
|
+
}
|
|
59
|
+
createContext(metadata) {
|
|
60
|
+
return this.delegate.createContext(metadata);
|
|
61
|
+
}
|
|
62
|
+
async interceptToolCall(context, toolCall) {
|
|
63
|
+
return this.delegate.interceptToolCall(context, toolCall);
|
|
64
|
+
}
|
|
65
|
+
async processOutput(context, toolCall, output) {
|
|
66
|
+
return this.delegate.processOutput(context, toolCall, output);
|
|
67
|
+
}
|
|
68
|
+
async finalizeContext(context) {
|
|
69
|
+
return this.delegate.finalizeContext(context);
|
|
70
|
+
}
|
|
71
|
+
getEngine() {
|
|
72
|
+
return this.engine;
|
|
73
|
+
}
|
|
74
|
+
getHooks() {
|
|
75
|
+
return this.delegate.getHooks();
|
|
76
|
+
}
|
|
77
|
+
getAuditLogger() {
|
|
78
|
+
return this.auditLogger;
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
//# sourceMappingURL=openclaw-adapter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"openclaw-adapter.js","sourceRoot":"","sources":["../src/openclaw-adapter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AAcnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAEhE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAM5E;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,OAAO,eAAe;IACT,QAAQ,CAAmB;IAC3B,MAAM,CAAe;IACrB,WAAW,CAAc;IAE1C,YAAY,MAAoB,EAAE,SAAiC,EAAE;QACnE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,IAAI,mBAAmB,EAAE,CAAC;QAEnE,MAAM,aAAa,GAAkB;YACnC,GAAG,MAAM;YACT,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,IAAI,CAAC,WAAW;gBACxB,aAAa,EAAE,IAAI;gBACnB,UAAU,EAAE,KAAK;gBACjB,SAAS,EAAE,IAAI;gBACf,GAAG,MAAM,CAAC,KAAK;aAChB;SACF,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,sBAAsB,CAAC,UAAU,EAAE,MAA0B,EAAE,qBAAqB,CAAC,aAAa,CAAC,CAAC,CAAC;IACvH,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAqB;QACpC,OAAO,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED,aAAa,CAAC,QAAkC;QAC9C,OAAO,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,OAAwB,EACxB,QAAyB;QAEzB,OAAO,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,OAAwB,EACxB,QAAyB,EACzB,MAAe;QAEf,OAAO,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAwB;QAC5C,OAAO,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;IAClC,CAAC;IAED,cAAc;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;CACF"}
|