@clawdstrike/openclaw 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +77 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1,9 +1,83 @@
|
|
|
1
1
|
# @clawdstrike/openclaw
|
|
2
2
|
|
|
3
|
-
Clawdstrike security plugin for OpenClaw.
|
|
3
|
+
Clawdstrike security plugin for OpenClaw. Provides tool-layer guardrails (preflight policy checks + post-action output blocking/redaction) for AI agents running in OpenClaw.
|
|
4
4
|
|
|
5
5
|
See [Enforcement Tiers & Integration Contract](https://github.com/backbay-labs/clawdstrike/blob/main/docs/src/concepts/enforcement-tiers.md) for what is enforceable at the tool boundary (and what requires a sandbox/broker).
|
|
6
6
|
|
|
7
|
-
##
|
|
7
|
+
## Installation
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
```bash
|
|
10
|
+
npm install @clawdstrike/openclaw
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
## Getting Started
|
|
14
|
+
|
|
15
|
+
See the [OpenClaw adapter getting-started guide](https://github.com/backbay-labs/clawdstrike/blob/main/packages/adapters/clawdstrike-openclaw/docs/getting-started.md) for full setup instructions.
|
|
16
|
+
|
|
17
|
+
## Usage
|
|
18
|
+
|
|
19
|
+
### FrameworkAdapter API
|
|
20
|
+
|
|
21
|
+
```ts
|
|
22
|
+
import { OpenClawAdapter, PolicyEngine } from '@clawdstrike/openclaw';
|
|
23
|
+
|
|
24
|
+
const engine = new PolicyEngine({ policy: 'strict' });
|
|
25
|
+
const adapter = new OpenClawAdapter(engine);
|
|
26
|
+
|
|
27
|
+
const ctx = adapter.createContext({ userId: 'user-1' });
|
|
28
|
+
const result = await adapter.interceptToolCall(ctx, {
|
|
29
|
+
name: 'bash',
|
|
30
|
+
parameters: { cmd: 'echo hello' },
|
|
31
|
+
});
|
|
32
|
+
|
|
33
|
+
if (!result.proceed) {
|
|
34
|
+
console.error('Blocked:', result.decision.message);
|
|
35
|
+
}
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
### Policy checking
|
|
39
|
+
|
|
40
|
+
```ts
|
|
41
|
+
import { checkPolicy } from '@clawdstrike/openclaw';
|
|
42
|
+
import type { ClawdstrikeConfig } from '@clawdstrike/openclaw';
|
|
43
|
+
|
|
44
|
+
const config: ClawdstrikeConfig = { policy: 'default' };
|
|
45
|
+
const decision = await checkPolicy(config, 'file_read', '~/.ssh/id_rsa');
|
|
46
|
+
console.log(decision.status); // "deny"
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
### OpenClaw plugin hooks
|
|
50
|
+
|
|
51
|
+
The package exports hook handlers for direct OpenClaw integration:
|
|
52
|
+
|
|
53
|
+
- `agentBootstrapHandler` -- Injects security prompt at session start
|
|
54
|
+
- `toolPreflightHandler` -- Preflight policy check before tool execution
|
|
55
|
+
- `cuaBridgeHandler` -- Computer-use agent bridge with CUA-specific checks
|
|
56
|
+
|
|
57
|
+
### CLI
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
# Installed via the bin entry
|
|
61
|
+
clawdstrike policy lint ./policy.yaml
|
|
62
|
+
clawdstrike audit query --denied
|
|
63
|
+
clawdstrike audit export ./audit-dump.jsonl
|
|
64
|
+
clawdstrike why <event-id>
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
## API Overview
|
|
68
|
+
|
|
69
|
+
| Export | Description |
|
|
70
|
+
|--------|-------------|
|
|
71
|
+
| `PolicyEngine` | Core policy evaluation engine |
|
|
72
|
+
| `OpenClawAdapter` | Standard `FrameworkAdapter` implementation |
|
|
73
|
+
| `loadPolicy` / `validatePolicy` | Policy loading and validation |
|
|
74
|
+
| `checkPolicy` / `policyCheckTool` | Policy check utilities |
|
|
75
|
+
| `AuditStore` / `OpenClawAuditLogger` | Audit event storage and logging |
|
|
76
|
+
| `ReceiptSigner` | Decision receipt signing |
|
|
77
|
+
| `generateSecurityPrompt` | Security system prompt generation |
|
|
78
|
+
| `openclawTranslator` | OpenClaw config translation |
|
|
79
|
+
| `registerCli` / `createCli` | CLI registration helpers |
|
|
80
|
+
|
|
81
|
+
## License
|
|
82
|
+
|
|
83
|
+
Apache-2.0
|