@clawnitor/cli 1.0.0

package/LICENSE

@@ -0,0 +1,66 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor:             David Kogan
+Licensed Work:        Clawnitor
+                      The Licensed Work is (c) 2026 David Kogan.
+Additional Use Grant: You may make production use of the Licensed Work,
+                      provided your use does not include offering the
+                      Licensed Work to third parties as a commercial
+                      agent monitoring, observability, or safety service
+                      that competes with the Licensor's offerings.
+Change Date:          Four years from the date the Licensed Work is
+                      published. The specific Change Date will be set
+                      when the repository is made public.
+Change License:       GNU Affero General Public License v3.0 (AGPL-3.0)
+
+For information about alternative licensing arrangements for the Licensed
+Work, please contact: david@clawnitor.io
+
+Notice
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create
+derivative works, redistribute, and make non-production use of the
+Licensed Work. The Licensor may make an Additional Use Grant, above,
+permitting limited production use.
+
+Effective on the Change Date, or the fourth anniversary of the first
+publicly available distribution of a specific version of the Licensed
+Work under this License, whichever comes first, the Licensor hereby
+grants you rights under the terms of the Change License, and the rights
+granted in the paragraph above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or
+authorized resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative
+works of the Licensed Work, are subject to this License. This License
+applies separately for each version of the Licensed Work and the Change
+Date may vary for each version of the Licensed Work released by
+Licensor.
+
+You must conspicuously display this License on each original or modified
+copy of the Licensed Work. If you receive the Licensed Work in original
+or modified form from a third party, the terms and conditions set forth
+in this License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will
+automatically terminate your rights under this License for the current
+and all other versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or
+logo of Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS
+PROVIDED ON AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES
+AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION)
+WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
+NON-INFRINGEMENT, AND TITLE.

package/README.md

@@ -0,0 +1,72 @@
+# @clawnitor/cli
+
+[![npm](https://img.shields.io/npm/v/@clawnitor/cli?color=FF6B4A)](https://www.npmjs.com/package/@clawnitor/cli)
+[![license](https://img.shields.io/badge/license-AGPL--3.0-A78BFA)](LICENSE)
+
+CLI for [Clawnitor](https://clawnitor.io) — agent monitoring, rules enforcement, and kill switch for OpenClaw.
+
+## Usage
+
+```bash
+openclaw plugins install @clawnitor/plugin
+npx clawnitor init
+```
+
+`clawnitor init` handles authentication, API key generation, and configuration in one command. Choose GitHub or email magic link to sign in.
+
+```
+$ npx clawnitor init
+
+  Clawnitor — Agent monitoring for OpenClaw
+  by Safer Intelligence Labs
+
+  How do you want to sign in?
+  1. GitHub
+  2. Email magic link
+
+  > 1
+
+  Open this URL:  https://github.com/login/device
+  Enter code:     ABCD-1234
+
+  Waiting for authorization...
+  Authenticated as you@example.com
+
+  Generating API key...
+  Writing to openclaw.json...
+
+  Done. Clawnitor is monitoring your agents.
+  Dashboard: https://app.clawnitor.io
+```
+
+## What it does
+
+1. Authenticates via GitHub device flow or email magic link
+2. Creates your Clawnitor account (or logs in if you already have one)
+3. Generates an API key
+4. Finds your `openclaw.json` (or creates one) and writes the API key
+
+## Manual setup
+
+If you prefer not to use the CLI, sign up at [clawnitor.io](https://clawnitor.io), copy your API key, and add it to your `openclaw.json`:
+
+```json
+{
+  "plugins": {
+    "entries": {
+      "clawnitor": {
+        "config": {
+          "apiKey": "clw_live_..."
+        }
+      }
+    }
+  }
+}
+```
+
+## Links
+
+- [Dashboard](https://app.clawnitor.io)
+- [Documentation](https://clawnitor.io/docs)
+- [Interactive Demo](https://clawnitor.io/demo)
+- [Plugin on npm](https://www.npmjs.com/package/@clawnitor/plugin)

package/dist/auth/github-device.d.ts

@@ -0,0 +1,2 @@
+export declare function githubDeviceAuth(): Promise<string>;
+export declare function getGitHubEmail(token: string): Promise<string>;

package/dist/auth/github-device.js

@@ -0,0 +1,68 @@
+const GITHUB_CLIENT_ID = "Ov23liNYdX5tPiHxNqx5";
+export async function githubDeviceAuth() {
+    // Step 1: Request device code
+    const codeRes = await fetch("https://github.com/login/device/code", {
+        method: "POST",
+        headers: {
+            Accept: "application/json",
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify({
+            client_id: GITHUB_CLIENT_ID,
+            scope: "user:email",
+        }),
+    });
+    if (!codeRes.ok)
+        throw new Error("Failed to start GitHub device flow");
+    const codeData = await codeRes.json();
+    console.log(`
+  Open this URL:  ${codeData.verification_uri}
+  Enter code:     ${codeData.user_code}
+`);
+    console.log("  Waiting for authorization...");
+    // Step 2: Poll for token
+    const interval = (codeData.interval || 5) * 1000;
+    const deadline = Date.now() + codeData.expires_in * 1000;
+    while (Date.now() < deadline) {
+        await new Promise((r) => setTimeout(r, interval));
+        const tokenRes = await fetch("https://github.com/login/oauth/access_token", {
+            method: "POST",
+            headers: {
+                Accept: "application/json",
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify({
+                client_id: GITHUB_CLIENT_ID,
+                device_code: codeData.device_code,
+                grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+            }),
+        });
+        const tokenData = await tokenRes.json();
+        if (tokenData.access_token) {
+            return tokenData.access_token;
+        }
+        if (tokenData.error === "authorization_pending" ||
+            tokenData.error === "slow_down") {
+            continue;
+        }
+        if (tokenData.error) {
+            throw new Error(`GitHub auth failed: ${tokenData.error}`);
+        }
+    }
+    throw new Error("GitHub authorization timed out");
+}
+export async function getGitHubEmail(token) {
+    const res = await fetch("https://api.github.com/user/emails", {
+        headers: {
+            Authorization: `Bearer ${token}`,
+            Accept: "application/vnd.github+json",
+        },
+    });
+    if (!res.ok)
+        throw new Error("Failed to get GitHub email");
+    const emails = await res.json();
+    const primary = emails.find((e) => e.primary);
+    if (!primary)
+        throw new Error("No primary email found on GitHub account");
+    return primary.email;
+}

package/dist/auth/magic-link.d.ts

@@ -0,0 +1,5 @@
+export declare function sendMagicLink(email: string): Promise<string>;
+export declare function pollMagicLink(pollingToken: string): Promise<{
+    email: string;
+    sessionToken: string;
+}>;

package/dist/auth/magic-link.js

@@ -0,0 +1,34 @@
+const API_URL = process.env.CLAWNITOR_API_URL || "https://api.clawnitor.io";
+export async function sendMagicLink(email) {
+    const res = await fetch(`${API_URL}/api/auth/cli-magic-link`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ email }),
+    });
+    if (!res.ok) {
+        const data = await res.json().catch(() => ({}));
+        throw new Error(data.error || "Failed to send magic link");
+    }
+    const data = await res.json();
+    return data.token; // polling token
+}
+export async function pollMagicLink(pollingToken) {
+    const deadline = Date.now() + 5 * 60_000; // 5 min timeout
+    console.log("  Check your email and click the link.\n");
+    console.log("  Waiting...");
+    while (Date.now() < deadline) {
+        await new Promise((r) => setTimeout(r, 3000));
+        const res = await fetch(`${API_URL}/api/auth/cli-magic-link/status`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ token: pollingToken }),
+        });
+        if (!res.ok)
+            continue;
+        const data = await res.json();
+        if (data.verified && data.email && data.sessionToken) {
+            return { email: data.email, sessionToken: data.sessionToken };
+        }
+    }
+    throw new Error("Magic link timed out. Try again.");
+}

package/dist/config.d.ts

@@ -0,0 +1,2 @@
+export declare function findConfig(): string | null;
+export declare function writeApiKey(apiKey: string): string;

package/dist/config.js

@@ -0,0 +1,51 @@
+import { readFileSync, writeFileSync, existsSync } from "node:fs";
+import { join, resolve } from "node:path";
+const CONFIG_FILE = "openclaw.json";
+const MAX_SEARCH_DEPTH = 5;
+export function findConfig() {
+    let dir = process.cwd();
+    for (let i = 0; i < MAX_SEARCH_DEPTH; i++) {
+        const configPath = join(dir, CONFIG_FILE);
+        if (existsSync(configPath))
+            return configPath;
+        const parent = resolve(dir, "..");
+        if (parent === dir)
+            break;
+        dir = parent;
+    }
+    return null;
+}
+export function writeApiKey(apiKey) {
+    let configPath = findConfig();
+    if (configPath) {
+        // Update existing config
+        const raw = readFileSync(configPath, "utf-8");
+        const config = JSON.parse(raw);
+        if (!config.plugins)
+            config.plugins = {};
+        if (!config.plugins.entries)
+            config.plugins.entries = {};
+        if (!config.plugins.entries.clawnitor)
+            config.plugins.entries.clawnitor = {};
+        if (!config.plugins.entries.clawnitor.config)
+            config.plugins.entries.clawnitor.config = {};
+        config.plugins.entries.clawnitor.config.apiKey = apiKey;
+        writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+        return configPath;
+    }
+    // Create new config
+    const newPath = join(process.cwd(), CONFIG_FILE);
+    const config = {
+        plugins: {
+            entries: {
+                clawnitor: {
+                    config: {
+                        apiKey: apiKey,
+                    },
+                },
+            },
+        },
+    };
+    writeFileSync(newPath, JSON.stringify(config, null, 2) + "\n");
+    return newPath;
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,20 @@
+#!/usr/bin/env node
+import { init } from "./init.js";
+const command = process.argv[2];
+if (command === "init") {
+    init().catch((err) => {
+        console.error("\n  Error:", err.message);
+        process.exit(1);
+    });
+}
+else {
+    console.log(`
+  Clawnitor CLI — Agent monitoring for OpenClaw
+
+  Commands:
+    init    Set up Clawnitor (authenticate + configure API key)
+
+  Usage:
+    npx clawnitor init
+`);
+}

package/dist/init.d.ts

@@ -0,0 +1 @@
+export declare function init(): Promise<void>;

package/dist/init.js

@@ -0,0 +1,74 @@
+import { createInterface } from "node:readline";
+import { githubDeviceAuth, getGitHubEmail } from "./auth/github-device.js";
+import { sendMagicLink, pollMagicLink } from "./auth/magic-link.js";
+import { writeApiKey } from "./config.js";
+const API_URL = process.env.CLAWNITOR_API_URL || "https://api.clawnitor.io";
+function ask(question) {
+    const rl = createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    return new Promise((resolve) => {
+        rl.question(question, (answer) => {
+            rl.close();
+            resolve(answer.trim());
+        });
+    });
+}
+async function provisionAndGetKey(email) {
+    // Provision user (creates account if new)
+    const provisionRes = await fetch(`${API_URL}/api/auth/cli-provision`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ email }),
+    });
+    if (!provisionRes.ok) {
+        const data = await provisionRes.json().catch(() => ({}));
+        throw new Error(data.error || "Failed to provision account");
+    }
+    const { apiKey } = (await provisionRes.json());
+    return apiKey;
+}
+export async function init() {
+    console.log(`
+  Clawnitor — Agent monitoring for OpenClaw
+  by Safer Intelligence Labs
+`);
+    const method = await ask("  How do you want to sign in?\n  1. GitHub\n  2. Email magic link\n\n  > ");
+    let email;
+    if (method === "1" || method.toLowerCase() === "github") {
+        // GitHub device flow
+        const githubToken = await githubDeviceAuth();
+        email = await getGitHubEmail(githubToken);
+        console.log(`\n  Authenticated as ${email}`);
+    }
+    else if (method === "2" ||
+        method.toLowerCase() === "email" ||
+        method.toLowerCase() === "magic") {
+        // Magic link flow
+        email = await ask("\n  Email: ");
+        if (!email || !email.includes("@")) {
+            throw new Error("Invalid email");
+        }
+        const pollingToken = await sendMagicLink(email);
+        const result = await pollMagicLink(pollingToken);
+        email = result.email;
+        console.log(`\n  Authenticated as ${email}`);
+    }
+    else {
+        throw new Error('Pick 1 or 2');
+    }
+    // Provision account and get API key
+    console.log("\n  Generating API key...");
+    const apiKey = await provisionAndGetKey(email);
+    // Write to config
+    console.log("  Writing to openclaw.json...");
+    const configPath = writeApiKey(apiKey);
+    console.log(`
+  Done. Clawnitor is monitoring your agents.
+
+  Config:     ${configPath}
+  Dashboard:  https://app.clawnitor.io
+  Docs:       https://clawnitor.io/docs
+`);
+}

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@clawnitor/cli",
+  "version": "1.0.0",
+  "description": "CLI for Clawnitor — agent monitoring for OpenClaw. Authenticate, generate API keys, and configure from the terminal.",
+  "type": "module",
+  "bin": {
+    "clawnitor": "./dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "keywords": [
+    "clawnitor",
+    "openclaw",
+    "agent",
+    "monitoring",
+    "cli",
+    "safety"
+  ],
+  "author": "David Kogan",
+  "license": "AGPL-3.0",
+  "homepage": "https://clawnitor.io",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/davidkny22/clawnitor"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "devDependencies": {
+    "@types/node": "^25.5.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.7.0"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/index.ts"
+  }
+}