@coffeexdev/openclaw-sentinel 0.1.2 → 0.1.4

package/README.md

@@ -35,6 +35,10 @@ Formal JSON Schema for sentinel config/watchers is available at:
 
 You can validate a watcher config document (for example `.sentinel.json`) against this schema in CI or local tooling.
 
+## Documentation
+
+- [Usage Guide](docs/USAGE.md)
+
 ## Install
 
 ```bash
@@ -43,6 +47,8 @@ npm i @coffeexdev/openclaw-sentinel
 
 ## Quick usage
 
+No hosts are allowed by default — you must explicitly configure `allowedHosts` for watchers to connect to any endpoint.
+
 ```ts
 import { createSentinelPlugin } from "@coffeexdev/openclaw-sentinel";
 
@@ -65,8 +71,8 @@ sentinel.register({
 {
   "action": "create",
   "watcher": {
-    "id": "sentinel-poker-alert",
-    "skillId": "skills.sentinel-poker",
+    "id": "sentinel-alert",
+    "skillId": "skills.general-monitor"
     "enabled": true,
     "strategy": "http-poll",
     "endpoint": "https://api.github.com/events",
@@ -75,7 +81,7 @@ sentinel.register({
     "conditions": [{ "path": "type", "op": "eq", "value": "PushEvent" }],
     "fire": {
       "webhookPath": "/internal/sentinel/fire",
-      "eventName": "sentinel-poker_push",
+      "eventName": "sentinel_push",
       "payloadTemplate": {
         "watcher": "${watcher.id}",
         "event": "${event.name}",
@@ -104,7 +110,7 @@ Set `"fireOnce": true` to automatically disable a watcher after its first matche
 
 ## Example scenarios
 
-### Sentinel Poker feed monitoring
+### Feed monitoring example
 
 Watch API changes and fire internal webhook events for orchestration.
 

package/dist/configSchema.d.ts

@@ -0,0 +1,2 @@
+import type { OpenClawPluginConfigSchema } from "openclaw/plugin-sdk";
+export declare const sentinelConfigSchema: OpenClawPluginConfigSchema;

package/dist/configSchema.js

@@ -0,0 +1,115 @@
+import { z } from "zod";
+const limitsSchema = z.object({
+    maxWatchersTotal: z.number().int().positive().default(200),
+    maxWatchersPerSkill: z.number().int().positive().default(20),
+    maxConditionsPerWatcher: z.number().int().positive().default(25),
+    maxIntervalMsFloor: z.number().int().positive().default(1000),
+});
+const configZodSchema = z.object({
+    allowedHosts: z.array(z.string()).default([]),
+    localDispatchBase: z.string().url().default("http://127.0.0.1:18789"),
+    dispatchAuthToken: z.string().optional(),
+    stateFilePath: z.string().optional(),
+    limits: limitsSchema.default({}),
+});
+export const sentinelConfigSchema = {
+    safeParse: (value) => {
+        if (value === undefined)
+            return { success: true, data: undefined };
+        return configZodSchema.safeParse(value);
+    },
+    jsonSchema: {
+        type: "object",
+        additionalProperties: false,
+        properties: {
+            allowedHosts: {
+                type: "array",
+                items: { type: "string" },
+                description: "Hostnames the watchers are permitted to connect to. Must be explicitly configured — no hosts are allowed by default.",
+                default: [],
+            },
+            localDispatchBase: {
+                type: "string",
+                format: "uri",
+                description: "Base URL for internal webhook dispatch",
+                default: "http://127.0.0.1:18789",
+            },
+            dispatchAuthToken: {
+                type: "string",
+                description: "Bearer token for authenticating webhook dispatch requests",
+            },
+            stateFilePath: {
+                type: "string",
+                description: "Custom path for the sentinel state persistence file",
+            },
+            limits: {
+                type: "object",
+                additionalProperties: false,
+                description: "Resource limits for watcher creation",
+                properties: {
+                    maxWatchersTotal: {
+                        type: "number",
+                        description: "Maximum total watchers across all skills",
+                        default: 200,
+                    },
+                    maxWatchersPerSkill: {
+                        type: "number",
+                        description: "Maximum watchers per skill",
+                        default: 20,
+                    },
+                    maxConditionsPerWatcher: {
+                        type: "number",
+                        description: "Maximum conditions per watcher definition",
+                        default: 25,
+                    },
+                    maxIntervalMsFloor: {
+                        type: "number",
+                        description: "Minimum allowed polling interval in milliseconds",
+                        default: 1000,
+                    },
+                },
+            },
+        },
+    },
+    uiHints: {
+        allowedHosts: {
+            label: "Allowed Hosts",
+            help: "Hostnames the watchers are permitted to connect to",
+        },
+        localDispatchBase: {
+            label: "Dispatch Base URL",
+            help: "Base URL for internal webhook dispatch (default: http://127.0.0.1:18789)",
+        },
+        dispatchAuthToken: {
+            label: "Dispatch Auth Token",
+            help: "Bearer token for webhook dispatch authentication (or use SENTINEL_DISPATCH_TOKEN env var)",
+            sensitive: true,
+            placeholder: "sk-...",
+        },
+        stateFilePath: {
+            label: "State File Path",
+            help: "Custom path for sentinel state persistence file",
+            advanced: true,
+        },
+        "limits.maxWatchersTotal": {
+            label: "Max Watchers",
+            help: "Maximum total watchers across all skills",
+            advanced: true,
+        },
+        "limits.maxWatchersPerSkill": {
+            label: "Max Per Skill",
+            help: "Maximum watchers a single skill can create",
+            advanced: true,
+        },
+        "limits.maxConditionsPerWatcher": {
+            label: "Max Conditions",
+            help: "Maximum conditions per watcher definition",
+            advanced: true,
+        },
+        "limits.maxIntervalMsFloor": {
+            label: "Min Poll Interval (ms)",
+            help: "Minimum allowed polling interval in milliseconds",
+            advanced: true,
+        },
+    },
+};

package/dist/index.d.ts

@@ -1,10 +1,19 @@
+import type { OpenClawPluginApi } from "openclaw/plugin-sdk";
 import { WatcherManager } from "./watcherManager.js";
 import { SentinelConfig } from "./types.js";
 export declare function createSentinelPlugin(overrides?: Partial<SentinelConfig>): {
     manager: WatcherManager;
     init(): Promise<void>;
-    register(api: {
-        registerTool: (name: string, handler: (input: unknown) => Promise<unknown>) => void;
-    }): void;
+    register(api: OpenClawPluginApi): void;
 };
+declare const sentinelPlugin: {
+    id: string;
+    name: string;
+    description: string;
+    configSchema: import("openclaw/plugin-sdk").OpenClawPluginConfigSchema;
+    register(api: OpenClawPluginApi): void;
+};
+export declare const register: (api: OpenClawPluginApi) => void;
+export declare const activate: (api: OpenClawPluginApi) => void;
+export default sentinelPlugin;
 export * from "./types.js";

package/dist/index.js

@@ -1,8 +1,9 @@
 import { registerSentinelControl } from "./tool.js";
 import { WatcherManager } from "./watcherManager.js";
+import { sentinelConfigSchema } from "./configSchema.js";
 export function createSentinelPlugin(overrides) {
     const config = {
-        allowedHosts: ["api.github.com", "api.coingecko.com", "example.com"],
+        allowedHosts: [],
         localDispatchBase: "http://127.0.0.1:18789",
         dispatchAuthToken: process.env.SENTINEL_DISPATCH_TOKEN,
         limits: {
@@ -31,8 +32,23 @@ export function createSentinelPlugin(overrides) {
             await manager.init();
         },
         register(api) {
-            registerSentinelControl(api.registerTool, manager);
+            registerSentinelControl(api.registerTool.bind(api), manager);
         },
     };
 }
+// OpenClaw plugin entrypoint (default plugin object with register)
+const sentinelPlugin = {
+    id: "openclaw-sentinel",
+    name: "OpenClaw Sentinel",
+    description: "Secure declarative gateway-native watcher plugin for OpenClaw",
+    configSchema: sentinelConfigSchema,
+    register(api) {
+        const plugin = createSentinelPlugin(api.pluginConfig);
+        void plugin.init();
+        plugin.register(api);
+    },
+};
+export const register = sentinelPlugin.register.bind(sentinelPlugin);
+export const activate = sentinelPlugin.register.bind(sentinelPlugin);
+export default sentinelPlugin;
 export * from "./types.js";

package/dist/tool.d.ts

@@ -1,2 +1,5 @@
+import type { AnyAgentTool } from "openclaw/plugin-sdk";
 import { WatcherManager } from "./watcherManager.js";
-export declare function registerSentinelControl(registerTool: (name: string, handler: (input: unknown) => Promise<unknown>) => void, manager: WatcherManager): void;
+type RegisterToolFn = (tool: AnyAgentTool) => void;
+export declare function registerSentinelControl(registerTool: RegisterToolFn, manager: WatcherManager): void;
+export {};

package/dist/tool.js

@@ -1,5 +1,6 @@
+import { jsonResult } from "openclaw/plugin-sdk";
 import { z } from "zod";
-const inputSchema = z
+const ParamsSchema = z
     .object({
     action: z.enum(["create", "enable", "disable", "remove", "status", "list"]),
     id: z.string().optional(),
@@ -7,32 +8,34 @@ const inputSchema = z
 })
     .strict();
 export function registerSentinelControl(registerTool, manager) {
-    registerTool("sentinel_control", async (input) => {
-        const parsed = inputSchema.parse(input);
-        switch (parsed.action) {
-            case "create":
-                return manager.create(parsed.watcher);
-            case "enable":
-                if (!parsed.id)
-                    throw new Error("id required");
-                await manager.enable(parsed.id);
-                return { ok: true };
-            case "disable":
-                if (!parsed.id)
-                    throw new Error("id required");
-                await manager.disable(parsed.id);
-                return { ok: true };
-            case "remove":
-                if (!parsed.id)
-                    throw new Error("id required");
-                await manager.remove(parsed.id);
-                return { ok: true };
-            case "status":
-                if (!parsed.id)
-                    throw new Error("id required");
-                return manager.status(parsed.id);
-            case "list":
-                return manager.list();
-        }
+    registerTool({
+        name: "sentinel_control",
+        label: "sentinel_control",
+        description: "Create/manage sentinel watchers",
+        parameters: {
+            action: {
+                type: "string",
+                enum: ["create", "enable", "disable", "remove", "status", "list"],
+            },
+            id: { type: "string" },
+            watcher: { type: "object" },
+        },
+        async execute(_toolCallId, params) {
+            const payload = ParamsSchema.parse((params ?? {}));
+            switch (payload.action) {
+                case "create":
+                    return jsonResult(await manager.create(payload.watcher));
+                case "enable":
+                    return jsonResult(await manager.enable(payload.id ?? ""));
+                case "disable":
+                    return jsonResult(await manager.disable(payload.id ?? ""));
+                case "remove":
+                    return jsonResult(await manager.remove(payload.id ?? ""));
+                case "status":
+                    return jsonResult(manager.status(payload.id ?? ""));
+                case "list":
+                    return jsonResult(manager.list());
+            }
+        },
     });
 }

package/openclaw.plugin.json

@@ -2,8 +2,97 @@
   "id": "openclaw-sentinel",
   "configSchema": {
     "type": "object",
-    "additionalProperties": true,
-    "properties": {}
+    "additionalProperties": false,
+    "properties": {
+      "allowedHosts": {
+        "type": "array",
+        "items": { "type": "string" },
+        "description": "Hostnames the watchers are permitted to connect to. Must be explicitly configured — no hosts are allowed by default.",
+        "default": []
+      },
+      "localDispatchBase": {
+        "type": "string",
+        "format": "uri",
+        "description": "Base URL for internal webhook dispatch",
+        "default": "http://127.0.0.1:18789"
+      },
+      "dispatchAuthToken": {
+        "type": "string",
+        "description": "Bearer token for authenticating webhook dispatch requests"
+      },
+      "stateFilePath": {
+        "type": "string",
+        "description": "Custom path for the sentinel state persistence file"
+      },
+      "limits": {
+        "type": "object",
+        "additionalProperties": false,
+        "description": "Resource limits for watcher creation",
+        "properties": {
+          "maxWatchersTotal": {
+            "type": "number",
+            "description": "Maximum total watchers across all skills",
+            "default": 200
+          },
+          "maxWatchersPerSkill": {
+            "type": "number",
+            "description": "Maximum watchers per skill",
+            "default": 20
+          },
+          "maxConditionsPerWatcher": {
+            "type": "number",
+            "description": "Maximum conditions per watcher definition",
+            "default": 25
+          },
+          "maxIntervalMsFloor": {
+            "type": "number",
+            "description": "Minimum allowed polling interval in milliseconds",
+            "default": 1000
+          }
+        }
+      }
+    }
+  },
+  "uiHints": {
+    "allowedHosts": {
+      "label": "Allowed Hosts",
+      "help": "Hostnames the watchers are permitted to connect to"
+    },
+    "localDispatchBase": {
+      "label": "Dispatch Base URL",
+      "help": "Base URL for internal webhook dispatch"
+    },
+    "dispatchAuthToken": {
+      "label": "Dispatch Auth Token",
+      "help": "Bearer token for webhook dispatch authentication",
+      "sensitive": true,
+      "placeholder": "sk-..."
+    },
+    "stateFilePath": {
+      "label": "State File Path",
+      "help": "Custom path for sentinel state persistence file",
+      "advanced": true
+    },
+    "limits.maxWatchersTotal": {
+      "label": "Max Watchers",
+      "help": "Maximum total watchers across all skills",
+      "advanced": true
+    },
+    "limits.maxWatchersPerSkill": {
+      "label": "Max Per Skill",
+      "help": "Maximum watchers a single skill can create",
+      "advanced": true
+    },
+    "limits.maxConditionsPerWatcher": {
+      "label": "Max Conditions",
+      "help": "Maximum conditions per watcher definition",
+      "advanced": true
+    },
+    "limits.maxIntervalMsFloor": {
+      "label": "Min Poll Interval (ms)",
+      "help": "Minimum allowed polling interval in milliseconds",
+      "advanced": true
+    }
   },
   "install": {
     "npmSpec": "@coffeexdev/openclaw-sentinel"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coffeexdev/openclaw-sentinel",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "Secure declarative gateway-native watcher plugin for OpenClaw",
   "keywords": [
     "openclaw",
@@ -38,7 +38,8 @@
     "changeset": "changeset",
     "version-packages": "changeset version",
     "release": "changeset publish",
-    "prepack": "npm run build"
+    "prepack": "npm run build",
+    "prepare": "husky"
   },
   "dependencies": {
     "re2-wasm": "^1.0.2",
@@ -49,15 +50,24 @@
     "@changesets/cli": "^2.29.7",
     "@types/node": "^24.0.0",
     "@types/ws": "^8.5.13",
+    "husky": "^9.1.7",
+    "lint-staged": "^16.3.2",
+    "openclaw": "latest",
     "oxfmt": "^0.36.0",
     "typescript": "^5.8.2",
     "vitest": "^3.0.8"
   },
+  "peerDependencies": {
+    "openclaw": ">=2026.3.2"
+  },
   "optionalDependencies": {
     "re2": "^1.23.3"
   },
+  "lint-staged": {
+    "*.{ts,js,jsx,tsx,mjs,cjs,json,yml,yaml,md,css,html}": "oxfmt --write"
+  },
   "engines": {
-    "node": ">=20"
+    "node": ">=22"
   },
   "openclaw": {
     "extensions": [