@darkelogix/openclaw-trusted-mode 1.0.2 → 1.0.4

package/CHANGELOG.md

@@ -1,40 +1,48 @@
-# Changelog
-
-Terminology and acronyms: [`GLOSSARY.md`](./GLOSSARY.md).
-
-## Acronym Expansions
-
-- `PDP`: Policy Decision Point
-- `PEP`: Policy Enforcement Point
-- `CLI`: Command Line Interface
-- `CI`: Continuous Integration
-
-## Unreleased
-- Add gateway/environment fields to the published Trusted Mode Check PDP requests so live Guard Pro runtime validation works against quota-aware runtime bundles.
-
-## v1.0.2
-- Publish the gateway/environment-aware Trusted Mode Check flow so governed runtime validation uses the same tenant, gateway, and environment context as the customer runtime.
-
-- Add governed release artifacts (`SECURITY.md`, `RELEASE_v1.0.0.md`, compatibility matrix).
-- Add Trusted Mode Check attestation status contract (`ENFORCED_OK`, `LOCKDOWN_ONLY`, `UNSAFE`) with JSON output.
-- Add CI gates for release artifact and changelog version discipline.
-- Add runtime certification gating (`CERTIFIED_ENFORCED` vs `LOCKDOWN_ONLY`/`UNSUPPORTED`) in plugin.
-- Add signed `trusted_mode_attest` pack verification and trace/axis metadata in Trusted Mode Check output.
-- Add compatibility certification workflow and matrix sync script.
-- Add release operations hardening workflow with reproducible artifact checksum/manifest generation.
-- Add security evidence workflow, threat model summary, triage log, and third-party notices generation/review templates.
-- Add adversarial regression suite script and CI gate (tampered attestation, malformed PDP schema, unreachable PDP, uncertified runtime).
-- Add unified startup health verification script for plugin/PDP/attestation/certification checks.
-- Add performance benchmark automation (PDP p50/p95 + interception overhead), CI workflow, and published baseline report.
-- Add security gate automation (`verify-security-gates`) with vulnerability threshold enforcement and triage log validation.
-- Add generated `SECURITY_RELEASE_INDEX.md` artifact and workflow integration for release evidence traceability.
-- Add enterprise hardening options in plugin config (`toolPolicyMode`, `allowedTools`, `requireTenantId`, `allowedTenantIds`) with fail-closed validation behavior.
-- Add plugin schema/runtime contract check (`verify-plugin-schema-contract`) and CI enforcement.
-- Add consolidated release evidence bundling command (`bundle-release-evidence`) and release workflow artifact publication.
-- Add enterprise TCTP/EVTP validation matrix runner (`npm run test-pack-matrix`) against live PDP.
-- Add release documentation for deterministic certification proof (`decision_proof`) vs timestamped operational `outcome_event`.
-
-## v1.0.0
-- Add Trusted Mode Check CLI (Node) with mock PDP for CI.
-- Add CI workflow to run build, tests, and CLI against mock PDP.
+# Changelog
+
+Terminology and acronyms: [`GLOSSARY.md`](./GLOSSARY.md).
+
+## Acronym Expansions
+
+- `PDP`: Policy Decision Point
+- `PEP`: Policy Enforcement Point
+- `CLI`: Command Line Interface
+- `CI`: Continuous Integration
+
+## Unreleased
+- No unreleased changes recorded.
+
+## v1.0.4
+- Make the public npm package install-safe for current OpenClaw builds by separating Trusted Mode Check environment reads from PDP network calls in the shipped CLI entrypoint.
+- Align `openclaw.plugin.json` with the published package version and keep the required helper CLI modules in the npm tarball.
+- Preserve current compatibility posture by publishing the installer fix without claiming certification for rolling OpenClaw builds.
+
+## v1.0.3
+- Include the signed attestation pack files in the public npm package so Trusted Mode Check can verify local attestation out of the box.
+
+## v1.0.2
+- Publish the gateway/environment-aware Trusted Mode Check flow so governed runtime validation uses the same tenant, gateway, and environment context as the customer runtime.
+
+- Add governed release artifacts (`SECURITY.md`, `RELEASE_v1.0.0.md`, compatibility matrix).
+- Add Trusted Mode Check attestation status contract (`ENFORCED_OK`, `LOCKDOWN_ONLY`, `UNSAFE`) with JSON output.
+- Add CI gates for release artifact and changelog version discipline.
+- Add runtime certification gating (`CERTIFIED_ENFORCED` vs `LOCKDOWN_ONLY`/`UNSUPPORTED`) in plugin.
+- Add signed `trusted_mode_attest` pack verification and trace/axis metadata in Trusted Mode Check output.
+- Add compatibility certification workflow and matrix sync script.
+- Add release operations hardening workflow with reproducible artifact checksum/manifest generation.
+- Add security evidence workflow, threat model summary, triage log, and third-party notices generation/review templates.
+- Add adversarial regression suite script and CI gate (tampered attestation, malformed PDP schema, unreachable PDP, uncertified runtime).
+- Add unified startup health verification script for plugin/PDP/attestation/certification checks.
+- Add performance benchmark automation (PDP p50/p95 + interception overhead), CI workflow, and published baseline report.
+- Add security gate automation (`verify-security-gates`) with vulnerability threshold enforcement and triage log validation.
+- Add generated `SECURITY_RELEASE_INDEX.md` artifact and workflow integration for release evidence traceability.
+- Add enterprise hardening options in plugin config (`toolPolicyMode`, `allowedTools`, `requireTenantId`, `allowedTenantIds`) with fail-closed validation behavior.
+- Add plugin schema/runtime contract check (`verify-plugin-schema-contract`) and CI enforcement.
+- Add consolidated release evidence bundling command (`bundle-release-evidence`) and release workflow artifact publication.
+- Add enterprise TCTP/EVTP validation matrix runner (`npm run test-pack-matrix`) against live PDP.
+- Add release documentation for deterministic certification proof (`decision_proof`) vs timestamped operational `outcome_event`.
+
+## v1.0.0
+- Add Trusted Mode Check CLI (Node) with mock PDP for CI.
+- Add CI workflow to run build, tests, and CLI against mock PDP.
 - Enforce PDP timeout/fail-closed behavior and constraint checks in PEP.

package/attestation/trusted_mode_attest_v1.json

@@ -0,0 +1,21 @@
+{
+  "pack_id": "trusted_mode_attest",
+  "pack_version": "v1.0.0",
+  "schema_version": "2026-03-01",
+  "issued_at": "2026-03-01T00:00:00Z",
+  "checks": [
+    "attestation_pack_signature",
+    "deny_high_impact",
+    "allow_low_impact",
+    "signature_failure"
+  ],
+  "output_contract": {
+    "status_values": ["ENFORCED_OK", "LOCKDOWN_ONLY", "UNSAFE"],
+    "axis_scores": [
+      "interception_proof",
+      "fail_safe_posture",
+      "integrity",
+      "certified_compatibility"
+    ]
+  }
+}

package/attestation/trusted_mode_attest_v1.sig

@@ -0,0 +1 @@
+sha256:6d58bfc4a02e6efeb0607864951deeb03a5d71bd4790c1d3aea9524e71456e08

package/dist/cli.js

@@ -3,184 +3,162 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const node_process_1 = require("node:process");
 const attestation_1 = require("./attestation");
-const runtimeCertification_1 = require("./runtimeCertification");
+const cliConfig_1 = require("./cliConfig");
+const cliPdpClient_1 = require("./cliPdpClient");
 const sdeGuidance_1 = require("./sdeGuidance");
-const packageVersion_1 = require("./packageVersion");
-const PDP_URL = process.env.PDP_URL || 'http://localhost:8001/v1/authorize';
-const POLICY_VARIANT = process.env.POLICY_VARIANT || 'guard-pro.v2026.02';
-const TENANT_ID = process.env.TENANT_ID || 'trial-tenant';
-const GATEWAY_ID = process.env.GATEWAY_ID || process.env.OPENCLAW_GATEWAY_ID || 'gw-smoke-1';
-const ENVIRONMENT = process.env.ENVIRONMENT || process.env.OPENCLAW_ENVIRONMENT || 'prod';
-const OPENCLAW_VERSION = (0, packageVersion_1.resolveOpenClawVersion)();
-const RUNTIME_CERTIFICATION_STATUS = (0, runtimeCertification_1.normalizeRuntimeCertificationStatus)(process.env.CERTIFICATION_STATUS || 'CERTIFIED_ENFORCED');
-const JSON_MODE = process.argv.includes('--json');
-const EXPECTED_STATUS = process.env.EXPECTED_STATUS;
+const CONFIG = (0, cliConfig_1.readCliConfig)();
 async function post(payload) {
-    try {
-        const res = await fetch(PDP_URL, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify(payload),
-        });
-        if (!res.ok) {
-            throw new Error(`PDP unreachable (${res.status})`);
-        }
-        return (await res.json());
-    }
-    catch (err) {
-        const detail = err?.name === 'AbortError' ? 'PDP timeout' : err?.message || String(err);
-        throw new Error((0, sdeGuidance_1.maybeAppendSdeRuntimeGuidance)(detail, PDP_URL));
-    }
+    return (0, cliPdpClient_1.postDecision)(CONFIG.pdpUrl, payload);
 }
 async function testDenyHighImpact() {
     const payload = {
-        decision_sku: 'openclaw.trusted_mode.authorize.v1',
-        policy_variant: POLICY_VARIANT,
-        tenant_id: TENANT_ID,
-        gateway_id: GATEWAY_ID,
-        environment: ENVIRONMENT,
-        inputs: { action_request: { tool_name: 'exec', params: {} } },
+        decision_sku: "openclaw.trusted_mode.authorize.v1",
+        policy_variant: CONFIG.policyVariant,
+        tenant_id: CONFIG.tenantId,
+        gateway_id: CONFIG.gatewayId,
+        environment: CONFIG.environment,
+        inputs: { action_request: { tool_name: "exec", params: {} } },
     };
     try {
         const result = await post(payload);
-        if (result.decision !== 'deny') {
-            return { id: 'deny_high_impact', ok: false, detail: `Expected deny, got ${result.decision}` };
+        if (result.decision !== "deny") {
+            return { id: "deny_high_impact", ok: false, detail: `Expected deny, got ${result.decision}` };
         }
-        if (result.deny_code !== 'HIGH_BLAST') {
-            return { id: 'deny_high_impact', ok: false, detail: `Expected deny_code=HIGH_BLAST, got ${result.deny_code}` };
+        if (result.deny_code !== "HIGH_BLAST") {
+            return { id: "deny_high_impact", ok: false, detail: `Expected deny_code=HIGH_BLAST, got ${result.deny_code}` };
         }
-        if (!JSON_MODE)
-            console.log('✅ HIGH-IMPACT TOOL BLOCKED (exec)');
-        return { id: 'deny_high_impact', ok: true, detail: 'HIGH_BLAST deny verified' };
+        if (!CONFIG.jsonMode)
+            console.log("✅ HIGH-IMPACT TOOL BLOCKED (exec)");
+        return { id: "deny_high_impact", ok: true, detail: "HIGH_BLAST deny verified" };
     }
     catch (err) {
-        return { id: 'deny_high_impact', ok: false, detail: err?.message || String(err) };
+        return { id: "deny_high_impact", ok: false, detail: err?.message || String(err) };
     }
 }
 async function testAllowLowImpact() {
     const payload = {
-        decision_sku: 'openclaw.trusted_mode.authorize.v1',
-        policy_variant: POLICY_VARIANT,
-        tenant_id: TENANT_ID,
-        gateway_id: GATEWAY_ID,
-        environment: ENVIRONMENT,
-        inputs: { action_request: { tool_name: 'read_file', params: {} } },
+        decision_sku: "openclaw.trusted_mode.authorize.v1",
+        policy_variant: CONFIG.policyVariant,
+        tenant_id: CONFIG.tenantId,
+        gateway_id: CONFIG.gatewayId,
+        environment: CONFIG.environment,
+        inputs: { action_request: { tool_name: "read_file", params: {} } },
     };
     try {
         const result = await post(payload);
-        if (result.decision !== 'allow') {
-            return { id: 'allow_low_impact', ok: false, detail: `Expected allow, got ${result.decision}` };
+        if (result.decision !== "allow") {
+            return { id: "allow_low_impact", ok: false, detail: `Expected allow, got ${result.decision}` };
         }
-        if (!JSON_MODE)
-            console.log('✅ LOW-IMPACT TOOL ALLOWED (read_file)');
-        return { id: 'allow_low_impact', ok: true, detail: 'allow decision verified' };
+        if (!CONFIG.jsonMode)
+            console.log("✅ LOW-IMPACT TOOL ALLOWED (read_file)");
+        return { id: "allow_low_impact", ok: true, detail: "allow decision verified" };
     }
     catch (err) {
-        return { id: 'allow_low_impact', ok: false, detail: err?.message || String(err) };
+        return { id: "allow_low_impact", ok: false, detail: err?.message || String(err) };
     }
 }
 async function testSignatureFailure() {
     const payload = {
-        decision_sku: 'openclaw.trusted_mode.authorize.v1',
-        policy_variant: 'invalid-pack',
-        tenant_id: TENANT_ID,
-        gateway_id: GATEWAY_ID,
-        environment: ENVIRONMENT,
-        inputs: { action_request: { tool_name: 'exec', params: {} } },
+        decision_sku: "openclaw.trusted_mode.authorize.v1",
+        policy_variant: "invalid-pack",
+        tenant_id: CONFIG.tenantId,
+        gateway_id: CONFIG.gatewayId,
+        environment: CONFIG.environment,
+        inputs: { action_request: { tool_name: "exec", params: {} } },
     };
     try {
         const result = await post(payload);
-        if (result.decision !== 'deny') {
-            return { id: 'signature_failure', ok: false, detail: `Expected deny, got ${result.decision}` };
+        if (result.decision !== "deny") {
+            return { id: "signature_failure", ok: false, detail: `Expected deny, got ${result.decision}` };
         }
-        const denyCode = String(result.deny_code || '');
-        const effectiveVariant = String(result.trace?.policy_variant || result.decision_proof?.policy_variant || '');
-        const acceptable = denyCode.includes('SIGNATURE') ||
-            denyCode === 'POLICY_VARIANT_IMMUTABLE' ||
-            (denyCode === 'HIGH_BLAST' && effectiveVariant && effectiveVariant !== 'invalid-pack');
+        const denyCode = String(result.deny_code || "");
+        const effectiveVariant = String(result.trace?.policy_variant || result.decision_proof?.policy_variant || "");
+        const acceptable = denyCode.includes("SIGNATURE") ||
+            denyCode === "POLICY_VARIANT_IMMUTABLE" ||
+            (denyCode === "HIGH_BLAST" && effectiveVariant && effectiveVariant !== "invalid-pack");
         if (!acceptable) {
             return {
-                id: 'signature_failure',
+                id: "signature_failure",
                 ok: false,
                 detail: `Expected signature/immutability deny or mapped-pack fail-closed result, got ${result.deny_code}`,
             };
         }
-        if (!JSON_MODE)
-            console.log('✅ FAIL-CLOSED ON BAD SIGNATURE');
-        return { id: 'signature_failure', ok: true, detail: 'signature failure path denied' };
+        if (!CONFIG.jsonMode)
+            console.log("✅ FAIL-CLOSED ON BAD SIGNATURE");
+        return { id: "signature_failure", ok: true, detail: "signature failure path denied" };
     }
     catch (err) {
-        return { id: 'signature_failure', ok: false, detail: err?.message || String(err) };
+        return { id: "signature_failure", ok: false, detail: err?.message || String(err) };
     }
 }
 function deriveStatus(results, runtimeCertificationStatus) {
     const allOk = results.every((r) => r.ok);
     if (allOk)
-        return 'ENFORCED_OK';
-    const packIntegrityFailure = results.some((r) => r.id === 'attestation_pack_signature' && !r.ok);
+        return "ENFORCED_OK";
+    const packIntegrityFailure = results.some((r) => r.id === "attestation_pack_signature" && !r.ok);
     if (packIntegrityFailure)
-        return 'UNSAFE';
-    const anyConnectivityFailure = results.some((r) => r.detail.includes('PDP unreachable') || r.detail.includes('fetch failed'));
+        return "UNSAFE";
+    const anyConnectivityFailure = results.some((r) => r.detail.includes("PDP unreachable") || r.detail.includes("fetch failed"));
     if (anyConnectivityFailure)
-        return 'UNSAFE';
-    if (runtimeCertificationStatus !== 'CERTIFIED_ENFORCED')
-        return 'LOCKDOWN_ONLY';
-    return 'LOCKDOWN_ONLY';
+        return "UNSAFE";
+    if (runtimeCertificationStatus !== "CERTIFIED_ENFORCED")
+        return "LOCKDOWN_ONLY";
+    return "LOCKDOWN_ONLY";
 }
 function remediationFor(status, runtimeCertificationStatus, hasConnectivityFailure) {
-    if (status === 'ENFORCED_OK')
-        return ['No remediation required.'];
-    if (runtimeCertificationStatus !== 'CERTIFIED_ENFORCED') {
+    if (status === "ENFORCED_OK")
+        return ["No remediation required."];
+    if (runtimeCertificationStatus !== "CERTIFIED_ENFORCED") {
         return [
-            'Run in LOCKDOWN_ONLY posture and block high-risk tools by default.',
-            'Certify this OpenClaw runtime version in COMPATIBILITY_MATRIX.md.',
-            'Set CERTIFICATION_STATUS=CERTIFIED_ENFORCED only after certification evidence is complete.',
+            "Run in LOCKDOWN_ONLY posture and block high-risk tools by default.",
+            "Certify this OpenClaw runtime version in COMPATIBILITY_MATRIX.md.",
+            "Set CERTIFICATION_STATUS=CERTIFIED_ENFORCED only after certification evidence is complete.",
         ];
     }
-    if (status === 'LOCKDOWN_ONLY') {
+    if (status === "LOCKDOWN_ONLY") {
         return [
-            'Review failing checks and update policy/tool-name mappings.',
-            'Re-run trusted-mode-check after remediation.',
+            "Review failing checks and update policy/tool-name mappings.",
+            "Re-run trusted-mode-check after remediation.",
         ];
     }
     const steps = [
-        'Restore PDP reachability and verify /healthz.',
-        'Confirm plugin pdpUrl and tenant configuration.',
-        'Keep fail-closed enabled until ENFORCED_OK is restored.',
+        "Restore PDP reachability and verify /healthz.",
+        "Confirm plugin pdpUrl and tenant configuration.",
+        "Keep fail-closed enabled until ENFORCED_OK is restored.",
     ];
-    if (hasConnectivityFailure && (0, sdeGuidance_1.isLocalPdpUrl)(PDP_URL)) {
-        steps.unshift('If you only need standalone hardening, switch the plugin to ALLOWLIST_ONLY.', 'If you want governed mode, obtain the licensed SDE runtime and deployment instructions from https://darkelogix.ai/, then point PDP_URL at that environment.');
+    if (hasConnectivityFailure && (0, sdeGuidance_1.isLocalPdpUrl)(CONFIG.pdpUrl)) {
+        steps.unshift("If you only need standalone hardening, switch the plugin to ALLOWLIST_ONLY.", "If you want governed mode, obtain the licensed SDE runtime and deployment instructions from https://darkelogix.ai/, then point PDP_URL at that environment.");
     }
     return steps;
 }
 function computeAxisScores(checks, runtimeCertificationStatus) {
     const okById = new Map(checks.map((c) => [c.id, c.ok]));
     return {
-        interception_proof: okById.get('deny_high_impact') && okById.get('allow_low_impact') ? 'PASS' : 'FAIL',
-        fail_safe_posture: okById.get('signature_failure') ? 'PASS' : 'FAIL',
-        integrity: okById.get('attestation_pack_signature') ? 'PASS' : 'FAIL',
-        certified_compatibility: runtimeCertificationStatus === 'CERTIFIED_ENFORCED'
-            ? 'PASS'
-            : runtimeCertificationStatus === 'LOCKDOWN_ONLY'
-                ? 'WARN'
-                : 'FAIL',
+        interception_proof: okById.get("deny_high_impact") && okById.get("allow_low_impact") ? "PASS" : "FAIL",
+        fail_safe_posture: okById.get("signature_failure") ? "PASS" : "FAIL",
+        integrity: okById.get("attestation_pack_signature") ? "PASS" : "FAIL",
+        certified_compatibility: runtimeCertificationStatus === "CERTIFIED_ENFORCED"
+            ? "PASS"
+            : runtimeCertificationStatus === "LOCKDOWN_ONLY"
+                ? "WARN"
+                : "FAIL",
     };
 }
 async function main() {
-    if (!JSON_MODE)
-        console.log('🔍 Running Trusted Mode Check...\n');
+    if (!CONFIG.jsonMode)
+        console.log("🔍 Running Trusted Mode Check...\n");
     const traceId = (0, attestation_1.makeTraceId)();
     const packVerification = (0, attestation_1.verifyLocalAttestationPack)();
     const packCheck = packVerification.ok
         ? {
-            id: 'attestation_pack_signature',
+            id: "attestation_pack_signature",
             ok: true,
             detail: `verified (${packVerification.packVersion})`,
         }
         : {
-            id: 'attestation_pack_signature',
+            id: "attestation_pack_signature",
             ok: false,
-            detail: packVerification.error || 'attestation verification failed',
+            detail: packVerification.error || "attestation verification failed",
         };
     const checks = await Promise.all([
         Promise.resolve(packCheck),
@@ -188,33 +166,33 @@ async function main() {
         testAllowLowImpact(),
         testSignatureFailure(),
     ]);
-    const anyConnectivityFailure = checks.some((r) => r.detail.includes('PDP unreachable') || r.detail.includes('fetch failed') || r.detail.includes('timeout') || r.detail.includes('aborted'));
-    const status = RUNTIME_CERTIFICATION_STATUS === 'CERTIFIED_ENFORCED'
-        ? deriveStatus(checks, RUNTIME_CERTIFICATION_STATUS)
-        : 'LOCKDOWN_ONLY';
-    const axisScores = computeAxisScores(checks, RUNTIME_CERTIFICATION_STATUS);
+    const anyConnectivityFailure = checks.some((r) => r.detail.includes("PDP unreachable") || r.detail.includes("fetch failed") || r.detail.includes("timeout") || r.detail.includes("aborted"));
+    const status = CONFIG.runtimeCertificationStatus === "CERTIFIED_ENFORCED"
+        ? deriveStatus(checks, CONFIG.runtimeCertificationStatus)
+        : "LOCKDOWN_ONLY";
+    const axisScores = computeAxisScores(checks, CONFIG.runtimeCertificationStatus);
     const report = {
         status,
-        policy_variant: POLICY_VARIANT,
-        pdp_url: PDP_URL,
-        tenant_id: TENANT_ID,
+        policy_variant: CONFIG.policyVariant,
+        pdp_url: CONFIG.pdpUrl,
+        tenant_id: CONFIG.tenantId,
         trace_id: traceId,
-        openclaw_version: OPENCLAW_VERSION,
-        runtime_certification_status: RUNTIME_CERTIFICATION_STATUS,
+        openclaw_version: CONFIG.openclawVersion,
+        runtime_certification_status: CONFIG.runtimeCertificationStatus,
         attestation_pack_version: packVerification.packVersion,
         attestation_signature_verified: packVerification.signatureVerified,
         axis_scores: axisScores,
         checks,
-        remediation: remediationFor(status, RUNTIME_CERTIFICATION_STATUS, anyConnectivityFailure),
+        remediation: remediationFor(status, CONFIG.runtimeCertificationStatus, anyConnectivityFailure),
         generated_at: new Date().toISOString(),
     };
-    if (JSON_MODE) {
+    if (CONFIG.jsonMode) {
         console.log(JSON.stringify(report, null, 2));
     }
     else {
-        if (status === 'ENFORCED_OK') {
-            console.log('\n🎉 ALL TESTS PASSED — Trusted Mode is LIVE and PROVABLE');
-            console.log('   Your OpenClaw deployment is now governed.');
+        if (status === "ENFORCED_OK") {
+            console.log("\n🎉 ALL TESTS PASSED — Trusted Mode is LIVE and PROVABLE");
+            console.log("   Your OpenClaw deployment is now governed.");
         }
         else {
             console.error(`\n❌ TRUSTED MODE CHECK STATUS: ${status}`);
@@ -222,19 +200,19 @@ async function main() {
                 if (!check.ok)
                     console.error(`- ${check.id}: ${check.detail}`);
             }
-            console.error('\nRemediation:');
+            console.error("\nRemediation:");
             for (const step of report.remediation)
                 console.error(`- ${step}`);
         }
-        console.log('\nAttestation report (--json):');
+        console.log("\nAttestation report (--json):");
         console.log(JSON.stringify(report, null, 2));
     }
-    if (EXPECTED_STATUS) {
-        if (status !== EXPECTED_STATUS)
+    if (CONFIG.expectedStatus) {
+        if (status !== CONFIG.expectedStatus)
             (0, node_process_1.exit)(1);
         return;
     }
-    if (status !== 'ENFORCED_OK')
+    if (status !== "ENFORCED_OK")
         (0, node_process_1.exit)(1);
 }
 main();

package/dist/cliConfig.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readCliConfig = readCliConfig;
+const packageVersion_1 = require("./packageVersion");
+const runtimeCertification_1 = require("./runtimeCertification");
+function readCliConfig(argv = process.argv) {
+    const env = process.env;
+    return {
+        pdpUrl: env.PDP_URL || "http://localhost:8001/v1/authorize",
+        policyVariant: env.POLICY_VARIANT || "guard-pro.v2026.02",
+        tenantId: env.TENANT_ID || "trial-tenant",
+        gatewayId: env.GATEWAY_ID || env.OPENCLAW_GATEWAY_ID || "gw-smoke-1",
+        environment: env.ENVIRONMENT || env.OPENCLAW_ENVIRONMENT || "prod",
+        openclawVersion: (0, packageVersion_1.resolveOpenClawVersion)(env.OPENCLAW_VERSION),
+        runtimeCertificationStatus: (0, runtimeCertification_1.normalizeRuntimeCertificationStatus)(env.CERTIFICATION_STATUS || "CERTIFIED_ENFORCED"),
+        jsonMode: argv.includes("--json"),
+        expectedStatus: env.EXPECTED_STATUS,
+    };
+}

package/dist/cliPdpClient.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.postDecision = postDecision;
+const sdeGuidance_1 = require("./sdeGuidance");
+async function postDecision(pdpUrl, payload) {
+    try {
+        const res = await fetch(pdpUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(payload),
+        });
+        if (!res.ok) {
+            throw new Error(`PDP unreachable (${res.status})`);
+        }
+        return (await res.json());
+    }
+    catch (err) {
+        const detail = err?.name === "AbortError" ? "PDP timeout" : err?.message || String(err);
+        throw new Error((0, sdeGuidance_1.maybeAppendSdeRuntimeGuidance)(detail, pdpUrl));
+    }
+}

package/openclaw.plugin.json

@@ -1,64 +1,64 @@
 {
-  "id": "openclaw-trusted-mode",
+  "id": "openclaw-trusted-mode",
   "name": "Trusted Mode Governance",
-  "version": "1.0.0",
+  "version": "1.0.4",
   "description": "Provable enforcement using SDE-PDP + signed policy packs",
   "author": "Darkelogix",
   "hooks": ["before_tool_call"],
   "configSchema": {
     "type": "object",
-    "properties": {
-      "pdpUrl": { "type": "string", "default": "http://localhost:8001/v1/authorize" },
-      "policyVariant": { "type": "string", "default": "guard-pro.v2026.02" },
-      "pdpTimeoutMs": { "type": "number", "default": 5000 },
-      "failClosed": { "type": "boolean", "default": true },
-      "tenantId": { "type": "string" },
-      "gatewayId": { "type": "string" },
-      "environment": { "type": "string" },
-      "certificationStatus": {
-        "type": "string",
-        "enum": ["CERTIFIED_ENFORCED", "LOCKDOWN_ONLY", "UNSUPPORTED"],
-        "default": "LOCKDOWN_ONLY"
-      },
-      "openclawVersion": { "type": "string" },
-      "certifiedOpenClawVersions": {
-        "type": "array",
-        "items": { "type": "string" },
-        "default": []
-      },
-      "highRiskTools": {
-        "type": "array",
-        "items": { "type": "string" },
-        "default": ["exec", "execute_shell", "run_shell_command", "shell", "delete_file", "remove_file", "write_file", "edit_file"]
-      },
-      "toolPolicyMode": {
-        "type": "string",
-        "enum": ["PDP", "ALLOWLIST_ONLY"],
-        "default": "ALLOWLIST_ONLY"
-      },
-      "allowedTools": {
-        "type": "array",
-        "items": { "type": "string" },
-        "default": ["read_file", "list_files", "search_files"]
-      },
-      "requireTenantId": {
-        "type": "boolean",
-        "default": false
-      },
-      "allowedTenantIds": {
-        "type": "array",
-        "items": { "type": "string" },
-        "default": []
-      },
-      "contextCurator": {
-        "type": "object",
-        "properties": {
-          "enabled": { "type": "boolean", "default": false },
-          "redactKeys": { "type": "array", "items": { "type": "string" } },
-          "dropPaths": { "type": "array", "items": { "type": "string" } },
-          "maxStringLength": { "type": "number", "default": 0 }
-        }
-      }
-    }
-  }
-}
+    "properties": {
+      "pdpUrl": { "type": "string", "default": "http://localhost:8001/v1/authorize" },
+      "policyVariant": { "type": "string", "default": "guard-pro.v2026.02" },
+      "pdpTimeoutMs": { "type": "number", "default": 5000 },
+      "failClosed": { "type": "boolean", "default": true },
+      "tenantId": { "type": "string" },
+      "gatewayId": { "type": "string" },
+      "environment": { "type": "string" },
+      "certificationStatus": {
+        "type": "string",
+        "enum": ["CERTIFIED_ENFORCED", "LOCKDOWN_ONLY", "UNSUPPORTED"],
+        "default": "LOCKDOWN_ONLY"
+      },
+      "openclawVersion": { "type": "string" },
+      "certifiedOpenClawVersions": {
+        "type": "array",
+        "items": { "type": "string" },
+        "default": []
+      },
+      "highRiskTools": {
+        "type": "array",
+        "items": { "type": "string" },
+        "default": ["exec", "execute_shell", "run_shell_command", "shell", "delete_file", "remove_file", "write_file", "edit_file"]
+      },
+      "toolPolicyMode": {
+        "type": "string",
+        "enum": ["PDP", "ALLOWLIST_ONLY"],
+        "default": "ALLOWLIST_ONLY"
+      },
+      "allowedTools": {
+        "type": "array",
+        "items": { "type": "string" },
+        "default": ["read_file", "list_files", "search_files"]
+      },
+      "requireTenantId": {
+        "type": "boolean",
+        "default": false
+      },
+      "allowedTenantIds": {
+        "type": "array",
+        "items": { "type": "string" },
+        "default": []
+      },
+      "contextCurator": {
+        "type": "object",
+        "properties": {
+          "enabled": { "type": "boolean", "default": false },
+          "redactKeys": { "type": "array", "items": { "type": "string" } },
+          "dropPaths": { "type": "array", "items": { "type": "string" } },
+          "maxStringLength": { "type": "number", "default": 0 }
+        }
+      }
+    }
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@darkelogix/openclaw-trusted-mode",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "MIT-licensed OpenClaw Trusted Mode plugin with standalone hardening and optional SDE-backed governance",
   "license": "MIT",
   "main": "dist/index.js",
@@ -37,6 +37,8 @@
   "files": [
     "dist/attestation.js",
     "dist/cli.js",
+    "dist/cliConfig.js",
+    "dist/cliPdpClient.js",
     "dist/constraints.js",
     "dist/contextCurator.js",
     "dist/hardening.js",
@@ -50,7 +52,9 @@
     "START_HERE.md",
     "GLOSSARY.md",
     "SELF_SERVICE_FAQ.md",
-    "CHANGELOG.md"
+    "CHANGELOG.md",
+    "attestation/trusted_mode_attest_v1.json",
+    "attestation/trusted_mode_attest_v1.sig"
   ],
   "scripts": {
     "build": "tsc",