@darkelogix/openclaw-trusted-mode 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/CHANGELOG.md +47 -42
  2. package/dist/cli.js +103 -125
  3. package/dist/cliConfig.js +19 -0
  4. package/dist/cliPdpClient.js +21 -0
  5. package/openclaw.plugin.json +57 -57
  6. package/package.json +3 -1
package/CHANGELOG.md CHANGED
@@ -1,43 +1,48 @@
1
- # Changelog
2
-
3
- Terminology and acronyms: [`GLOSSARY.md`](./GLOSSARY.md).
4
-
5
- ## Acronym Expansions
6
-
7
- - `PDP`: Policy Decision Point
8
- - `PEP`: Policy Enforcement Point
9
- - `CLI`: Command Line Interface
10
- - `CI`: Continuous Integration
11
-
12
- ## Unreleased
13
- - Add gateway/environment fields to the published Trusted Mode Check PDP requests so live Guard Pro runtime validation works against quota-aware runtime bundles.
14
-
15
- ## v1.0.3
16
- - Include the signed attestation pack files in the public npm package so Trusted Mode Check can verify local attestation out of the box.
17
-
18
- ## v1.0.2
19
- - Publish the gateway/environment-aware Trusted Mode Check flow so governed runtime validation uses the same tenant, gateway, and environment context as the customer runtime.
20
-
21
- - Add governed release artifacts (`SECURITY.md`, `RELEASE_v1.0.0.md`, compatibility matrix).
22
- - Add Trusted Mode Check attestation status contract (`ENFORCED_OK`, `LOCKDOWN_ONLY`, `UNSAFE`) with JSON output.
23
- - Add CI gates for release artifact and changelog version discipline.
24
- - Add runtime certification gating (`CERTIFIED_ENFORCED` vs `LOCKDOWN_ONLY`/`UNSUPPORTED`) in plugin.
25
- - Add signed `trusted_mode_attest` pack verification and trace/axis metadata in Trusted Mode Check output.
26
- - Add compatibility certification workflow and matrix sync script.
27
- - Add release operations hardening workflow with reproducible artifact checksum/manifest generation.
28
- - Add security evidence workflow, threat model summary, triage log, and third-party notices generation/review templates.
29
- - Add adversarial regression suite script and CI gate (tampered attestation, malformed PDP schema, unreachable PDP, uncertified runtime).
30
- - Add unified startup health verification script for plugin/PDP/attestation/certification checks.
31
- - Add performance benchmark automation (PDP p50/p95 + interception overhead), CI workflow, and published baseline report.
32
- - Add security gate automation (`verify-security-gates`) with vulnerability threshold enforcement and triage log validation.
33
- - Add generated `SECURITY_RELEASE_INDEX.md` artifact and workflow integration for release evidence traceability.
34
- - Add enterprise hardening options in plugin config (`toolPolicyMode`, `allowedTools`, `requireTenantId`, `allowedTenantIds`) with fail-closed validation behavior.
35
- - Add plugin schema/runtime contract check (`verify-plugin-schema-contract`) and CI enforcement.
36
- - Add consolidated release evidence bundling command (`bundle-release-evidence`) and release workflow artifact publication.
37
- - Add enterprise TCTP/EVTP validation matrix runner (`npm run test-pack-matrix`) against live PDP.
38
- - Add release documentation for deterministic certification proof (`decision_proof`) vs timestamped operational `outcome_event`.
39
-
40
- ## v1.0.0
41
- - Add Trusted Mode Check CLI (Node) with mock PDP for CI.
42
- - Add CI workflow to run build, tests, and CLI against mock PDP.
1
+ # Changelog
2
+
3
+ Terminology and acronyms: [`GLOSSARY.md`](./GLOSSARY.md).
4
+
5
+ ## Acronym Expansions
6
+
7
+ - `PDP`: Policy Decision Point
8
+ - `PEP`: Policy Enforcement Point
9
+ - `CLI`: Command Line Interface
10
+ - `CI`: Continuous Integration
11
+
12
+ ## Unreleased
13
+ - No unreleased changes recorded.
14
+
15
+ ## v1.0.4
16
+ - Make the public npm package install-safe for current OpenClaw builds by separating Trusted Mode Check environment reads from PDP network calls in the shipped CLI entrypoint.
17
+ - Align `openclaw.plugin.json` with the published package version and keep the required helper CLI modules in the npm tarball.
18
+ - Preserve current compatibility posture by publishing the installer fix without claiming certification for rolling OpenClaw builds.
19
+
20
+ ## v1.0.3
21
+ - Include the signed attestation pack files in the public npm package so Trusted Mode Check can verify local attestation out of the box.
22
+
23
+ ## v1.0.2
24
+ - Publish the gateway/environment-aware Trusted Mode Check flow so governed runtime validation uses the same tenant, gateway, and environment context as the customer runtime.
25
+
26
+ - Add governed release artifacts (`SECURITY.md`, `RELEASE_v1.0.0.md`, compatibility matrix).
27
+ - Add Trusted Mode Check attestation status contract (`ENFORCED_OK`, `LOCKDOWN_ONLY`, `UNSAFE`) with JSON output.
28
+ - Add CI gates for release artifact and changelog version discipline.
29
+ - Add runtime certification gating (`CERTIFIED_ENFORCED` vs `LOCKDOWN_ONLY`/`UNSUPPORTED`) in plugin.
30
+ - Add signed `trusted_mode_attest` pack verification and trace/axis metadata in Trusted Mode Check output.
31
+ - Add compatibility certification workflow and matrix sync script.
32
+ - Add release operations hardening workflow with reproducible artifact checksum/manifest generation.
33
+ - Add security evidence workflow, threat model summary, triage log, and third-party notices generation/review templates.
34
+ - Add adversarial regression suite script and CI gate (tampered attestation, malformed PDP schema, unreachable PDP, uncertified runtime).
35
+ - Add unified startup health verification script for plugin/PDP/attestation/certification checks.
36
+ - Add performance benchmark automation (PDP p50/p95 + interception overhead), CI workflow, and published baseline report.
37
+ - Add security gate automation (`verify-security-gates`) with vulnerability threshold enforcement and triage log validation.
38
+ - Add generated `SECURITY_RELEASE_INDEX.md` artifact and workflow integration for release evidence traceability.
39
+ - Add enterprise hardening options in plugin config (`toolPolicyMode`, `allowedTools`, `requireTenantId`, `allowedTenantIds`) with fail-closed validation behavior.
40
+ - Add plugin schema/runtime contract check (`verify-plugin-schema-contract`) and CI enforcement.
41
+ - Add consolidated release evidence bundling command (`bundle-release-evidence`) and release workflow artifact publication.
42
+ - Add enterprise TCTP/EVTP validation matrix runner (`npm run test-pack-matrix`) against live PDP.
43
+ - Add release documentation for deterministic certification proof (`decision_proof`) vs timestamped operational `outcome_event`.
44
+
45
+ ## v1.0.0
46
+ - Add Trusted Mode Check CLI (Node) with mock PDP for CI.
47
+ - Add CI workflow to run build, tests, and CLI against mock PDP.
43
48
  - Enforce PDP timeout/fail-closed behavior and constraint checks in PEP.
package/dist/cli.js CHANGED
@@ -3,184 +3,162 @@
3
3
  Object.defineProperty(exports, "__esModule", { value: true });
4
4
  const node_process_1 = require("node:process");
5
5
  const attestation_1 = require("./attestation");
6
- const runtimeCertification_1 = require("./runtimeCertification");
6
+ const cliConfig_1 = require("./cliConfig");
7
+ const cliPdpClient_1 = require("./cliPdpClient");
7
8
  const sdeGuidance_1 = require("./sdeGuidance");
8
- const packageVersion_1 = require("./packageVersion");
9
- const PDP_URL = process.env.PDP_URL || 'http://localhost:8001/v1/authorize';
10
- const POLICY_VARIANT = process.env.POLICY_VARIANT || 'guard-pro.v2026.02';
11
- const TENANT_ID = process.env.TENANT_ID || 'trial-tenant';
12
- const GATEWAY_ID = process.env.GATEWAY_ID || process.env.OPENCLAW_GATEWAY_ID || 'gw-smoke-1';
13
- const ENVIRONMENT = process.env.ENVIRONMENT || process.env.OPENCLAW_ENVIRONMENT || 'prod';
14
- const OPENCLAW_VERSION = (0, packageVersion_1.resolveOpenClawVersion)();
15
- const RUNTIME_CERTIFICATION_STATUS = (0, runtimeCertification_1.normalizeRuntimeCertificationStatus)(process.env.CERTIFICATION_STATUS || 'CERTIFIED_ENFORCED');
16
- const JSON_MODE = process.argv.includes('--json');
17
- const EXPECTED_STATUS = process.env.EXPECTED_STATUS;
9
+ const CONFIG = (0, cliConfig_1.readCliConfig)();
18
10
  async function post(payload) {
19
- try {
20
- const res = await fetch(PDP_URL, {
21
- method: 'POST',
22
- headers: { 'Content-Type': 'application/json' },
23
- body: JSON.stringify(payload),
24
- });
25
- if (!res.ok) {
26
- throw new Error(`PDP unreachable (${res.status})`);
27
- }
28
- return (await res.json());
29
- }
30
- catch (err) {
31
- const detail = err?.name === 'AbortError' ? 'PDP timeout' : err?.message || String(err);
32
- throw new Error((0, sdeGuidance_1.maybeAppendSdeRuntimeGuidance)(detail, PDP_URL));
33
- }
11
+ return (0, cliPdpClient_1.postDecision)(CONFIG.pdpUrl, payload);
34
12
  }
35
13
  async function testDenyHighImpact() {
36
14
  const payload = {
37
- decision_sku: 'openclaw.trusted_mode.authorize.v1',
38
- policy_variant: POLICY_VARIANT,
39
- tenant_id: TENANT_ID,
40
- gateway_id: GATEWAY_ID,
41
- environment: ENVIRONMENT,
42
- inputs: { action_request: { tool_name: 'exec', params: {} } },
15
+ decision_sku: "openclaw.trusted_mode.authorize.v1",
16
+ policy_variant: CONFIG.policyVariant,
17
+ tenant_id: CONFIG.tenantId,
18
+ gateway_id: CONFIG.gatewayId,
19
+ environment: CONFIG.environment,
20
+ inputs: { action_request: { tool_name: "exec", params: {} } },
43
21
  };
44
22
  try {
45
23
  const result = await post(payload);
46
- if (result.decision !== 'deny') {
47
- return { id: 'deny_high_impact', ok: false, detail: `Expected deny, got ${result.decision}` };
24
+ if (result.decision !== "deny") {
25
+ return { id: "deny_high_impact", ok: false, detail: `Expected deny, got ${result.decision}` };
48
26
  }
49
- if (result.deny_code !== 'HIGH_BLAST') {
50
- return { id: 'deny_high_impact', ok: false, detail: `Expected deny_code=HIGH_BLAST, got ${result.deny_code}` };
27
+ if (result.deny_code !== "HIGH_BLAST") {
28
+ return { id: "deny_high_impact", ok: false, detail: `Expected deny_code=HIGH_BLAST, got ${result.deny_code}` };
51
29
  }
52
- if (!JSON_MODE)
53
- console.log('✅ HIGH-IMPACT TOOL BLOCKED (exec)');
54
- return { id: 'deny_high_impact', ok: true, detail: 'HIGH_BLAST deny verified' };
30
+ if (!CONFIG.jsonMode)
31
+ console.log("✅ HIGH-IMPACT TOOL BLOCKED (exec)");
32
+ return { id: "deny_high_impact", ok: true, detail: "HIGH_BLAST deny verified" };
55
33
  }
56
34
  catch (err) {
57
- return { id: 'deny_high_impact', ok: false, detail: err?.message || String(err) };
35
+ return { id: "deny_high_impact", ok: false, detail: err?.message || String(err) };
58
36
  }
59
37
  }
60
38
  async function testAllowLowImpact() {
61
39
  const payload = {
62
- decision_sku: 'openclaw.trusted_mode.authorize.v1',
63
- policy_variant: POLICY_VARIANT,
64
- tenant_id: TENANT_ID,
65
- gateway_id: GATEWAY_ID,
66
- environment: ENVIRONMENT,
67
- inputs: { action_request: { tool_name: 'read_file', params: {} } },
40
+ decision_sku: "openclaw.trusted_mode.authorize.v1",
41
+ policy_variant: CONFIG.policyVariant,
42
+ tenant_id: CONFIG.tenantId,
43
+ gateway_id: CONFIG.gatewayId,
44
+ environment: CONFIG.environment,
45
+ inputs: { action_request: { tool_name: "read_file", params: {} } },
68
46
  };
69
47
  try {
70
48
  const result = await post(payload);
71
- if (result.decision !== 'allow') {
72
- return { id: 'allow_low_impact', ok: false, detail: `Expected allow, got ${result.decision}` };
49
+ if (result.decision !== "allow") {
50
+ return { id: "allow_low_impact", ok: false, detail: `Expected allow, got ${result.decision}` };
73
51
  }
74
- if (!JSON_MODE)
75
- console.log('✅ LOW-IMPACT TOOL ALLOWED (read_file)');
76
- return { id: 'allow_low_impact', ok: true, detail: 'allow decision verified' };
52
+ if (!CONFIG.jsonMode)
53
+ console.log("✅ LOW-IMPACT TOOL ALLOWED (read_file)");
54
+ return { id: "allow_low_impact", ok: true, detail: "allow decision verified" };
77
55
  }
78
56
  catch (err) {
79
- return { id: 'allow_low_impact', ok: false, detail: err?.message || String(err) };
57
+ return { id: "allow_low_impact", ok: false, detail: err?.message || String(err) };
80
58
  }
81
59
  }
82
60
  async function testSignatureFailure() {
83
61
  const payload = {
84
- decision_sku: 'openclaw.trusted_mode.authorize.v1',
85
- policy_variant: 'invalid-pack',
86
- tenant_id: TENANT_ID,
87
- gateway_id: GATEWAY_ID,
88
- environment: ENVIRONMENT,
89
- inputs: { action_request: { tool_name: 'exec', params: {} } },
62
+ decision_sku: "openclaw.trusted_mode.authorize.v1",
63
+ policy_variant: "invalid-pack",
64
+ tenant_id: CONFIG.tenantId,
65
+ gateway_id: CONFIG.gatewayId,
66
+ environment: CONFIG.environment,
67
+ inputs: { action_request: { tool_name: "exec", params: {} } },
90
68
  };
91
69
  try {
92
70
  const result = await post(payload);
93
- if (result.decision !== 'deny') {
94
- return { id: 'signature_failure', ok: false, detail: `Expected deny, got ${result.decision}` };
71
+ if (result.decision !== "deny") {
72
+ return { id: "signature_failure", ok: false, detail: `Expected deny, got ${result.decision}` };
95
73
  }
96
- const denyCode = String(result.deny_code || '');
97
- const effectiveVariant = String(result.trace?.policy_variant || result.decision_proof?.policy_variant || '');
98
- const acceptable = denyCode.includes('SIGNATURE') ||
99
- denyCode === 'POLICY_VARIANT_IMMUTABLE' ||
100
- (denyCode === 'HIGH_BLAST' && effectiveVariant && effectiveVariant !== 'invalid-pack');
74
+ const denyCode = String(result.deny_code || "");
75
+ const effectiveVariant = String(result.trace?.policy_variant || result.decision_proof?.policy_variant || "");
76
+ const acceptable = denyCode.includes("SIGNATURE") ||
77
+ denyCode === "POLICY_VARIANT_IMMUTABLE" ||
78
+ (denyCode === "HIGH_BLAST" && effectiveVariant && effectiveVariant !== "invalid-pack");
101
79
  if (!acceptable) {
102
80
  return {
103
- id: 'signature_failure',
81
+ id: "signature_failure",
104
82
  ok: false,
105
83
  detail: `Expected signature/immutability deny or mapped-pack fail-closed result, got ${result.deny_code}`,
106
84
  };
107
85
  }
108
- if (!JSON_MODE)
109
- console.log('✅ FAIL-CLOSED ON BAD SIGNATURE');
110
- return { id: 'signature_failure', ok: true, detail: 'signature failure path denied' };
86
+ if (!CONFIG.jsonMode)
87
+ console.log("✅ FAIL-CLOSED ON BAD SIGNATURE");
88
+ return { id: "signature_failure", ok: true, detail: "signature failure path denied" };
111
89
  }
112
90
  catch (err) {
113
- return { id: 'signature_failure', ok: false, detail: err?.message || String(err) };
91
+ return { id: "signature_failure", ok: false, detail: err?.message || String(err) };
114
92
  }
115
93
  }
116
94
  function deriveStatus(results, runtimeCertificationStatus) {
117
95
  const allOk = results.every((r) => r.ok);
118
96
  if (allOk)
119
- return 'ENFORCED_OK';
120
- const packIntegrityFailure = results.some((r) => r.id === 'attestation_pack_signature' && !r.ok);
97
+ return "ENFORCED_OK";
98
+ const packIntegrityFailure = results.some((r) => r.id === "attestation_pack_signature" && !r.ok);
121
99
  if (packIntegrityFailure)
122
- return 'UNSAFE';
123
- const anyConnectivityFailure = results.some((r) => r.detail.includes('PDP unreachable') || r.detail.includes('fetch failed'));
100
+ return "UNSAFE";
101
+ const anyConnectivityFailure = results.some((r) => r.detail.includes("PDP unreachable") || r.detail.includes("fetch failed"));
124
102
  if (anyConnectivityFailure)
125
- return 'UNSAFE';
126
- if (runtimeCertificationStatus !== 'CERTIFIED_ENFORCED')
127
- return 'LOCKDOWN_ONLY';
128
- return 'LOCKDOWN_ONLY';
103
+ return "UNSAFE";
104
+ if (runtimeCertificationStatus !== "CERTIFIED_ENFORCED")
105
+ return "LOCKDOWN_ONLY";
106
+ return "LOCKDOWN_ONLY";
129
107
  }
130
108
  function remediationFor(status, runtimeCertificationStatus, hasConnectivityFailure) {
131
- if (status === 'ENFORCED_OK')
132
- return ['No remediation required.'];
133
- if (runtimeCertificationStatus !== 'CERTIFIED_ENFORCED') {
109
+ if (status === "ENFORCED_OK")
110
+ return ["No remediation required."];
111
+ if (runtimeCertificationStatus !== "CERTIFIED_ENFORCED") {
134
112
  return [
135
- 'Run in LOCKDOWN_ONLY posture and block high-risk tools by default.',
136
- 'Certify this OpenClaw runtime version in COMPATIBILITY_MATRIX.md.',
137
- 'Set CERTIFICATION_STATUS=CERTIFIED_ENFORCED only after certification evidence is complete.',
113
+ "Run in LOCKDOWN_ONLY posture and block high-risk tools by default.",
114
+ "Certify this OpenClaw runtime version in COMPATIBILITY_MATRIX.md.",
115
+ "Set CERTIFICATION_STATUS=CERTIFIED_ENFORCED only after certification evidence is complete.",
138
116
  ];
139
117
  }
140
- if (status === 'LOCKDOWN_ONLY') {
118
+ if (status === "LOCKDOWN_ONLY") {
141
119
  return [
142
- 'Review failing checks and update policy/tool-name mappings.',
143
- 'Re-run trusted-mode-check after remediation.',
120
+ "Review failing checks and update policy/tool-name mappings.",
121
+ "Re-run trusted-mode-check after remediation.",
144
122
  ];
145
123
  }
146
124
  const steps = [
147
- 'Restore PDP reachability and verify /healthz.',
148
- 'Confirm plugin pdpUrl and tenant configuration.',
149
- 'Keep fail-closed enabled until ENFORCED_OK is restored.',
125
+ "Restore PDP reachability and verify /healthz.",
126
+ "Confirm plugin pdpUrl and tenant configuration.",
127
+ "Keep fail-closed enabled until ENFORCED_OK is restored.",
150
128
  ];
151
- if (hasConnectivityFailure && (0, sdeGuidance_1.isLocalPdpUrl)(PDP_URL)) {
152
- steps.unshift('If you only need standalone hardening, switch the plugin to ALLOWLIST_ONLY.', 'If you want governed mode, obtain the licensed SDE runtime and deployment instructions from https://darkelogix.ai/, then point PDP_URL at that environment.');
129
+ if (hasConnectivityFailure && (0, sdeGuidance_1.isLocalPdpUrl)(CONFIG.pdpUrl)) {
130
+ steps.unshift("If you only need standalone hardening, switch the plugin to ALLOWLIST_ONLY.", "If you want governed mode, obtain the licensed SDE runtime and deployment instructions from https://darkelogix.ai/, then point PDP_URL at that environment.");
153
131
  }
154
132
  return steps;
155
133
  }
156
134
  function computeAxisScores(checks, runtimeCertificationStatus) {
157
135
  const okById = new Map(checks.map((c) => [c.id, c.ok]));
158
136
  return {
159
- interception_proof: okById.get('deny_high_impact') && okById.get('allow_low_impact') ? 'PASS' : 'FAIL',
160
- fail_safe_posture: okById.get('signature_failure') ? 'PASS' : 'FAIL',
161
- integrity: okById.get('attestation_pack_signature') ? 'PASS' : 'FAIL',
162
- certified_compatibility: runtimeCertificationStatus === 'CERTIFIED_ENFORCED'
163
- ? 'PASS'
164
- : runtimeCertificationStatus === 'LOCKDOWN_ONLY'
165
- ? 'WARN'
166
- : 'FAIL',
137
+ interception_proof: okById.get("deny_high_impact") && okById.get("allow_low_impact") ? "PASS" : "FAIL",
138
+ fail_safe_posture: okById.get("signature_failure") ? "PASS" : "FAIL",
139
+ integrity: okById.get("attestation_pack_signature") ? "PASS" : "FAIL",
140
+ certified_compatibility: runtimeCertificationStatus === "CERTIFIED_ENFORCED"
141
+ ? "PASS"
142
+ : runtimeCertificationStatus === "LOCKDOWN_ONLY"
143
+ ? "WARN"
144
+ : "FAIL",
167
145
  };
168
146
  }
169
147
  async function main() {
170
- if (!JSON_MODE)
171
- console.log('🔍 Running Trusted Mode Check...\n');
148
+ if (!CONFIG.jsonMode)
149
+ console.log("🔍 Running Trusted Mode Check...\n");
172
150
  const traceId = (0, attestation_1.makeTraceId)();
173
151
  const packVerification = (0, attestation_1.verifyLocalAttestationPack)();
174
152
  const packCheck = packVerification.ok
175
153
  ? {
176
- id: 'attestation_pack_signature',
154
+ id: "attestation_pack_signature",
177
155
  ok: true,
178
156
  detail: `verified (${packVerification.packVersion})`,
179
157
  }
180
158
  : {
181
- id: 'attestation_pack_signature',
159
+ id: "attestation_pack_signature",
182
160
  ok: false,
183
- detail: packVerification.error || 'attestation verification failed',
161
+ detail: packVerification.error || "attestation verification failed",
184
162
  };
185
163
  const checks = await Promise.all([
186
164
  Promise.resolve(packCheck),
@@ -188,33 +166,33 @@ async function main() {
188
166
  testAllowLowImpact(),
189
167
  testSignatureFailure(),
190
168
  ]);
191
- const anyConnectivityFailure = checks.some((r) => r.detail.includes('PDP unreachable') || r.detail.includes('fetch failed') || r.detail.includes('timeout') || r.detail.includes('aborted'));
192
- const status = RUNTIME_CERTIFICATION_STATUS === 'CERTIFIED_ENFORCED'
193
- ? deriveStatus(checks, RUNTIME_CERTIFICATION_STATUS)
194
- : 'LOCKDOWN_ONLY';
195
- const axisScores = computeAxisScores(checks, RUNTIME_CERTIFICATION_STATUS);
169
+ const anyConnectivityFailure = checks.some((r) => r.detail.includes("PDP unreachable") || r.detail.includes("fetch failed") || r.detail.includes("timeout") || r.detail.includes("aborted"));
170
+ const status = CONFIG.runtimeCertificationStatus === "CERTIFIED_ENFORCED"
171
+ ? deriveStatus(checks, CONFIG.runtimeCertificationStatus)
172
+ : "LOCKDOWN_ONLY";
173
+ const axisScores = computeAxisScores(checks, CONFIG.runtimeCertificationStatus);
196
174
  const report = {
197
175
  status,
198
- policy_variant: POLICY_VARIANT,
199
- pdp_url: PDP_URL,
200
- tenant_id: TENANT_ID,
176
+ policy_variant: CONFIG.policyVariant,
177
+ pdp_url: CONFIG.pdpUrl,
178
+ tenant_id: CONFIG.tenantId,
201
179
  trace_id: traceId,
202
- openclaw_version: OPENCLAW_VERSION,
203
- runtime_certification_status: RUNTIME_CERTIFICATION_STATUS,
180
+ openclaw_version: CONFIG.openclawVersion,
181
+ runtime_certification_status: CONFIG.runtimeCertificationStatus,
204
182
  attestation_pack_version: packVerification.packVersion,
205
183
  attestation_signature_verified: packVerification.signatureVerified,
206
184
  axis_scores: axisScores,
207
185
  checks,
208
- remediation: remediationFor(status, RUNTIME_CERTIFICATION_STATUS, anyConnectivityFailure),
186
+ remediation: remediationFor(status, CONFIG.runtimeCertificationStatus, anyConnectivityFailure),
209
187
  generated_at: new Date().toISOString(),
210
188
  };
211
- if (JSON_MODE) {
189
+ if (CONFIG.jsonMode) {
212
190
  console.log(JSON.stringify(report, null, 2));
213
191
  }
214
192
  else {
215
- if (status === 'ENFORCED_OK') {
216
- console.log('\n🎉 ALL TESTS PASSED — Trusted Mode is LIVE and PROVABLE');
217
- console.log(' Your OpenClaw deployment is now governed.');
193
+ if (status === "ENFORCED_OK") {
194
+ console.log("\n🎉 ALL TESTS PASSED — Trusted Mode is LIVE and PROVABLE");
195
+ console.log(" Your OpenClaw deployment is now governed.");
218
196
  }
219
197
  else {
220
198
  console.error(`\n❌ TRUSTED MODE CHECK STATUS: ${status}`);
@@ -222,19 +200,19 @@ async function main() {
222
200
  if (!check.ok)
223
201
  console.error(`- ${check.id}: ${check.detail}`);
224
202
  }
225
- console.error('\nRemediation:');
203
+ console.error("\nRemediation:");
226
204
  for (const step of report.remediation)
227
205
  console.error(`- ${step}`);
228
206
  }
229
- console.log('\nAttestation report (--json):');
207
+ console.log("\nAttestation report (--json):");
230
208
  console.log(JSON.stringify(report, null, 2));
231
209
  }
232
- if (EXPECTED_STATUS) {
233
- if (status !== EXPECTED_STATUS)
210
+ if (CONFIG.expectedStatus) {
211
+ if (status !== CONFIG.expectedStatus)
234
212
  (0, node_process_1.exit)(1);
235
213
  return;
236
214
  }
237
- if (status !== 'ENFORCED_OK')
215
+ if (status !== "ENFORCED_OK")
238
216
  (0, node_process_1.exit)(1);
239
217
  }
240
218
  main();
package/dist/cliConfig.js ADDED
@@ -0,0 +1,19 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.readCliConfig = readCliConfig;
4
+ const packageVersion_1 = require("./packageVersion");
5
+ const runtimeCertification_1 = require("./runtimeCertification");
6
+ function readCliConfig(argv = process.argv) {
7
+ const env = process.env;
8
+ return {
9
+ pdpUrl: env.PDP_URL || "http://localhost:8001/v1/authorize",
10
+ policyVariant: env.POLICY_VARIANT || "guard-pro.v2026.02",
11
+ tenantId: env.TENANT_ID || "trial-tenant",
12
+ gatewayId: env.GATEWAY_ID || env.OPENCLAW_GATEWAY_ID || "gw-smoke-1",
13
+ environment: env.ENVIRONMENT || env.OPENCLAW_ENVIRONMENT || "prod",
14
+ openclawVersion: (0, packageVersion_1.resolveOpenClawVersion)(env.OPENCLAW_VERSION),
15
+ runtimeCertificationStatus: (0, runtimeCertification_1.normalizeRuntimeCertificationStatus)(env.CERTIFICATION_STATUS || "CERTIFIED_ENFORCED"),
16
+ jsonMode: argv.includes("--json"),
17
+ expectedStatus: env.EXPECTED_STATUS,
18
+ };
19
+ }
package/dist/cliPdpClient.js ADDED
@@ -0,0 +1,21 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.postDecision = postDecision;
4
+ const sdeGuidance_1 = require("./sdeGuidance");
5
+ async function postDecision(pdpUrl, payload) {
6
+ try {
7
+ const res = await fetch(pdpUrl, {
8
+ method: "POST",
9
+ headers: { "Content-Type": "application/json" },
10
+ body: JSON.stringify(payload),
11
+ });
12
+ if (!res.ok) {
13
+ throw new Error(`PDP unreachable (${res.status})`);
14
+ }
15
+ return (await res.json());
16
+ }
17
+ catch (err) {
18
+ const detail = err?.name === "AbortError" ? "PDP timeout" : err?.message || String(err);
19
+ throw new Error((0, sdeGuidance_1.maybeAppendSdeRuntimeGuidance)(detail, pdpUrl));
20
+ }
21
+ }
package/openclaw.plugin.json CHANGED
@@ -1,64 +1,64 @@
1
1
  {
2
- "id": "openclaw-trusted-mode",
2
+ "id": "openclaw-trusted-mode",
3
3
  "name": "Trusted Mode Governance",
4
- "version": "1.0.0",
4
+ "version": "1.0.4",
5
5
  "description": "Provable enforcement using SDE-PDP + signed policy packs",
6
6
  "author": "Darkelogix",
7
7
  "hooks": ["before_tool_call"],
8
8
  "configSchema": {
9
9
  "type": "object",
10
- "properties": {
11
- "pdpUrl": { "type": "string", "default": "http://localhost:8001/v1/authorize" },
12
- "policyVariant": { "type": "string", "default": "guard-pro.v2026.02" },
13
- "pdpTimeoutMs": { "type": "number", "default": 5000 },
14
- "failClosed": { "type": "boolean", "default": true },
15
- "tenantId": { "type": "string" },
16
- "gatewayId": { "type": "string" },
17
- "environment": { "type": "string" },
18
- "certificationStatus": {
19
- "type": "string",
20
- "enum": ["CERTIFIED_ENFORCED", "LOCKDOWN_ONLY", "UNSUPPORTED"],
21
- "default": "LOCKDOWN_ONLY"
22
- },
23
- "openclawVersion": { "type": "string" },
24
- "certifiedOpenClawVersions": {
25
- "type": "array",
26
- "items": { "type": "string" },
27
- "default": []
28
- },
29
- "highRiskTools": {
30
- "type": "array",
31
- "items": { "type": "string" },
32
- "default": ["exec", "execute_shell", "run_shell_command", "shell", "delete_file", "remove_file", "write_file", "edit_file"]
33
- },
34
- "toolPolicyMode": {
35
- "type": "string",
36
- "enum": ["PDP", "ALLOWLIST_ONLY"],
37
- "default": "ALLOWLIST_ONLY"
38
- },
39
- "allowedTools": {
40
- "type": "array",
41
- "items": { "type": "string" },
42
- "default": ["read_file", "list_files", "search_files"]
43
- },
44
- "requireTenantId": {
45
- "type": "boolean",
46
- "default": false
47
- },
48
- "allowedTenantIds": {
49
- "type": "array",
50
- "items": { "type": "string" },
51
- "default": []
52
- },
53
- "contextCurator": {
54
- "type": "object",
55
- "properties": {
56
- "enabled": { "type": "boolean", "default": false },
57
- "redactKeys": { "type": "array", "items": { "type": "string" } },
58
- "dropPaths": { "type": "array", "items": { "type": "string" } },
59
- "maxStringLength": { "type": "number", "default": 0 }
60
- }
61
- }
62
- }
63
- }
64
- }
10
+ "properties": {
11
+ "pdpUrl": { "type": "string", "default": "http://localhost:8001/v1/authorize" },
12
+ "policyVariant": { "type": "string", "default": "guard-pro.v2026.02" },
13
+ "pdpTimeoutMs": { "type": "number", "default": 5000 },
14
+ "failClosed": { "type": "boolean", "default": true },
15
+ "tenantId": { "type": "string" },
16
+ "gatewayId": { "type": "string" },
17
+ "environment": { "type": "string" },
18
+ "certificationStatus": {
19
+ "type": "string",
20
+ "enum": ["CERTIFIED_ENFORCED", "LOCKDOWN_ONLY", "UNSUPPORTED"],
21
+ "default": "LOCKDOWN_ONLY"
22
+ },
23
+ "openclawVersion": { "type": "string" },
24
+ "certifiedOpenClawVersions": {
25
+ "type": "array",
26
+ "items": { "type": "string" },
27
+ "default": []
28
+ },
29
+ "highRiskTools": {
30
+ "type": "array",
31
+ "items": { "type": "string" },
32
+ "default": ["exec", "execute_shell", "run_shell_command", "shell", "delete_file", "remove_file", "write_file", "edit_file"]
33
+ },
34
+ "toolPolicyMode": {
35
+ "type": "string",
36
+ "enum": ["PDP", "ALLOWLIST_ONLY"],
37
+ "default": "ALLOWLIST_ONLY"
38
+ },
39
+ "allowedTools": {
40
+ "type": "array",
41
+ "items": { "type": "string" },
42
+ "default": ["read_file", "list_files", "search_files"]
43
+ },
44
+ "requireTenantId": {
45
+ "type": "boolean",
46
+ "default": false
47
+ },
48
+ "allowedTenantIds": {
49
+ "type": "array",
50
+ "items": { "type": "string" },
51
+ "default": []
52
+ },
53
+ "contextCurator": {
54
+ "type": "object",
55
+ "properties": {
56
+ "enabled": { "type": "boolean", "default": false },
57
+ "redactKeys": { "type": "array", "items": { "type": "string" } },
58
+ "dropPaths": { "type": "array", "items": { "type": "string" } },
59
+ "maxStringLength": { "type": "number", "default": 0 }
60
+ }
61
+ }
62
+ }
63
+ }
64
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@darkelogix/openclaw-trusted-mode",
3
- "version": "1.0.3",
3
+ "version": "1.0.4",
4
4
  "description": "MIT-licensed OpenClaw Trusted Mode plugin with standalone hardening and optional SDE-backed governance",
5
5
  "license": "MIT",
6
6
  "main": "dist/index.js",
@@ -37,6 +37,8 @@
37
37
  "files": [
38
38
  "dist/attestation.js",
39
39
  "dist/cli.js",
40
+ "dist/cliConfig.js",
41
+ "dist/cliPdpClient.js",
40
42
  "dist/constraints.js",
41
43
  "dist/contextCurator.js",
42
44
  "dist/hardening.js",