npm - @darkelogix/openclaw-trusted-mode - Versions diffs - 1.0.3 → 1.0.5 - Mend

@darkelogix/openclaw-trusted-mode 1.0.3 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,43 +1,53 @@
-# Changelog
-Terminology and acronyms: [`GLOSSARY.md`](./GLOSSARY.md).
-## Acronym Expansions
-- `PDP`: Policy Decision Point
-- `PEP`: Policy Enforcement Point
-- `CLI`: Command Line Interface
-- `CI`: Continuous Integration
-## Unreleased
-- Add gateway/environment fields to the published Trusted Mode Check PDP requests so live Guard Pro runtime validation works against quota-aware runtime bundles.
-## v1.0.3
-- Include the signed attestation pack files in the public npm package so Trusted Mode Check can verify local attestation out of the box.
-## v1.0.2
-- Publish the gateway/environment-aware Trusted Mode Check flow so governed runtime validation uses the same tenant, gateway, and environment context as the customer runtime.
-- Add governed release artifacts (`SECURITY.md`, `RELEASE_v1.0.0.md`, compatibility matrix).
-- Add Trusted Mode Check attestation status contract (`ENFORCED_OK`, `LOCKDOWN_ONLY`, `UNSAFE`) with JSON output.
-- Add CI gates for release artifact and changelog version discipline.
-- Add runtime certification gating (`CERTIFIED_ENFORCED` vs `LOCKDOWN_ONLY`/`UNSUPPORTED`) in plugin.
-- Add signed `trusted_mode_attest` pack verification and trace/axis metadata in Trusted Mode Check output.
-- Add compatibility certification workflow and matrix sync script.
-- Add release operations hardening workflow with reproducible artifact checksum/manifest generation.
-- Add security evidence workflow, threat model summary, triage log, and third-party notices generation/review templates.
-- Add adversarial regression suite script and CI gate (tampered attestation, malformed PDP schema, unreachable PDP, uncertified runtime).
-- Add unified startup health verification script for plugin/PDP/attestation/certification checks.
-- Add performance benchmark automation (PDP p50/p95 + interception overhead), CI workflow, and published baseline report.
-- Add security gate automation (`verify-security-gates`) with vulnerability threshold enforcement and triage log validation.
-- Add generated `SECURITY_RELEASE_INDEX.md` artifact and workflow integration for release evidence traceability.
-- Add enterprise hardening options in plugin config (`toolPolicyMode`, `allowedTools`, `requireTenantId`, `allowedTenantIds`) with fail-closed validation behavior.
-- Add plugin schema/runtime contract check (`verify-plugin-schema-contract`) and CI enforcement.
-- Add consolidated release evidence bundling command (`bundle-release-evidence`) and release workflow artifact publication.
-- Add enterprise TCTP/EVTP validation matrix runner (`npm run test-pack-matrix`) against live PDP.
-- Add release documentation for deterministic certification proof (`decision_proof`) vs timestamped operational `outcome_event`.
-## v1.0.0
-- Add Trusted Mode Check CLI (Node) with mock PDP for CI.
-- Add CI workflow to run build, tests, and CLI against mock PDP.
+# Changelog
+Terminology and acronyms: [`GLOSSARY.md`](./GLOSSARY.md).
+## Acronym Expansions
+- `PDP`: Policy Decision Point
+- `PEP`: Policy Enforcement Point
+- `CLI`: Command Line Interface
+- `CI`: Continuous Integration
+## Unreleased
+- No unreleased changes recorded.
+## v1.0.5
+- Add `openclaw-trusted-mode-configure`, a dedicated guided config writer for governed OpenClaw hosts that updates `~/.openclaw/openclaw.json` with `plugins.allow`, tenant, gateway, environment, PDP URL, and fail-closed settings.
+- Remove the remaining manual-JSON ambiguity from the package docs by documenting the new configure command for governed mode.
+- Keep the package contract explicit by publishing the new configure CLI and its config-writer module in the npm tarball.
+## v1.0.4
+- Make the public npm package install-safe for current OpenClaw builds by separating Trusted Mode Check environment reads from PDP network calls in the shipped CLI entrypoint.
+- Align `openclaw.plugin.json` with the published package version and keep the required helper CLI modules in the npm tarball.
+- Preserve current compatibility posture by publishing the installer fix without claiming certification for rolling OpenClaw builds.
+## v1.0.3
+- Include the signed attestation pack files in the public npm package so Trusted Mode Check can verify local attestation out of the box.
+## v1.0.2
+- Publish the gateway/environment-aware Trusted Mode Check flow so governed runtime validation uses the same tenant, gateway, and environment context as the customer runtime.
+- Add governed release artifacts (`SECURITY.md`, `RELEASE_v1.0.0.md`, compatibility matrix).
+- Add Trusted Mode Check attestation status contract (`ENFORCED_OK`, `LOCKDOWN_ONLY`, `UNSAFE`) with JSON output.
+- Add CI gates for release artifact and changelog version discipline.
+- Add runtime certification gating (`CERTIFIED_ENFORCED` vs `LOCKDOWN_ONLY`/`UNSUPPORTED`) in plugin.
+- Add signed `trusted_mode_attest` pack verification and trace/axis metadata in Trusted Mode Check output.
+- Add compatibility certification workflow and matrix sync script.
+- Add release operations hardening workflow with reproducible artifact checksum/manifest generation.
+- Add security evidence workflow, threat model summary, triage log, and third-party notices generation/review templates.
+- Add adversarial regression suite script and CI gate (tampered attestation, malformed PDP schema, unreachable PDP, uncertified runtime).
+- Add unified startup health verification script for plugin/PDP/attestation/certification checks.
+- Add performance benchmark automation (PDP p50/p95 + interception overhead), CI workflow, and published baseline report.
+- Add security gate automation (`verify-security-gates`) with vulnerability threshold enforcement and triage log validation.
+- Add generated `SECURITY_RELEASE_INDEX.md` artifact and workflow integration for release evidence traceability.
+- Add enterprise hardening options in plugin config (`toolPolicyMode`, `allowedTools`, `requireTenantId`, `allowedTenantIds`) with fail-closed validation behavior.
+- Add plugin schema/runtime contract check (`verify-plugin-schema-contract`) and CI enforcement.
+- Add consolidated release evidence bundling command (`bundle-release-evidence`) and release workflow artifact publication.
+- Add enterprise TCTP/EVTP validation matrix runner (`npm run test-pack-matrix`) against live PDP.
+- Add release documentation for deterministic certification proof (`decision_proof`) vs timestamped operational `outcome_event`.
+## v1.0.0
+- Add Trusted Mode Check CLI (Node) with mock PDP for CI.
+- Add CI workflow to run build, tests, and CLI against mock PDP.
 - Enforce PDP timeout/fail-closed behavior and constraint checks in PEP.

package/README.md CHANGED Viewed

@@ -128,6 +128,19 @@ openclaw plugins info openclaw-trusted-mode
 For a standalone free-mode config, start from [`openclaw.user-config.entry.example.json`](./openclaw.user-config.entry.example.json).
+For governed mode, install/register the plugin first, then write the OpenClaw host config with:
+```bash
+openclaw-trusted-mode-configure \
+  --tenantId darkelogix \
+  --gatewayId gw-dev \
+  --environment dev \
+  --pdpUrl http://10.90.0.6:8001/v1/authorize \
+  --certificationStatus LOCKDOWN_ONLY
+```
+This command updates `~/.openclaw/openclaw.json`, adds `openclaw-trusted-mode` to `plugins.allow`, and writes the governed plugin settings under `plugins.entries.openclaw-trusted-mode`.
 ## Plugin config
 See [`openclaw.plugin.json`](./openclaw.plugin.json) for config schema and defaults, including:
@@ -165,6 +178,8 @@ Recommended paid / PDP-backed baseline:
   "toolPolicyMode": "PDP",
   "pdpUrl": "http://localhost:8001/v1/authorize",
   "tenantId": "trial-tenant",
+  "gatewayId": "gw-smoke-1",
+  "environment": "prod",
   "failClosed": true,
   "certificationStatus": "LOCKDOWN_ONLY"
 }
@@ -198,4 +213,3 @@ npm run bundle-release-evidence
 npm run startup-health-check -- --skip-plugin-check
 ```

package/SELF_SERVICE_FAQ.md CHANGED Viewed

@@ -54,8 +54,8 @@ If not:
 Set-Location <openclaw-trusted-mode-path>
 npm install
 npm run build
-openclaw plugins install <openclaw-trusted-mode-path> --no-color
-openclaw plugins info openclaw-trusted-mode --no-color
+openclaw plugins install <openclaw-trusted-mode-path>
+openclaw plugins info openclaw-trusted-mode
 ```
 Expected: plugin status is `loaded`.
@@ -104,7 +104,24 @@ Check in order:
 3. If using WSL, test `host.docker.internal` endpoint.
 4. Keep `failClosed=true` in production.
-## 6) License endpoint or support placeholders are unresolved
+## 6) `[Trusted Mode ERROR] Hardening config invalid`
+Meaning: OpenClaw loaded the plugin, but `~/.openclaw/openclaw.json` still has an incomplete plugin config.
+For governed mode, rewrite the host config with:
+```powershell
+openclaw-trusted-mode-configure --tenantId <tenant-id> --gatewayId <gateway-id> --environment <environment> --pdpUrl http://<guard-pro-host>:8001/v1/authorize --certificationStatus LOCKDOWN_ONLY
+```
+That command:
+1. Adds `openclaw-trusted-mode` to `plugins.allow`.
+2. Sets `toolPolicyMode=PDP`.
+3. Writes `tenantId`, `gatewayId`, `environment`, `pdpUrl`, `failClosed=true`, and `allowedTenantIds=[tenantId]`.
+4. Replaces stale standalone `ALLOWLIST_ONLY` defaults that can block governed startup.
+## 7) License endpoint or support placeholders are unresolved
 Define and verify the values from `START_HERE.md` section "Remaining org-specific values to fill once":
@@ -117,7 +134,7 @@ After setting values:
 1. Re-run licensing/activation check (`sde-cli license status`).
 2. Re-run pilot or production readiness checklist.
-## 7) `ENTITLEMENT_DENIED` for expected active tenant
+## 8) `ENTITLEMENT_DENIED` for expected active tenant
 1. Inspect `ops/entitlements.json` for exact tenant key and SKU.
 2. Confirm request `tenant_id` matches exactly.
@@ -129,7 +146,7 @@ Set-Location <sde-enterprise-path>
 python ops\pdp_admin_cli.py authorize-test --tenant-id <tenant_id> --tool-name read_file --gateway-id gw-1 --environment prod
 ```
-## 8) Policy pack signature verification errors
+## 9) Policy pack signature verification errors
 1. Confirm both files exist for active variant:
 - `<variant>.json`

package/START_HERE.md CHANGED Viewed

@@ -110,13 +110,13 @@ Copy-Item <sde-enterprise-path>\.env.example <sde-enterprise-path>\.env -Force
 Use this path if you want practical local hardening without SDE PDP.
-```powershell
-Set-Location <openclaw-trusted-mode-path>
-npm install
-npm run build
-openclaw plugins install <openclaw-trusted-mode-path> --no-color
-openclaw plugins info openclaw-trusted-mode --no-color
-```
+```powershell
+Set-Location <openclaw-trusted-mode-path>
+npm install
+npm run build
+openclaw plugins install <openclaw-trusted-mode-path>
+openclaw plugins info openclaw-trusted-mode
+```
 Expected: plugin status is `loaded`.
@@ -152,15 +152,16 @@ Expected:
 ## 6) Build and install plugin for SDE-backed mode
-```powershell
-Set-Location <openclaw-trusted-mode-path>
-npm install
-npm run build
-openclaw plugins install <openclaw-trusted-mode-path> --no-color
-openclaw plugins info openclaw-trusted-mode --no-color
-```
-Expected: plugin status is `loaded`.
+```powershell
+Set-Location <openclaw-trusted-mode-path>
+npm install
+npm run build
+openclaw plugins install <openclaw-trusted-mode-path>
+openclaw plugins info openclaw-trusted-mode
+openclaw-trusted-mode-configure --tenantId <tenant-id> --gatewayId <gateway-id> --environment <environment> --pdpUrl http://<guard-pro-host>:8001/v1/authorize --certificationStatus LOCKDOWN_ONLY
+```
+Expected: plugin status is `loaded`.
 ## 7) Run first-success smoke tests

package/dist/cli.js CHANGED Viewed

@@ -3,184 +3,162 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const node_process_1 = require("node:process");
 const attestation_1 = require("./attestation");
-const runtimeCertification_1 = require("./runtimeCertification");
+const cliConfig_1 = require("./cliConfig");
+const cliPdpClient_1 = require("./cliPdpClient");
 const sdeGuidance_1 = require("./sdeGuidance");
-const packageVersion_1 = require("./packageVersion");
-const PDP_URL = process.env.PDP_URL || 'http://localhost:8001/v1/authorize';
-const POLICY_VARIANT = process.env.POLICY_VARIANT || 'guard-pro.v2026.02';
-const TENANT_ID = process.env.TENANT_ID || 'trial-tenant';
-const GATEWAY_ID = process.env.GATEWAY_ID || process.env.OPENCLAW_GATEWAY_ID || 'gw-smoke-1';
-const ENVIRONMENT = process.env.ENVIRONMENT || process.env.OPENCLAW_ENVIRONMENT || 'prod';
-const OPENCLAW_VERSION = (0, packageVersion_1.resolveOpenClawVersion)();
-const RUNTIME_CERTIFICATION_STATUS = (0, runtimeCertification_1.normalizeRuntimeCertificationStatus)(process.env.CERTIFICATION_STATUS || 'CERTIFIED_ENFORCED');
-const JSON_MODE = process.argv.includes('--json');
-const EXPECTED_STATUS = process.env.EXPECTED_STATUS;
+const CONFIG = (0, cliConfig_1.readCliConfig)();
 async function post(payload) {
-    try {
-        const res = await fetch(PDP_URL, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify(payload),
-        });
-        if (!res.ok) {
-            throw new Error(`PDP unreachable (${res.status})`);
-        }
-        return (await res.json());
-    }
-    catch (err) {
-        const detail = err?.name === 'AbortError' ? 'PDP timeout' : err?.message || String(err);
-        throw new Error((0, sdeGuidance_1.maybeAppendSdeRuntimeGuidance)(detail, PDP_URL));
-    }
+    return (0, cliPdpClient_1.postDecision)(CONFIG.pdpUrl, payload);
 }
 async function testDenyHighImpact() {
     const payload = {
-        decision_sku: 'openclaw.trusted_mode.authorize.v1',
-        policy_variant: POLICY_VARIANT,
-        tenant_id: TENANT_ID,
-        gateway_id: GATEWAY_ID,
-        environment: ENVIRONMENT,
-        inputs: { action_request: { tool_name: 'exec', params: {} } },
+        decision_sku: "openclaw.trusted_mode.authorize.v1",
+        policy_variant: CONFIG.policyVariant,
+        tenant_id: CONFIG.tenantId,
+        gateway_id: CONFIG.gatewayId,
+        environment: CONFIG.environment,
+        inputs: { action_request: { tool_name: "exec", params: {} } },
     };
     try {
         const result = await post(payload);
-        if (result.decision !== 'deny') {
-            return { id: 'deny_high_impact', ok: false, detail: `Expected deny, got ${result.decision}` };
+        if (result.decision !== "deny") {
+            return { id: "deny_high_impact", ok: false, detail: `Expected deny, got ${result.decision}` };
         }
-        if (result.deny_code !== 'HIGH_BLAST') {
-            return { id: 'deny_high_impact', ok: false, detail: `Expected deny_code=HIGH_BLAST, got ${result.deny_code}` };
+        if (result.deny_code !== "HIGH_BLAST") {
+            return { id: "deny_high_impact", ok: false, detail: `Expected deny_code=HIGH_BLAST, got ${result.deny_code}` };
         }
-        if (!JSON_MODE)
-            console.log('✅ HIGH-IMPACT TOOL BLOCKED (exec)');
-        return { id: 'deny_high_impact', ok: true, detail: 'HIGH_BLAST deny verified' };
+        if (!CONFIG.jsonMode)
+            console.log("✅ HIGH-IMPACT TOOL BLOCKED (exec)");
+        return { id: "deny_high_impact", ok: true, detail: "HIGH_BLAST deny verified" };
     }
     catch (err) {
-        return { id: 'deny_high_impact', ok: false, detail: err?.message || String(err) };
+        return { id: "deny_high_impact", ok: false, detail: err?.message || String(err) };
     }
 }
 async function testAllowLowImpact() {
     const payload = {
-        decision_sku: 'openclaw.trusted_mode.authorize.v1',
-        policy_variant: POLICY_VARIANT,
-        tenant_id: TENANT_ID,
-        gateway_id: GATEWAY_ID,
-        environment: ENVIRONMENT,
-        inputs: { action_request: { tool_name: 'read_file', params: {} } },
+        decision_sku: "openclaw.trusted_mode.authorize.v1",
+        policy_variant: CONFIG.policyVariant,
+        tenant_id: CONFIG.tenantId,
+        gateway_id: CONFIG.gatewayId,
+        environment: CONFIG.environment,
+        inputs: { action_request: { tool_name: "read_file", params: {} } },
     };
     try {
         const result = await post(payload);
-        if (result.decision !== 'allow') {
-            return { id: 'allow_low_impact', ok: false, detail: `Expected allow, got ${result.decision}` };
+        if (result.decision !== "allow") {
+            return { id: "allow_low_impact", ok: false, detail: `Expected allow, got ${result.decision}` };
         }
-        if (!JSON_MODE)
-            console.log('✅ LOW-IMPACT TOOL ALLOWED (read_file)');
-        return { id: 'allow_low_impact', ok: true, detail: 'allow decision verified' };
+        if (!CONFIG.jsonMode)
+            console.log("✅ LOW-IMPACT TOOL ALLOWED (read_file)");
+        return { id: "allow_low_impact", ok: true, detail: "allow decision verified" };
     }
     catch (err) {
-        return { id: 'allow_low_impact', ok: false, detail: err?.message || String(err) };
+        return { id: "allow_low_impact", ok: false, detail: err?.message || String(err) };
     }
 }
 async function testSignatureFailure() {
     const payload = {
-        decision_sku: 'openclaw.trusted_mode.authorize.v1',
-        policy_variant: 'invalid-pack',
-        tenant_id: TENANT_ID,
-        gateway_id: GATEWAY_ID,
-        environment: ENVIRONMENT,
-        inputs: { action_request: { tool_name: 'exec', params: {} } },
+        decision_sku: "openclaw.trusted_mode.authorize.v1",
+        policy_variant: "invalid-pack",
+        tenant_id: CONFIG.tenantId,
+        gateway_id: CONFIG.gatewayId,
+        environment: CONFIG.environment,
+        inputs: { action_request: { tool_name: "exec", params: {} } },
     };
     try {
         const result = await post(payload);
-        if (result.decision !== 'deny') {
-            return { id: 'signature_failure', ok: false, detail: `Expected deny, got ${result.decision}` };
+        if (result.decision !== "deny") {
+            return { id: "signature_failure", ok: false, detail: `Expected deny, got ${result.decision}` };
         }
-        const denyCode = String(result.deny_code || '');
-        const effectiveVariant = String(result.trace?.policy_variant || result.decision_proof?.policy_variant || '');
-        const acceptable = denyCode.includes('SIGNATURE') ||
-            denyCode === 'POLICY_VARIANT_IMMUTABLE' ||
-            (denyCode === 'HIGH_BLAST' && effectiveVariant && effectiveVariant !== 'invalid-pack');
+        const denyCode = String(result.deny_code || "");
+        const effectiveVariant = String(result.trace?.policy_variant || result.decision_proof?.policy_variant || "");
+        const acceptable = denyCode.includes("SIGNATURE") ||
+            denyCode === "POLICY_VARIANT_IMMUTABLE" ||
+            (denyCode === "HIGH_BLAST" && effectiveVariant && effectiveVariant !== "invalid-pack");
         if (!acceptable) {
             return {
-                id: 'signature_failure',
+                id: "signature_failure",
                 ok: false,
                 detail: `Expected signature/immutability deny or mapped-pack fail-closed result, got ${result.deny_code}`,
             };
         }
-        if (!JSON_MODE)
-            console.log('✅ FAIL-CLOSED ON BAD SIGNATURE');
-        return { id: 'signature_failure', ok: true, detail: 'signature failure path denied' };
+        if (!CONFIG.jsonMode)
+            console.log("✅ FAIL-CLOSED ON BAD SIGNATURE");
+        return { id: "signature_failure", ok: true, detail: "signature failure path denied" };
     }
     catch (err) {
-        return { id: 'signature_failure', ok: false, detail: err?.message || String(err) };
+        return { id: "signature_failure", ok: false, detail: err?.message || String(err) };
     }
 }
 function deriveStatus(results, runtimeCertificationStatus) {
     const allOk = results.every((r) => r.ok);
     if (allOk)
-        return 'ENFORCED_OK';
-    const packIntegrityFailure = results.some((r) => r.id === 'attestation_pack_signature' && !r.ok);
+        return "ENFORCED_OK";
+    const packIntegrityFailure = results.some((r) => r.id === "attestation_pack_signature" && !r.ok);
     if (packIntegrityFailure)
-        return 'UNSAFE';
-    const anyConnectivityFailure = results.some((r) => r.detail.includes('PDP unreachable') || r.detail.includes('fetch failed'));
+        return "UNSAFE";
+    const anyConnectivityFailure = results.some((r) => r.detail.includes("PDP unreachable") || r.detail.includes("fetch failed"));
     if (anyConnectivityFailure)
-        return 'UNSAFE';
-    if (runtimeCertificationStatus !== 'CERTIFIED_ENFORCED')
-        return 'LOCKDOWN_ONLY';
-    return 'LOCKDOWN_ONLY';
+        return "UNSAFE";
+    if (runtimeCertificationStatus !== "CERTIFIED_ENFORCED")
+        return "LOCKDOWN_ONLY";
+    return "LOCKDOWN_ONLY";
 }
 function remediationFor(status, runtimeCertificationStatus, hasConnectivityFailure) {
-    if (status === 'ENFORCED_OK')
-        return ['No remediation required.'];
-    if (runtimeCertificationStatus !== 'CERTIFIED_ENFORCED') {
+    if (status === "ENFORCED_OK")
+        return ["No remediation required."];
+    if (runtimeCertificationStatus !== "CERTIFIED_ENFORCED") {
         return [
-            'Run in LOCKDOWN_ONLY posture and block high-risk tools by default.',
-            'Certify this OpenClaw runtime version in COMPATIBILITY_MATRIX.md.',
-            'Set CERTIFICATION_STATUS=CERTIFIED_ENFORCED only after certification evidence is complete.',
+            "Run in LOCKDOWN_ONLY posture and block high-risk tools by default.",
+            "Certify this OpenClaw runtime version in COMPATIBILITY_MATRIX.md.",
+            "Set CERTIFICATION_STATUS=CERTIFIED_ENFORCED only after certification evidence is complete.",
         ];
     }
-    if (status === 'LOCKDOWN_ONLY') {
+    if (status === "LOCKDOWN_ONLY") {
         return [
-            'Review failing checks and update policy/tool-name mappings.',
-            'Re-run trusted-mode-check after remediation.',
+            "Review failing checks and update policy/tool-name mappings.",
+            "Re-run trusted-mode-check after remediation.",
         ];
     }
     const steps = [
-        'Restore PDP reachability and verify /healthz.',
-        'Confirm plugin pdpUrl and tenant configuration.',
-        'Keep fail-closed enabled until ENFORCED_OK is restored.',
+        "Restore PDP reachability and verify /healthz.",
+        "Confirm plugin pdpUrl and tenant configuration.",
+        "Keep fail-closed enabled until ENFORCED_OK is restored.",
     ];
-    if (hasConnectivityFailure && (0, sdeGuidance_1.isLocalPdpUrl)(PDP_URL)) {
-        steps.unshift('If you only need standalone hardening, switch the plugin to ALLOWLIST_ONLY.', 'If you want governed mode, obtain the licensed SDE runtime and deployment instructions from https://darkelogix.ai/, then point PDP_URL at that environment.');
+    if (hasConnectivityFailure && (0, sdeGuidance_1.isLocalPdpUrl)(CONFIG.pdpUrl)) {
+        steps.unshift("If you only need standalone hardening, switch the plugin to ALLOWLIST_ONLY.", "If you want governed mode, obtain the licensed SDE runtime and deployment instructions from https://darkelogix.ai/, then point PDP_URL at that environment.");
     }
     return steps;
 }
 function computeAxisScores(checks, runtimeCertificationStatus) {
     const okById = new Map(checks.map((c) => [c.id, c.ok]));
     return {
-        interception_proof: okById.get('deny_high_impact') && okById.get('allow_low_impact') ? 'PASS' : 'FAIL',
-        fail_safe_posture: okById.get('signature_failure') ? 'PASS' : 'FAIL',
-        integrity: okById.get('attestation_pack_signature') ? 'PASS' : 'FAIL',
-        certified_compatibility: runtimeCertificationStatus === 'CERTIFIED_ENFORCED'
-            ? 'PASS'
-            : runtimeCertificationStatus === 'LOCKDOWN_ONLY'
-                ? 'WARN'
-                : 'FAIL',
+        interception_proof: okById.get("deny_high_impact") && okById.get("allow_low_impact") ? "PASS" : "FAIL",
+        fail_safe_posture: okById.get("signature_failure") ? "PASS" : "FAIL",
+        integrity: okById.get("attestation_pack_signature") ? "PASS" : "FAIL",
+        certified_compatibility: runtimeCertificationStatus === "CERTIFIED_ENFORCED"
+            ? "PASS"
+            : runtimeCertificationStatus === "LOCKDOWN_ONLY"
+                ? "WARN"
+                : "FAIL",
     };
 }
 async function main() {
-    if (!JSON_MODE)
-        console.log('🔍 Running Trusted Mode Check...\n');
+    if (!CONFIG.jsonMode)
+        console.log("🔍 Running Trusted Mode Check...\n");
     const traceId = (0, attestation_1.makeTraceId)();
     const packVerification = (0, attestation_1.verifyLocalAttestationPack)();
     const packCheck = packVerification.ok
         ? {
-            id: 'attestation_pack_signature',
+            id: "attestation_pack_signature",
             ok: true,
             detail: `verified (${packVerification.packVersion})`,
         }
         : {
-            id: 'attestation_pack_signature',
+            id: "attestation_pack_signature",
             ok: false,
-            detail: packVerification.error || 'attestation verification failed',
+            detail: packVerification.error || "attestation verification failed",
         };
     const checks = await Promise.all([
         Promise.resolve(packCheck),
@@ -188,33 +166,33 @@ async function main() {
         testAllowLowImpact(),
         testSignatureFailure(),
     ]);
-    const anyConnectivityFailure = checks.some((r) => r.detail.includes('PDP unreachable') || r.detail.includes('fetch failed') || r.detail.includes('timeout') || r.detail.includes('aborted'));
-    const status = RUNTIME_CERTIFICATION_STATUS === 'CERTIFIED_ENFORCED'
-        ? deriveStatus(checks, RUNTIME_CERTIFICATION_STATUS)
-        : 'LOCKDOWN_ONLY';
-    const axisScores = computeAxisScores(checks, RUNTIME_CERTIFICATION_STATUS);
+    const anyConnectivityFailure = checks.some((r) => r.detail.includes("PDP unreachable") || r.detail.includes("fetch failed") || r.detail.includes("timeout") || r.detail.includes("aborted"));
+    const status = CONFIG.runtimeCertificationStatus === "CERTIFIED_ENFORCED"
+        ? deriveStatus(checks, CONFIG.runtimeCertificationStatus)
+        : "LOCKDOWN_ONLY";
+    const axisScores = computeAxisScores(checks, CONFIG.runtimeCertificationStatus);
     const report = {
         status,
-        policy_variant: POLICY_VARIANT,
-        pdp_url: PDP_URL,
-        tenant_id: TENANT_ID,
+        policy_variant: CONFIG.policyVariant,
+        pdp_url: CONFIG.pdpUrl,
+        tenant_id: CONFIG.tenantId,
         trace_id: traceId,
-        openclaw_version: OPENCLAW_VERSION,
-        runtime_certification_status: RUNTIME_CERTIFICATION_STATUS,
+        openclaw_version: CONFIG.openclawVersion,
+        runtime_certification_status: CONFIG.runtimeCertificationStatus,
         attestation_pack_version: packVerification.packVersion,
         attestation_signature_verified: packVerification.signatureVerified,
         axis_scores: axisScores,
         checks,
-        remediation: remediationFor(status, RUNTIME_CERTIFICATION_STATUS, anyConnectivityFailure),
+        remediation: remediationFor(status, CONFIG.runtimeCertificationStatus, anyConnectivityFailure),
         generated_at: new Date().toISOString(),
     };
-    if (JSON_MODE) {
+    if (CONFIG.jsonMode) {
         console.log(JSON.stringify(report, null, 2));
     }
     else {
-        if (status === 'ENFORCED_OK') {
-            console.log('\n🎉 ALL TESTS PASSED — Trusted Mode is LIVE and PROVABLE');
-            console.log('   Your OpenClaw deployment is now governed.');
+        if (status === "ENFORCED_OK") {
+            console.log("\n🎉 ALL TESTS PASSED — Trusted Mode is LIVE and PROVABLE");
+            console.log("   Your OpenClaw deployment is now governed.");
         }
         else {
             console.error(`\n❌ TRUSTED MODE CHECK STATUS: ${status}`);
@@ -222,19 +200,19 @@ async function main() {
                 if (!check.ok)
                     console.error(`- ${check.id}: ${check.detail}`);
             }
-            console.error('\nRemediation:');
+            console.error("\nRemediation:");
             for (const step of report.remediation)
                 console.error(`- ${step}`);
         }
-        console.log('\nAttestation report (--json):');
+        console.log("\nAttestation report (--json):");
         console.log(JSON.stringify(report, null, 2));
     }
-    if (EXPECTED_STATUS) {
-        if (status !== EXPECTED_STATUS)
+    if (CONFIG.expectedStatus) {
+        if (status !== CONFIG.expectedStatus)
             (0, node_process_1.exit)(1);
         return;
     }
-    if (status !== 'ENFORCED_OK')
+    if (status !== "ENFORCED_OK")
         (0, node_process_1.exit)(1);
 }
 main();

package/dist/cliConfig.js ADDED Viewed

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readCliConfig = readCliConfig;
+const packageVersion_1 = require("./packageVersion");
+const runtimeCertification_1 = require("./runtimeCertification");
+function readCliConfig(argv = process.argv) {
+    const env = process.env;
+    return {
+        pdpUrl: env.PDP_URL || "http://localhost:8001/v1/authorize",
+        policyVariant: env.POLICY_VARIANT || "guard-pro.v2026.02",
+        tenantId: env.TENANT_ID || "trial-tenant",
+        gatewayId: env.GATEWAY_ID || env.OPENCLAW_GATEWAY_ID || "gw-smoke-1",
+        environment: env.ENVIRONMENT || env.OPENCLAW_ENVIRONMENT || "prod",
+        openclawVersion: (0, packageVersion_1.resolveOpenClawVersion)(env.OPENCLAW_VERSION),
+        runtimeCertificationStatus: (0, runtimeCertification_1.normalizeRuntimeCertificationStatus)(env.CERTIFICATION_STATUS || "CERTIFIED_ENFORCED"),
+        jsonMode: argv.includes("--json"),
+        expectedStatus: env.EXPECTED_STATUS,
+    };
+}

package/dist/cliPdpClient.js ADDED Viewed

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.postDecision = postDecision;
+const sdeGuidance_1 = require("./sdeGuidance");
+async function postDecision(pdpUrl, payload) {
+    try {
+        const res = await fetch(pdpUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(payload),
+        });
+        if (!res.ok) {
+            throw new Error(`PDP unreachable (${res.status})`);
+        }
+        return (await res.json());
+    }
+    catch (err) {
+        const detail = err?.name === "AbortError" ? "PDP timeout" : err?.message || String(err);
+        throw new Error((0, sdeGuidance_1.maybeAppendSdeRuntimeGuidance)(detail, pdpUrl));
+    }
+}

package/dist/configureCli.js ADDED Viewed

@@ -0,0 +1,133 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseConfigureCliArgs = parseConfigureCliArgs;
+exports.runConfigureCli = runConfigureCli;
+const node_process_1 = require("node:process");
+const node_os_1 = require("node:os");
+const node_path_1 = require("node:path");
+const openclawConfig_1 = require("./openclawConfig");
+const runtimeCertification_1 = require("./runtimeCertification");
+function printHelp() {
+    console.log(`Configure ${openclawConfig_1.PLUGIN_ID} governed mode in OpenClaw.
+Usage:
+  openclaw-trusted-mode-configure --tenantId <tenant> --gatewayId <gateway> --environment <environment> --pdpUrl <url> [options]
+Options:
+  --policyVariant <variant>         Policy variant to store in plugin config.
+                                   Default: guard-pro.v2026.02
+  --configPath <path>              OpenClaw config path.
+                                   Default: ${openclawConfig_1.DEFAULT_OPENCLAW_CONFIG_PATH}
+  --certificationStatus <status>   CERTIFIED_ENFORCED | LOCKDOWN_ONLY | UNSUPPORTED
+                                   Default: LOCKDOWN_ONLY
+  --pdpTimeoutMs <ms>              PDP timeout to store in plugin config.
+                                   Default: 5000
+  --failOpen                       Write failClosed=false instead of true.
+  --json                           Print a JSON summary instead of prose.
+  --help                           Show this help text.
+`);
+}
+function expandHomePath(value) {
+    if (value === "~")
+        return (0, node_os_1.homedir)();
+    if (value.startsWith("~/") || value.startsWith("~\\")) {
+        return (0, node_path_1.join)((0, node_os_1.homedir)(), value.slice(2));
+    }
+    return value;
+}
+function readFlagValue(argv, flag) {
+    const index = argv.indexOf(flag);
+    if (index === -1)
+        return undefined;
+    const value = argv[index + 1];
+    if (!value || value.startsWith("--")) {
+        throw new Error(`Missing value for ${flag}`);
+    }
+    return value;
+}
+function parseConfigureCliArgs(argv) {
+    if (argv.includes("--help")) {
+        printHelp();
+        (0, node_process_1.exit)(0);
+    }
+    const tenantId = readFlagValue(argv, "--tenantId");
+    const gatewayId = readFlagValue(argv, "--gatewayId");
+    const environment = readFlagValue(argv, "--environment");
+    const pdpUrl = readFlagValue(argv, "--pdpUrl");
+    const policyVariant = readFlagValue(argv, "--policyVariant") || "guard-pro.v2026.02";
+    const configPath = expandHomePath(readFlagValue(argv, "--configPath") || (0, node_path_1.join)((0, node_os_1.homedir)(), ".openclaw", "openclaw.json"));
+    const certificationStatus = (0, runtimeCertification_1.normalizeRuntimeCertificationStatus)(readFlagValue(argv, "--certificationStatus") || "LOCKDOWN_ONLY");
+    const timeoutRaw = readFlagValue(argv, "--pdpTimeoutMs");
+    const pdpTimeoutMs = timeoutRaw ? Number(timeoutRaw) : 5000;
+    const failClosed = !argv.includes("--failOpen");
+    const jsonMode = argv.includes("--json");
+    const missing = [
+        ["--tenantId", tenantId],
+        ["--gatewayId", gatewayId],
+        ["--environment", environment],
+        ["--pdpUrl", pdpUrl],
+    ].filter(([, value]) => !value);
+    if (missing.length > 0) {
+        throw new Error(`Missing required flags: ${missing.map(([flag]) => flag).join(", ")}`);
+    }
+    if (!Number.isFinite(pdpTimeoutMs) || pdpTimeoutMs <= 0) {
+        throw new Error("--pdpTimeoutMs must be a positive number");
+    }
+    return {
+        tenantId: tenantId,
+        gatewayId: gatewayId,
+        environment: environment,
+        pdpUrl: pdpUrl,
+        policyVariant,
+        configPath,
+        certificationStatus,
+        failClosed,
+        pdpTimeoutMs,
+        jsonMode,
+    };
+}
+function runConfigureCli(argv = process.argv.slice(2)) {
+    try {
+        const options = parseConfigureCliArgs(argv);
+        const result = (0, openclawConfig_1.writeGovernedConfig)(options);
+        const output = {
+            pluginId: openclawConfig_1.PLUGIN_ID,
+            configPath: result.configPath,
+            created: result.created,
+            pluginAllowAdded: result.pluginAllowAdded,
+            mode: "governed",
+            values: {
+                tenantId: options.tenantId,
+                gatewayId: options.gatewayId,
+                environment: options.environment,
+                pdpUrl: options.pdpUrl,
+                policyVariant: options.policyVariant,
+                certificationStatus: options.certificationStatus,
+                failClosed: options.failClosed,
+                pdpTimeoutMs: options.pdpTimeoutMs,
+            },
+        };
+        if (options.jsonMode) {
+            console.log(JSON.stringify(output, null, 2));
+            return;
+        }
+        console.log(`Configured ${openclawConfig_1.PLUGIN_ID} governed mode at ${result.configPath}`);
+        console.log(`- plugins.allow includes ${openclawConfig_1.PLUGIN_ID}`);
+        console.log(`- tenantId=${options.tenantId}`);
+        console.log(`- gatewayId=${options.gatewayId}`);
+        console.log(`- environment=${options.environment}`);
+        console.log(`- pdpUrl=${options.pdpUrl}`);
+        console.log(`- toolPolicyMode=PDP`);
+        console.log(`- failClosed=${options.failClosed}`);
+        console.log(`- certificationStatus=${options.certificationStatus}`);
+    }
+    catch (error) {
+        console.error(error.message);
+        console.error(`Run "openclaw-trusted-mode-configure --help" for usage.`);
+        (0, node_process_1.exit)(1);
+    }
+}
+if (require.main === module) {
+    runConfigureCli();
+}

package/dist/openclawConfig.js ADDED Viewed

@@ -0,0 +1,88 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_OPENCLAW_CONFIG_PATH = exports.PLUGIN_ID = void 0;
+exports.normalizeConfigText = normalizeConfigText;
+exports.parseOpenClawConfig = parseOpenClawConfig;
+exports.configureGovernedPlugin = configureGovernedPlugin;
+exports.writeGovernedConfig = writeGovernedConfig;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+exports.PLUGIN_ID = "openclaw-trusted-mode";
+exports.DEFAULT_OPENCLAW_CONFIG_PATH = "~/.openclaw/openclaw.json";
+function ensureObject(value) {
+    if (value && typeof value === "object" && !Array.isArray(value)) {
+        return value;
+    }
+    return {};
+}
+function normalizeConfigText(text) {
+    return `${text.trimEnd()}\n`;
+}
+function parseOpenClawConfig(raw) {
+    const parsed = JSON.parse(raw);
+    return ensureObject(parsed);
+}
+function configureGovernedPlugin(baseConfig, input) {
+    const nextConfig = ensureObject(baseConfig);
+    const plugins = ensureObject(nextConfig.plugins);
+    const existingAllow = Array.isArray(plugins.allow) ? [...plugins.allow] : [];
+    const allow = existingAllow.filter((item) => typeof item === "string");
+    const pluginAllowAdded = !allow.includes(exports.PLUGIN_ID);
+    if (pluginAllowAdded) {
+        allow.push(exports.PLUGIN_ID);
+    }
+    const entries = ensureObject(plugins.entries);
+    const existingEntry = ensureObject(entries[exports.PLUGIN_ID]);
+    const existingPluginConfig = ensureObject(existingEntry.config);
+    const nextPluginConfig = {
+        ...existingPluginConfig,
+        pdpUrl: input.pdpUrl,
+        policyVariant: input.policyVariant,
+        pdpTimeoutMs: input.pdpTimeoutMs,
+        failClosed: input.failClosed,
+        tenantId: input.tenantId,
+        gatewayId: input.gatewayId,
+        environment: input.environment,
+        toolPolicyMode: "PDP",
+        requireTenantId: true,
+        allowedTenantIds: [input.tenantId],
+        certificationStatus: input.certificationStatus,
+    };
+    delete nextPluginConfig.allowedTools;
+    entries[exports.PLUGIN_ID] = {
+        ...existingEntry,
+        enabled: true,
+        config: nextPluginConfig,
+    };
+    plugins.allow = allow;
+    plugins.entries = entries;
+    nextConfig.plugins = plugins;
+    return {
+        config: nextConfig,
+        pluginAllowAdded,
+    };
+}
+function writeGovernedConfig(input) {
+    let parsed = {};
+    let created = false;
+    try {
+        parsed = parseOpenClawConfig((0, node_fs_1.readFileSync)(input.configPath, "utf8"));
+    }
+    catch (error) {
+        const code = error?.code;
+        if (code === "ENOENT") {
+            created = true;
+        }
+        else {
+            throw error;
+        }
+    }
+    const { config, pluginAllowAdded } = configureGovernedPlugin(parsed, input);
+    (0, node_fs_1.mkdirSync)((0, node_path_1.dirname)(input.configPath), { recursive: true });
+    (0, node_fs_1.writeFileSync)(input.configPath, normalizeConfigText(JSON.stringify(config, null, 2)), "utf8");
+    return {
+        configPath: input.configPath,
+        created,
+        pluginAllowAdded,
+    };
+}

package/openclaw.plugin.json CHANGED Viewed

@@ -1,64 +1,64 @@
 {
-  "id": "openclaw-trusted-mode",
+  "id": "openclaw-trusted-mode",
   "name": "Trusted Mode Governance",
-  "version": "1.0.0",
+  "version": "1.0.5",
   "description": "Provable enforcement using SDE-PDP + signed policy packs",
   "author": "Darkelogix",
   "hooks": ["before_tool_call"],
   "configSchema": {
     "type": "object",
-    "properties": {
-      "pdpUrl": { "type": "string", "default": "http://localhost:8001/v1/authorize" },
-      "policyVariant": { "type": "string", "default": "guard-pro.v2026.02" },
-      "pdpTimeoutMs": { "type": "number", "default": 5000 },
-      "failClosed": { "type": "boolean", "default": true },
-      "tenantId": { "type": "string" },
-      "gatewayId": { "type": "string" },
-      "environment": { "type": "string" },
-      "certificationStatus": {
-        "type": "string",
-        "enum": ["CERTIFIED_ENFORCED", "LOCKDOWN_ONLY", "UNSUPPORTED"],
-        "default": "LOCKDOWN_ONLY"
-      },
-      "openclawVersion": { "type": "string" },
-      "certifiedOpenClawVersions": {
-        "type": "array",
-        "items": { "type": "string" },
-        "default": []
-      },
-      "highRiskTools": {
-        "type": "array",
-        "items": { "type": "string" },
-        "default": ["exec", "execute_shell", "run_shell_command", "shell", "delete_file", "remove_file", "write_file", "edit_file"]
-      },
-      "toolPolicyMode": {
-        "type": "string",
-        "enum": ["PDP", "ALLOWLIST_ONLY"],
-        "default": "ALLOWLIST_ONLY"
-      },
-      "allowedTools": {
-        "type": "array",
-        "items": { "type": "string" },
-        "default": ["read_file", "list_files", "search_files"]
-      },
-      "requireTenantId": {
-        "type": "boolean",
-        "default": false
-      },
-      "allowedTenantIds": {
-        "type": "array",
-        "items": { "type": "string" },
-        "default": []
-      },
-      "contextCurator": {
-        "type": "object",
-        "properties": {
-          "enabled": { "type": "boolean", "default": false },
-          "redactKeys": { "type": "array", "items": { "type": "string" } },
-          "dropPaths": { "type": "array", "items": { "type": "string" } },
-          "maxStringLength": { "type": "number", "default": 0 }
-        }
-      }
-    }
-  }
-}
+    "properties": {
+      "pdpUrl": { "type": "string", "default": "http://localhost:8001/v1/authorize" },
+      "policyVariant": { "type": "string", "default": "guard-pro.v2026.02" },
+      "pdpTimeoutMs": { "type": "number", "default": 5000 },
+      "failClosed": { "type": "boolean", "default": true },
+      "tenantId": { "type": "string" },
+      "gatewayId": { "type": "string" },
+      "environment": { "type": "string" },
+      "certificationStatus": {
+        "type": "string",
+        "enum": ["CERTIFIED_ENFORCED", "LOCKDOWN_ONLY", "UNSUPPORTED"],
+        "default": "LOCKDOWN_ONLY"
+      },
+      "openclawVersion": { "type": "string" },
+      "certifiedOpenClawVersions": {
+        "type": "array",
+        "items": { "type": "string" },
+        "default": []
+      },
+      "highRiskTools": {
+        "type": "array",
+        "items": { "type": "string" },
+        "default": ["exec", "execute_shell", "run_shell_command", "shell", "delete_file", "remove_file", "write_file", "edit_file"]
+      },
+      "toolPolicyMode": {
+        "type": "string",
+        "enum": ["PDP", "ALLOWLIST_ONLY"],
+        "default": "ALLOWLIST_ONLY"
+      },
+      "allowedTools": {
+        "type": "array",
+        "items": { "type": "string" },
+        "default": ["read_file", "list_files", "search_files"]
+      },
+      "requireTenantId": {
+        "type": "boolean",
+        "default": false
+      },
+      "allowedTenantIds": {
+        "type": "array",
+        "items": { "type": "string" },
+        "default": []
+      },
+      "contextCurator": {
+        "type": "object",
+        "properties": {
+          "enabled": { "type": "boolean", "default": false },
+          "redactKeys": { "type": "array", "items": { "type": "string" } },
+          "dropPaths": { "type": "array", "items": { "type": "string" } },
+          "maxStringLength": { "type": "number", "default": 0 }
+        }
+      }
+    }
+  }
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@darkelogix/openclaw-trusted-mode",
-  "version": "1.0.3",
+  "version": "1.0.5",
   "description": "MIT-licensed OpenClaw Trusted Mode plugin with standalone hardening and optional SDE-backed governance",
   "license": "MIT",
   "main": "dist/index.js",
@@ -8,7 +8,8 @@
     ".": "./dist/index.js"
   },
   "bin": {
-    "openclaw-trusted-mode-check": "./dist/cli.js"
+    "openclaw-trusted-mode-check": "./dist/cli.js",
+    "openclaw-trusted-mode-configure": "./dist/configureCli.js"
   },
   "homepage": "https://www.darkelogix.ai/openclaw/",
   "repository": {
@@ -37,10 +38,14 @@
   "files": [
     "dist/attestation.js",
     "dist/cli.js",
+    "dist/cliConfig.js",
+    "dist/cliPdpClient.js",
+    "dist/configureCli.js",
     "dist/constraints.js",
     "dist/contextCurator.js",
     "dist/hardening.js",
     "dist/index.js",
+    "dist/openclawConfig.js",
     "dist/packageVersion.js",
     "dist/runtimeCertification.js",
     "dist/sdeGuidance.js",
@@ -76,6 +81,7 @@
     "verify-compatibility-matrix": "node scripts/update_compatibility_matrix.js --check",
     "enforce-cert-quota": "node scripts/enforce_cert_quota.js",
     "trusted-mode-check": "node dist/cli.js",
+    "trusted-mode-configure": "node dist/configureCli.js",
     "trusted-mode-check:mock": "node scripts/mock_pdp.js",
     "lint-docs-terminology": "python scripts/lint_docs_terminology.py"
   },