@darkelogix/openclaw-trusted-mode 1.0.5 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +5 -0
- package/dist/index.js +2 -1
- package/dist/runtimePluginConfig.js +45 -0
- package/openclaw.plugin.json +1 -1
- package/package.json +2 -1
package/CHANGELOG.md
CHANGED
|
@@ -12,6 +12,11 @@ Terminology and acronyms: [`GLOSSARY.md`](./GLOSSARY.md).
|
|
|
12
12
|
## Unreleased
|
|
13
13
|
- No unreleased changes recorded.
|
|
14
14
|
|
|
15
|
+
## v1.0.6
|
|
16
|
+
- Add a runtime fallback that reads `plugins.entries.openclaw-trusted-mode.config` from `OPENCLAW_CONFIG_PATH` or `~/.openclaw/openclaw.json` when OpenClaw does not populate `api.config` on the hook-only plugin path.
|
|
17
|
+
- Preserve governed-mode settings written by `openclaw-trusted-mode-configure` even on OpenClaw builds that load the plugin with incomplete in-memory config injection.
|
|
18
|
+
- Publish the runtime fallback module in the npm tarball and cover it with adapter tests.
|
|
19
|
+
|
|
15
20
|
## v1.0.5
|
|
16
21
|
- Add `openclaw-trusted-mode-configure`, a dedicated guided config writer for governed OpenClaw hosts that updates `~/.openclaw/openclaw.json` with `plugins.allow`, tenant, gateway, environment, PDP URL, and fail-closed settings.
|
|
17
22
|
- Remove the remaining manual-JSON ambiguity from the package docs by documenting the new configure command for governed mode.
|
package/dist/index.js
CHANGED
|
@@ -5,9 +5,10 @@ const constraints_1 = require("./constraints");
|
|
|
5
5
|
const contextCurator_1 = require("./contextCurator");
|
|
6
6
|
const runtimeCertification_1 = require("./runtimeCertification");
|
|
7
7
|
const hardening_1 = require("./hardening");
|
|
8
|
+
const runtimePluginConfig_1 = require("./runtimePluginConfig");
|
|
8
9
|
const sdeGuidance_1 = require("./sdeGuidance");
|
|
9
10
|
function register(api) {
|
|
10
|
-
const config = api.config;
|
|
11
|
+
const config = (0, runtimePluginConfig_1.mergeDefinedConfig)((0, runtimePluginConfig_1.readRuntimePluginConfig)(), (api.config || {}));
|
|
11
12
|
const pdpUrl = config.pdpUrl || 'http://localhost:8001/v1/authorize';
|
|
12
13
|
const policyVariant = config.policyVariant || 'guard-pro.v2026.02';
|
|
13
14
|
const pdpTimeoutMs = typeof config.pdpTimeoutMs === 'number' ? config.pdpTimeoutMs : 5000;
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.resolveOpenClawConfigPath = resolveOpenClawConfigPath;
|
|
4
|
+
exports.readRuntimePluginConfig = readRuntimePluginConfig;
|
|
5
|
+
exports.mergeDefinedConfig = mergeDefinedConfig;
|
|
6
|
+
const node_fs_1 = require("node:fs");
|
|
7
|
+
const node_os_1 = require("node:os");
|
|
8
|
+
const node_path_1 = require("node:path");
|
|
9
|
+
const PLUGIN_ID = "openclaw-trusted-mode";
|
|
10
|
+
function ensureObject(value) {
|
|
11
|
+
if (value && typeof value === "object" && !Array.isArray(value)) {
|
|
12
|
+
return value;
|
|
13
|
+
}
|
|
14
|
+
return {};
|
|
15
|
+
}
|
|
16
|
+
function resolveOpenClawConfigPath(env = process.env) {
|
|
17
|
+
if (env.OPENCLAW_CONFIG_PATH)
|
|
18
|
+
return env.OPENCLAW_CONFIG_PATH;
|
|
19
|
+
return (0, node_path_1.join)((0, node_os_1.homedir)(), ".openclaw", "openclaw.json");
|
|
20
|
+
}
|
|
21
|
+
function readRuntimePluginConfig(env = process.env) {
|
|
22
|
+
const configPath = resolveOpenClawConfigPath(env);
|
|
23
|
+
if (!(0, node_fs_1.existsSync)(configPath)) {
|
|
24
|
+
return {};
|
|
25
|
+
}
|
|
26
|
+
try {
|
|
27
|
+
const root = ensureObject(JSON.parse((0, node_fs_1.readFileSync)(configPath, "utf8")));
|
|
28
|
+
const plugins = ensureObject(root.plugins);
|
|
29
|
+
const entries = ensureObject(plugins.entries);
|
|
30
|
+
const entry = ensureObject(entries[PLUGIN_ID]);
|
|
31
|
+
return ensureObject(entry.config);
|
|
32
|
+
}
|
|
33
|
+
catch {
|
|
34
|
+
return {};
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
function mergeDefinedConfig(base, override) {
|
|
38
|
+
const merged = { ...base };
|
|
39
|
+
for (const [key, value] of Object.entries(override)) {
|
|
40
|
+
if (value !== undefined) {
|
|
41
|
+
merged[key] = value;
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
return merged;
|
|
45
|
+
}
|
package/openclaw.plugin.json
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@darkelogix/openclaw-trusted-mode",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.6",
|
|
4
4
|
"description": "MIT-licensed OpenClaw Trusted Mode plugin with standalone hardening and optional SDE-backed governance",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -47,6 +47,7 @@
|
|
|
47
47
|
"dist/index.js",
|
|
48
48
|
"dist/openclawConfig.js",
|
|
49
49
|
"dist/packageVersion.js",
|
|
50
|
+
"dist/runtimePluginConfig.js",
|
|
50
51
|
"dist/runtimeCertification.js",
|
|
51
52
|
"dist/sdeGuidance.js",
|
|
52
53
|
"openclaw.plugin.json",
|