npm - @ellistevo/openclaw-secure - Versions diffs - 1.0.0 - Mend

@ellistevo/openclaw-secure 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/src/schema.js ADDED Viewed

@@ -0,0 +1,269 @@
+/**
+ * OpenClaw Secure Manifest Schema
+ * JSON Schema for validating skill.yaml manifests
+ */
+const manifestSchema = {
+  $schema: 'http://json-schema.org/draft-07/schema#',
+  $id: 'https://openclaw-secure.sociable.social/manifest.schema.json',
+  title: 'OpenClaw Skill Manifest',
+  description: 'Security manifest for OpenClaw skills',
+  type: 'object',
+  required: ['name', 'version', 'author', 'permissions'],
+  properties: {
+    // === METADATA ===
+    name: {
+      type: 'string',
+      pattern: '^[a-z][a-z0-9-]*$',
+      minLength: 2,
+      maxLength: 64,
+      description: 'Unique skill identifier (lowercase, hyphens allowed)'
+    },
+    version: {
+      type: 'string',
+      pattern: '^\\d+\\.\\d+\\.\\d+',
+      description: 'Semantic version (e.g., 1.0.0)'
+    },
+    display_name: {
+      type: 'string',
+      maxLength: 128,
+      description: 'Human-readable name'
+    },
+    description: {
+      type: 'string',
+      maxLength: 500,
+      description: 'Brief description of what the skill does'
+    },
+    author: {
+      type: 'object',
+      required: ['name'],
+      properties: {
+        name: {
+          type: 'string',
+          minLength: 1,
+          maxLength: 64
+        },
+        moltbook: {
+          type: 'string',
+          description: 'Moltbook username for identity verification'
+        },
+        email: {
+          type: 'string',
+          format: 'email'
+        },
+        url: {
+          type: 'string',
+          format: 'uri'
+        }
+      }
+    },
+    license: {
+      type: 'string',
+      description: 'SPDX license identifier'
+    },
+    repository: {
+      type: 'string',
+      format: 'uri'
+    },
+    homepage: {
+      type: 'string',
+      format: 'uri'
+    },
+    // === PERMISSIONS ===
+    permissions: {
+      type: 'object',
+      required: [],
+      properties: {
+        network: {
+          type: 'object',
+          properties: {
+            allow: {
+              type: 'array',
+              items: { type: 'string' },
+              default: [],
+              description: 'Allowed domains (supports wildcards like *.example.com)'
+            },
+            deny: {
+              type: 'array',
+              items: { type: 'string' },
+              default: [],
+              description: 'Explicitly denied domains'
+            }
+          },
+          default: { allow: [], deny: [] }
+        },
+        filesystem: {
+          type: 'object',
+          properties: {
+            read: {
+              type: 'array',
+              items: { type: 'string' },
+              default: [],
+              description: 'Paths the skill can read'
+            },
+            write: {
+              type: 'array',
+              items: { type: 'string' },
+              default: [],
+              description: 'Paths the skill can write'
+            },
+            deny: {
+              type: 'array',
+              items: { type: 'string' },
+              default: ['~/.ssh', '~/.gnupg', '~/.config/openclaw'],
+              description: 'Paths that are always denied'
+            }
+          },
+          default: { read: [], write: [], deny: [] }
+        },
+        shell: {
+          type: 'object',
+          properties: {
+            allowed: {
+              type: 'boolean',
+              default: false,
+              description: 'Whether shell commands are allowed'
+            },
+            commands: {
+              type: 'array',
+              items: { type: 'string' },
+              default: [],
+              description: 'Allowlist of specific commands (if shell.allowed is true)'
+            }
+          },
+          default: { allowed: false, commands: [] }
+        },
+        credentials: {
+          type: 'array',
+          items: { type: 'string' },
+          default: [],
+          description: 'Environment variables this skill needs access to'
+        },
+        capabilities: {
+          type: 'object',
+          properties: {
+            browser: {
+              type: 'boolean',
+              default: false,
+              description: 'Can use browser automation'
+            },
+            messaging: {
+              type: 'boolean',
+              default: false,
+              description: 'Can send messages on behalf of user'
+            },
+            cron: {
+              type: 'boolean',
+              default: false,
+              description: 'Can schedule tasks'
+            },
+            spawn_agents: {
+              type: 'boolean',
+              default: false,
+              description: 'Can create sub-agents'
+            }
+          },
+          default: {
+            browser: false,
+            messaging: false,
+            cron: false,
+            spawn_agents: false
+          }
+        }
+      }
+    },
+    // === RESOURCE LIMITS ===
+    resources: {
+      type: 'object',
+      properties: {
+        max_memory_mb: {
+          type: 'integer',
+          minimum: 16,
+          maximum: 4096,
+          default: 256
+        },
+        max_cpu_percent: {
+          type: 'integer',
+          minimum: 1,
+          maximum: 100,
+          default: 25
+        },
+        max_runtime_seconds: {
+          type: 'integer',
+          minimum: 1,
+          maximum: 3600,
+          default: 60
+        },
+        max_network_mb: {
+          type: 'integer',
+          minimum: 0,
+          maximum: 1024,
+          default: 10
+        }
+      }
+    },
+    // === SIGNATURE ===
+    signature: {
+      type: 'object',
+      properties: {
+        algorithm: {
+          type: 'string',
+          enum: ['ed25519'],
+          default: 'ed25519'
+        },
+        signer: {
+          type: 'string',
+          description: 'Identity of the signer'
+        },
+        signed_at: {
+          type: 'string',
+          format: 'date-time'
+        },
+        public_key: {
+          type: 'string',
+          description: 'Base64-encoded public key'
+        },
+        signature: {
+          type: 'string',
+          description: 'Base64-encoded signature'
+        },
+        content_hash: {
+          type: 'string',
+          pattern: '^sha256:[a-f0-9]{64}$',
+          description: 'SHA256 hash of manifest content (excluding signature block)'
+        }
+      }
+    }
+  }
+};
+// Default permissions for minimal-risk skills
+const defaultPermissions = {
+  network: { allow: [], deny: [] },
+  filesystem: { read: [], write: [], deny: ['~/.ssh', '~/.gnupg', '~/.config/openclaw'] },
+  shell: { allowed: false, commands: [] },
+  credentials: [],
+  capabilities: {
+    browser: false,
+    messaging: false,
+    cron: false,
+    spawn_agents: false
+  }
+};
+// Default resources
+const defaultResources = {
+  max_memory_mb: 256,
+  max_cpu_percent: 25,
+  max_runtime_seconds: 60,
+  max_network_mb: 10
+};
+module.exports = {
+  manifestSchema,
+  defaultPermissions,
+  defaultResources
+};

package/src/signing.js ADDED Viewed

@@ -0,0 +1,193 @@
+/**
+ * OpenClaw Secure Signing Module
+ * Cryptographic signing and verification using Ed25519
+ */
+const nacl = require('tweetnacl');
+const naclUtil = require('tweetnacl-util');
+const crypto = require('crypto');
+const yaml = require('yaml');
+/**
+ * Generate a new Ed25519 keypair
+ * @returns {Object} - { publicKey: string, secretKey: string } (base64 encoded)
+ */
+function generateKeyPair() {
+  const keyPair = nacl.sign.keyPair();
+  return {
+    publicKey: naclUtil.encodeBase64(keyPair.publicKey),
+    secretKey: naclUtil.encodeBase64(keyPair.secretKey)
+  };
+}
+/**
+ * Compute SHA256 hash of content
+ * @param {string} content - Content to hash
+ * @returns {string} - Hash in format "sha256:hexstring"
+ */
+function computeHash(content) {
+  const hash = crypto.createHash('sha256').update(content, 'utf8').digest('hex');
+  return `sha256:${hash}`;
+}
+/**
+ * Get the signable content from a manifest (excluding signature block)
+ * @param {Object} manifest - The manifest object
+ * @returns {string} - YAML string of content to sign
+ */
+function getSignableContent(manifest) {
+  // Clone and remove signature block
+  const { signature, ...contentToSign } = manifest;
+  // Sort keys for deterministic serialization
+  const sortedContent = sortObjectKeys(contentToSign);
+  // Serialize to YAML
+  return yaml.stringify(sortedContent);
+}
+/**
+ * Recursively sort object keys for deterministic serialization
+ */
+function sortObjectKeys(obj) {
+  if (Array.isArray(obj)) {
+    return obj.map(sortObjectKeys);
+  }
+  if (obj !== null && typeof obj === 'object') {
+    const sorted = {};
+    Object.keys(obj).sort().forEach(key => {
+      sorted[key] = sortObjectKeys(obj[key]);
+    });
+    return sorted;
+  }
+  return obj;
+}
+/**
+ * Sign a manifest with a secret key
+ * @param {Object} manifest - The manifest to sign
+ * @param {string} secretKeyBase64 - Base64-encoded secret key
+ * @param {string} signerName - Name/identity of the signer
+ * @returns {Object} - Manifest with signature block added
+ */
+function signManifest(manifest, secretKeyBase64, signerName) {
+  // Remove any existing signature
+  const { signature: _, ...contentToSign } = manifest;
+  // Get signable content and compute hash
+  const signableContent = getSignableContent(contentToSign);
+  const contentHash = computeHash(signableContent);
+  // Decode secret key
+  const secretKey = naclUtil.decodeBase64(secretKeyBase64);
+  // Extract public key from secret key (last 32 bytes of 64-byte secret key)
+  const publicKey = secretKey.slice(32);
+  // Sign the content hash
+  const messageBytes = naclUtil.decodeUTF8(contentHash);
+  const signatureBytes = nacl.sign.detached(messageBytes, secretKey);
+  // Create signature block
+  const signatureBlock = {
+    algorithm: 'ed25519',
+    signer: signerName,
+    signed_at: new Date().toISOString(),
+    public_key: naclUtil.encodeBase64(publicKey),
+    signature: naclUtil.encodeBase64(signatureBytes),
+    content_hash: contentHash
+  };
+  // Return manifest with signature
+  return {
+    ...contentToSign,
+    signature: signatureBlock
+  };
+}
+/**
+ * Verify a signed manifest
+ * @param {Object} manifest - The manifest with signature block
+ * @param {string} [expectedPublicKey] - Optional: expected public key (base64)
+ * @returns {Object} - { valid: boolean, error?: string, signer?: string }
+ */
+function verifyManifest(manifest) {
+  // Check if signature block exists
+  if (!manifest.signature) {
+    return { valid: false, error: 'No signature block found' };
+  }
+  const { signature } = manifest;
+  // Validate signature block fields
+  if (!signature.algorithm || signature.algorithm !== 'ed25519') {
+    return { valid: false, error: 'Unsupported signature algorithm' };
+  }
+  if (!signature.public_key || !signature.signature || !signature.content_hash) {
+    return { valid: false, error: 'Incomplete signature block' };
+  }
+  try {
+    // Recompute content hash
+    const signableContent = getSignableContent(manifest);
+    const computedHash = computeHash(signableContent);
+    // Check content hash matches
+    if (computedHash !== signature.content_hash) {
+      return {
+        valid: false,
+        error: 'Content hash mismatch - manifest may have been modified',
+        expected: signature.content_hash,
+        computed: computedHash
+      };
+    }
+    // Decode keys and signature
+    const publicKey = naclUtil.decodeBase64(signature.public_key);
+    const signatureBytes = naclUtil.decodeBase64(signature.signature);
+    const messageBytes = naclUtil.decodeUTF8(signature.content_hash);
+    // Verify signature
+    const valid = nacl.sign.detached.verify(messageBytes, signatureBytes, publicKey);
+    if (valid) {
+      return {
+        valid: true,
+        signer: signature.signer,
+        signed_at: signature.signed_at,
+        public_key: signature.public_key
+      };
+    } else {
+      return { valid: false, error: 'Signature verification failed' };
+    }
+  } catch (err) {
+    return { valid: false, error: `Verification error: ${err.message}` };
+  }
+}
+/**
+ * Check if a manifest is signed
+ */
+function isSigned(manifest) {
+  return !!(manifest.signature && manifest.signature.signature);
+}
+/**
+ * Get the public key fingerprint (first 8 chars of base64)
+ */
+function getKeyFingerprint(publicKeyBase64) {
+  const hash = crypto.createHash('sha256')
+    .update(Buffer.from(publicKeyBase64, 'base64'))
+    .digest('hex');
+  return hash.substring(0, 16);
+}
+module.exports = {
+  generateKeyPair,
+  computeHash,
+  signManifest,
+  verifyManifest,
+  isSigned,
+  getSignableContent,
+  getKeyFingerprint
+};