@f4bioo/berry-shield 2026.3.3-2 → 2026.3.17

package/README.md

@@ -1,6 +1,14 @@
-# 🍓 Berry Shield
+# 🍓 Berry Shield - Security plugin for OpenClaw
 
-Security plugin for OpenClaw that reduces data leakage risk and blocks unsafe operations in agent workflows.
+<p align="center">
+    <img src="docs/assets/demo/berry-shield-baner.png" alt="Berry Shield" width="720">
+</p>
+
+<p align="center">
+  <a href="https://github.com/F4bioo/berry-shield/actions/workflows/ci.yml?branch=master"><img src="https://img.shields.io/github/actions/workflow/status/F4bioo/berry-shield/ci.yml?branch=master&style=flat-square&logo=githubactions&logoColor=white&labelColor=18181A&color=2FBF71" alt="CI status"></a>
+  <a href="https://github.com/F4bioo/berry-shield/releases"><img src="https://img.shields.io/github/v/release/F4bioo/berry-shield?include_prereleases&style=flat-square&logo=github&logoColor=white&labelColor=18181A&color=FF5A2D&v=1" alt="GitHub release"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-Apache%202.0-blue.svg?style=flat-square&logo=apache&logoColor=white&labelColor=18181A&color=2980b9" alt="Apache 2.0 License"></a>
+</p>
 
 ## 🧐 Why this exists
 
@@ -21,7 +29,7 @@ The goal of `Berry Shield` is to reduce that risk in day-to-day usage by adding
 
 ---
 
-## ✓ What it is / ✗ What it is not
+## What it is / What it is not
 
 ### ✓ What it is
 
@@ -63,29 +71,27 @@ Baseline runtime state before the demo (plugin enabled, `enforce` mode, all core
 
 ---
 
-### 1) Enforce: external-risk action is blocked (Vine)
+### 1) Enforce: external-risk action is blocked (Vine Layer)
 
-```bash
-# in chat/runtime: ingest external content with web_fetch, then preflight an exec write
-bash -lc 'printf DEMO_VINE > /tmp/demo-vine-proof.txt'
-```
+<video src='https://github.com/user-attachments/assets/024aca2b-21d1-4d1b-b6f4-aad8a3bd54fb' alt="Berry.Vine Enforce" controls width="720"></video>
 
-Expected: denied in `enforce` after external untrusted ingestion.
+> In chat/runtime: ingest external content with web_fetch, then preflight an exec write
 
-<img src="https://raw.githubusercontent.com/F4bioo/berry-shield/master/docs/assets/demo/Berry.Vine-ENFORCE.gif" alt="Berry.Vine Enforce" />
+<img src="https://raw.githubusercontent.com/F4bioo/berry-shield/master/docs/assets/demo/Berry.Vine-ENFORCE.png" alt="Berry.Vine Enforce" width="720"/>
+
+Expected: denied in `enforce` after external untrusted ingestion.
 
 ---
 
-### 2) Audit: same flow is allowed but logged as would_block
+### 2) Audit: same flow is allowed but logged as would_block (Vine Layer)
 
-```bash
-# same write-like operation under audit mode
-bash -lc 'printf VINE_AUDIT > /tmp/vine-audit-proof.txt'
-```
+<video src='https://github.com/user-attachments/assets/8fbff8e0-003c-4463-a6ae-319c3d909599' alt="Berry.Vine Audit" controls width="720"></video>
 
-Expected: allowed execution plus `would_block` evidence in report/audit logs.
+> Same write-like operation under audit mode
+
+<img src="https://raw.githubusercontent.com/F4bioo/berry-shield/master/docs/assets/demo/Berry.Vine-AUDIT.png" alt="Berry.Vine Audit" width="720"/>
 
-<img src="https://raw.githubusercontent.com/F4bioo/berry-shield/master/docs/assets/demo/Berry.Vine-AUDIT.gif" alt="Berry.Vine Audit" />
+Expected: allowed execution plus `would_block` evidence in report/audit logs.
 
 ---
 
@@ -135,6 +141,16 @@ Evidence (real redacted output):
 
 ---
 
+# ⚡ Quickstart
+
+Install from npm package:
+
+```bash
+openclaw plugins install @f4bioo/berry-shield
+```
+
+---
+
 ## 🛡️ Security Audit & Installation Notice
 
 > [!WARNING]
@@ -145,18 +161,10 @@ Evidence (real redacted output):
 > This is a heuristic warning, not a malware verdict.
 > For a code-level mapping of each warning, see [Security Audit](SECURITY_AUDIT.md).
 
----
-
-## ⚡ Quickstart
-
-Install from npm package:
-
-```bash
-openclaw plugins install @f4bioo/berry-shield
-```
-
 **Note:** Berry Shield is plug-and-play after install. No extra setup is required for baseline protection.
 
+---
+
 See more:
 - [Berry Shield Installation guide](docs/wiki/deploy/installation.md)
 
@@ -222,13 +230,15 @@ See more:
 
 Berry Shield's effectiveness is tied to the underlying OpenClaw SDK capabilities. We maintain a detailed diary that tracks known bugs and blind spots across OpenClaw versions.
 
-### Key Points for v2026.2.26:
-*   **Hook Reliability**: In our v2026.2.26 checkpoint, `before_tool_call` and `message_sending` were observed as functional, but hook behavior remains runtime/version-dependent.
+### Key Points for v2026.3.13:
+*   **Hook Reliability**: In our v2026.3.13 checkpoint, `before_tool_call` and `message_sending` were observed as functional, but hook behavior remains runtime/version-dependent.
 *   **Soft Guardrails**: Prompt-based defenses (`Berry.Root`) are advisory and can be bypassed by clever user instructions.
 *   **Timing Gaps**: Redaction happens during persistence, which might create a transient data exposure.
+*   **Host Hook Behavior**: If the host explicitly disables prompt-injection style prepend behavior for plugin hooks, `Berry.Root` guidance and Vine reminder text from `before_agent_start` can be partially degraded. This should be treated as host-configurable behavior, not as evidence that Berry Shield runtime protection is broken.
 
 See more: 
 -  [Security posture and known limits](docs/wiki/decision/posture.md)
+-  [Installation guide host note](docs/wiki/deploy/installation.md#host-hook-note)
 
 ---