@goplus/agentguard 1.0.2 → 1.0.4

package/README.md

@@ -67,6 +67,45 @@ cp -r agentguard/skills/agentguard ~/.claude/skills/agentguard
 
 </details>
 
+<details>
+<summary><b>OpenClaw plugin install</b></summary>
+
+```bash
+npm install @goplus/agentguard
+```
+
+Register in your OpenClaw plugin config:
+
+```typescript
+import register from '@goplus/agentguard/openclaw';
+export default register;
+```
+
+Or register manually with options:
+
+```typescript
+import { registerOpenClawPlugin } from '@goplus/agentguard';
+
+export default function setup(api) {
+  registerOpenClawPlugin(api, {
+    level: 'balanced',      // Protection level: strict | balanced | permissive
+    skipAutoScan: false,    // Set true to disable auto-scanning of plugins
+  });
+};
+```
+
+**What happens on registration:**
+
+1. **Auto-scans all loaded plugins** — Static analysis of each plugin's source code
+2. **Determines trust level** — Based on scan results (critical findings → untrusted)
+3. **Infers capabilities** — Based on registered tools and scan risk level
+4. **Registers to trust registry** — Auto-attests each plugin with appropriate permissions
+5. **Builds tool mapping** — Maps `toolName → pluginId` for initiating skill tracking
+
+AgentGuard hooks into OpenClaw's `before_tool_call` / `after_tool_call` events to block dangerous actions and log audit events.
+
+</details>
+
 Then use `/agentguard` in your agent:
 
 ```
@@ -110,24 +149,30 @@ Expected output: **CRITICAL** risk level with detection hits across JavaScript,
 
 GoPlus AgentGuard follows the [Agent Skills](https://agentskills.io) open standard:
 
-| Platform | Support |
-|----------|---------|
-| **Claude Code** | Full (skill + hooks auto-guard) |
-| **OpenAI Codex CLI** | Skill (scan/action/trust commands) |
-| **Gemini CLI** | Skill |
-| **Cursor** | Skill |
-| **GitHub Copilot** | Skill |
+| Platform | Support | Features |
+|----------|---------|----------|
+| **Claude Code** | Full | Skill + hooks auto-guard, transcript-based skill tracking |
+| **OpenClaw** | Full | Plugin hooks + **auto-scan on load** + tool→plugin mapping |
+| **OpenAI Codex CLI** | Skill | Scan/action/trust commands |
+| **Gemini CLI** | Skill | Scan/action/trust commands |
+| **Cursor** | Skill | Scan/action/trust commands |
+| **GitHub Copilot** | Skill | Scan/action/trust commands |
 
-> Hooks-based auto-guard (Layer 1) is specific to Claude Code's plugin system. The skill commands (Layer 2) work on any Agent Skills-compatible platform.
+> **Hooks-based auto-guard (Layer 1)** works on Claude Code (PreToolUse/PostToolUse) and OpenClaw (before_tool_call/after_tool_call). Both platforms share the same decision engine via a unified adapter abstraction layer.
+>
+> **OpenClaw exclusive**: Auto-scans all loaded plugins at registration time and automatically registers them to the trust registry with appropriate trust levels and capabilities.
 
 ## Hook Limitations
 
 The auto-guard hooks (Layer 1) have the following constraints:
 
-- **Platform-specific**: Hooks rely on Claude Code's `PreToolUse` / `PostToolUse` / `SessionStart` events. Other platforms do not yet support this hook system.
+- **Platform-specific**: Hooks rely on Claude Code's `PreToolUse` / `PostToolUse` events or OpenClaw's `before_tool_call` / `after_tool_call` plugin hooks. Both share the same decision engine via the adapter abstraction layer.
 - **Default-deny policy**: First-time use may trigger confirmation prompts for certain commands. A built-in safe-command allowlist (`ls`, `echo`, `pwd`, `git status`, etc.) reduces false positives.
-- **Skill source tracking is heuristic**: AgentGuard infers which skill initiated an action by analyzing the conversation transcript. This is not 100% precise in all cases.
+- **Skill source tracking**:
+  - *Claude Code*: Infers which skill initiated an action by analyzing the conversation transcript (heuristic, not 100% precise)
+  - *OpenClaw*: Uses tool→plugin mapping built at registration time (more reliable)
 - **Cannot intercept skill installation itself**: Hooks can only intercept tool calls (Bash, Write, WebFetch, etc.) that a skill makes *after* loading — they cannot block the Skill tool invocation itself.
+- **OpenClaw auto-scan timing**: Plugins are scanned asynchronously after AgentGuard registration completes. Very fast tool calls immediately after startup may execute before scan completes.
 
 ## Roadmap
 
@@ -139,8 +184,12 @@ The auto-guard hooks (Layer 1) have the following constraints:
 - [x] Plugin manifest (`.claude-plugin/`) for one-step install
 
 ### v2.0 — Multi-Platform
-- [ ] OpenClaw gateway plugin integration
-- [ ] `before_tool_call` / `after_tool_call` hook wiring
+- [x] OpenClaw gateway plugin integration
+- [x] `before_tool_call` / `after_tool_call` hook wiring
+- [x] Multi-platform adapter abstraction layer (Claude Code + OpenClaw)
+- [x] Auto-scan plugins on OpenClaw registration
+- [x] Tool→plugin mapping for initiating skill tracking
+- [x] Auto-register scanned plugins to trust registry
 - [ ] OpenAI Codex CLI sandbox adapter
 - [ ] Federated trust registry across platforms
 
@@ -150,8 +199,73 @@ The auto-guard hooks (Layer 1) have the following constraints:
 - [ ] VS Code extension for IDE-native security
 - [ ] Community rule contributions (open rule format)
 
+## OpenClaw Integration
+
+AgentGuard provides deep integration with OpenClaw through automatic plugin scanning and trust management.
+
+<details>
+<summary><b>How it works</b></summary>
+
+When AgentGuard registers as an OpenClaw plugin:
+
+```
+┌─────────────────────────────────────────────────────────────────┐
+│  OpenClaw loads AgentGuard plugin                               │
+└─────────────────────────────────────────────────────────────────┘
+                              │
+                              ▼
+┌─────────────────────────────────────────────────────────────────┐
+│  AgentGuard scans all loaded plugins (async, non-blocking)      │
+│  • Reads plugin source from registry                            │
+│  • Runs 24 static analysis rules                                │
+│  • Calculates artifact hash                                     │
+└─────────────────────────────────────────────────────────────────┘
+                              │
+                              ▼
+┌─────────────────────────────────────────────────────────────────┐
+│  For each plugin:                                               │
+│  • Determine trust level (untrusted/restricted/trusted)         │
+│  • Infer capabilities from tools + scan results                 │
+│  • Register to AgentGuard trust registry                        │
+│  • Map tool names → plugin ID                                   │
+└─────────────────────────────────────────────────────────────────┘
+                              │
+                              ▼
+┌─────────────────────────────────────────────────────────────────┐
+│  On every tool call:                                            │
+│  • Look up plugin from tool name                                │
+│  • Check plugin trust level & capabilities                      │
+│  • Evaluate action against security policies                    │
+│  • Allow / Deny / Log                                           │
+└─────────────────────────────────────────────────────────────────┘
+```
+
+</details>
+
+<details>
+<summary><b>Exported utilities for OpenClaw</b></summary>
+
+```typescript
+import {
+  registerOpenClawPlugin,
+  getPluginIdFromTool,
+  getPluginScanResult,
+} from '@goplus/agentguard';
+
+// Get which plugin registered a tool
+const pluginId = getPluginIdFromTool('browser');
+// → 'my-browser-plugin'
+
+// Get cached scan result
+const scanResult = getPluginScanResult('my-browser-plugin');
+// → { riskLevel: 'low', riskTags: [] }
+```
+
+</details>
+
 ## Documentation
 
+- [Security Policy](docs/SECURITY-POLICY.md) — Unified security rules and policies reference
 - [MCP Server Setup](docs/mcp-server.md) — Run as a Model Context Protocol server
 - [SDK Usage](docs/sdk.md) — Use as a TypeScript/JavaScript library
 - [Trust Management](docs/trust-cli.md) — Manage skill trust levels and capability presets

package/dist/adapters/claude-code.d.ts

@@ -0,0 +1,16 @@
+import type { ActionEnvelope } from '../types/action.js';
+import type { HookAdapter, HookInput } from './types.js';
+/**
+ * Claude Code hook adapter
+ *
+ * Bridges Claude Code's PreToolUse/PostToolUse stdin/stdout protocol
+ * to the common AgentGuard decision engine.
+ */
+export declare class ClaudeCodeAdapter implements HookAdapter {
+    readonly name = "claude-code";
+    parseInput(raw: unknown): HookInput;
+    mapToolToActionType(toolName: string): string | null;
+    buildEnvelope(input: HookInput, initiatingSkill?: string | null): ActionEnvelope | null;
+    inferInitiatingSkill(input: HookInput): Promise<string | null>;
+}
+//# sourceMappingURL=claude-code.d.ts.map

package/dist/adapters/claude-code.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"claude-code.d.ts","sourceRoot":"","sources":["../../src/adapters/claude-code.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAazD;;;;;GAKG;AACH,qBAAa,iBAAkB,YAAW,WAAW;IACnD,QAAQ,CAAC,IAAI,iBAAiB;IAE9B,UAAU,CAAC,GAAG,EAAE,OAAO,GAAG,SAAS;IAanC,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAIpD,aAAa,CAAC,KAAK,EAAE,SAAS,EAAE,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,cAAc,GAAG,IAAI;IAyDjF,oBAAoB,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CAuCrE"}

package/dist/adapters/claude-code.js

@@ -0,0 +1,128 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ClaudeCodeAdapter = void 0;
+const node_fs_1 = require("node:fs");
+/**
+ * Tool name → action type mapping for Claude Code
+ */
+const TOOL_ACTION_MAP = {
+    Bash: 'exec_command',
+    Write: 'write_file',
+    Edit: 'write_file',
+    WebFetch: 'network_request',
+    WebSearch: 'network_request',
+};
+/**
+ * Claude Code hook adapter
+ *
+ * Bridges Claude Code's PreToolUse/PostToolUse stdin/stdout protocol
+ * to the common AgentGuard decision engine.
+ */
+class ClaudeCodeAdapter {
+    name = 'claude-code';
+    parseInput(raw) {
+        const data = raw;
+        const hookEvent = data.hook_event_name || '';
+        return {
+            toolName: data.tool_name || '',
+            toolInput: data.tool_input || {},
+            eventType: hookEvent.startsWith('Post') ? 'post' : 'pre',
+            sessionId: data.session_id,
+            cwd: data.cwd,
+            raw: data,
+        };
+    }
+    mapToolToActionType(toolName) {
+        return TOOL_ACTION_MAP[toolName] || null;
+    }
+    buildEnvelope(input, initiatingSkill) {
+        const actionType = this.mapToolToActionType(input.toolName);
+        if (!actionType)
+            return null;
+        const actor = {
+            skill: {
+                id: initiatingSkill || 'claude-code-session',
+                source: initiatingSkill || 'claude-code',
+                version_ref: '0.0.0',
+                artifact_hash: '',
+            },
+        };
+        const context = {
+            session_id: input.sessionId || `hook-${Date.now()}`,
+            user_present: true,
+            env: 'prod',
+            time: new Date().toISOString(),
+            initiating_skill: initiatingSkill || undefined,
+        };
+        // Build action data based on type
+        let actionData;
+        switch (actionType) {
+            case 'exec_command':
+                actionData = {
+                    command: input.toolInput.command || '',
+                    args: [],
+                    cwd: input.cwd,
+                };
+                break;
+            case 'write_file':
+                actionData = {
+                    path: input.toolInput.file_path || '',
+                };
+                break;
+            case 'network_request':
+                actionData = {
+                    method: 'GET',
+                    url: input.toolInput.url || input.toolInput.query || '',
+                };
+                break;
+            default:
+                return null;
+        }
+        return {
+            actor,
+            action: { type: actionType, data: actionData },
+            context,
+        };
+    }
+    async inferInitiatingSkill(input) {
+        const data = input.raw;
+        const transcriptPath = data.transcript_path;
+        if (!transcriptPath)
+            return null;
+        try {
+            const fd = (0, node_fs_1.openSync)(transcriptPath, 'r');
+            const stat = (0, node_fs_1.fstatSync)(fd);
+            const TAIL_SIZE = 4096;
+            const start = Math.max(0, stat.size - TAIL_SIZE);
+            const buf = Buffer.alloc(Math.min(TAIL_SIZE, stat.size));
+            (0, node_fs_1.readSync)(fd, buf, 0, buf.length, start);
+            (0, node_fs_1.closeSync)(fd);
+            const tail = buf.toString('utf-8');
+            const lines = tail.split('\n').filter(Boolean);
+            for (let i = lines.length - 1; i >= 0; i--) {
+                try {
+                    const entry = JSON.parse(lines[i]);
+                    if (entry.type === 'tool_use' && entry.name === 'Skill' && entry.input?.skill) {
+                        return entry.input.skill;
+                    }
+                    if (entry.role === 'assistant' && Array.isArray(entry.content)) {
+                        for (const block of entry.content) {
+                            if (block.type === 'tool_use' && block.name === 'Skill' && block.input?.skill) {
+                                return block.input.skill;
+                            }
+                        }
+                    }
+                }
+                catch {
+                    // Not valid JSON
+                }
+            }
+        }
+        catch {
+            // Can't read transcript
+        }
+        return null;
+    }
+}
+exports.ClaudeCodeAdapter = ClaudeCodeAdapter;
+//# sourceMappingURL=claude-code.js.map

package/dist/adapters/claude-code.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"claude-code.js","sourceRoot":"","sources":["../../src/adapters/claude-code.ts"],"names":[],"mappings":";;;AAAA,qCAAmE;AAInE;;GAEG;AACH,MAAM,eAAe,GAA2B;IAC9C,IAAI,EAAE,cAAc;IACpB,KAAK,EAAE,YAAY;IACnB,IAAI,EAAE,YAAY;IAClB,QAAQ,EAAE,iBAAiB;IAC3B,SAAS,EAAE,iBAAiB;CAC7B,CAAC;AAEF;;;;;GAKG;AACH,MAAa,iBAAiB;IACnB,IAAI,GAAG,aAAa,CAAC;IAE9B,UAAU,CAAC,GAAY;QACrB,MAAM,IAAI,GAAG,GAA8B,CAAC;QAC5C,MAAM,SAAS,GAAI,IAAI,CAAC,eAA0B,IAAI,EAAE,CAAC;QACzD,OAAO;YACL,QAAQ,EAAG,IAAI,CAAC,SAAoB,IAAI,EAAE;YAC1C,SAAS,EAAG,IAAI,CAAC,UAAsC,IAAI,EAAE;YAC7D,SAAS,EAAE,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK;YACxD,SAAS,EAAE,IAAI,CAAC,UAAgC;YAChD,GAAG,EAAE,IAAI,CAAC,GAAyB;YACnC,GAAG,EAAE,IAAI;SACV,CAAC;IACJ,CAAC;IAED,mBAAmB,CAAC,QAAgB;QAClC,OAAO,eAAe,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IAC3C,CAAC;IAED,aAAa,CAAC,KAAgB,EAAE,eAA+B;QAC7D,MAAM,UAAU,GAAG,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC5D,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAE7B,MAAM,KAAK,GAAG;YACZ,KAAK,EAAE;gBACL,EAAE,EAAE,eAAe,IAAI,qBAAqB;gBAC5C,MAAM,EAAE,eAAe,IAAI,aAAa;gBACxC,WAAW,EAAE,OAAO;gBACpB,aAAa,EAAE,EAAE;aAClB;SACF,CAAC;QAEF,MAAM,OAAO,GAAG;YACd,UAAU,EAAE,KAAK,CAAC,SAAS,IAAI,QAAQ,IAAI,CAAC,GAAG,EAAE,EAAE;YACnD,YAAY,EAAE,IAAI;YAClB,GAAG,EAAE,MAAe;YACpB,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC9B,gBAAgB,EAAE,eAAe,IAAI,SAAS;SAC/C,CAAC;QAEF,kCAAkC;QAClC,IAAI,UAAmC,CAAC;QAExC,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,cAAc;gBACjB,UAAU,GAAG;oBACX,OAAO,EAAG,KAAK,CAAC,SAAS,CAAC,OAAkB,IAAI,EAAE;oBAClD,IAAI,EAAE,EAAE;oBACR,GAAG,EAAE,KAAK,CAAC,GAAG;iBACf,CAAC;gBACF,MAAM;YAER,KAAK,YAAY;gBACf,UAAU,GAAG;oBACX,IAAI,EAAG,KAAK,CAAC,SAAS,CAAC,SAAoB,IAAI,EAAE;iBAClD,CAAC;gBACF,MAAM;YAER,KAAK,iBAAiB;gBACpB,UAAU,GAAG;oBACX,MAAM,EAAE,KAAK;oBACb,GAAG,EAAG,KAAK,CAAC,SAAS,CAAC,GAAc,IAAK,KAAK,CAAC,SAAS,CAAC,KAAgB,IAAI,EAAE;iBAChF,CAAC;gBACF,MAAM;YAER;gBACE,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,OAAO;YACL,KAAK;YACL,MAAM,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE;YAC9C,OAAO;SACqB,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,KAAgB;QACzC,MAAM,IAAI,GAAG,KAAK,CAAC,GAA8B,CAAC;QAClD,MAAM,cAAc,GAAG,IAAI,CAAC,eAAqC,CAAC;QAClE,IAAI,CAAC,cAAc;YAAE,OAAO,IAAI,CAAC;QAEjC,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,IAAA,kBAAQ,EAAC,cAAc,EAAE,GAAG,CAAC,CAAC;YACzC,MAAM,IAAI,GAAG,IAAA,mBAAS,EAAC,EAAE,CAAC,CAAC;YAC3B,MAAM,SAAS,GAAG,IAAI,CAAC;YACvB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,GAAG,SAAS,CAAC,CAAC;YACjD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YACzD,IAAA,kBAAQ,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YACxC,IAAA,mBAAS,EAAC,EAAE,CAAC,CAAC;YAEd,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAE/C,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;oBACnC,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,IAAI,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;wBAC9E,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC;oBAC3B,CAAC;oBACD,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC/D,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;4BAClC,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,IAAI,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;gCAC9E,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC;4BAC3B,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,iBAAiB;gBACnB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AApHD,8CAoHC"}

package/dist/adapters/common.d.ts

@@ -0,0 +1,40 @@
+import type { HookInput } from './types.js';
+export declare function loadConfig(): {
+    level: string;
+};
+export declare function isSensitivePath(filePath: string): boolean;
+export declare function shouldDenyAtLevel(decision: {
+    decision: string;
+    risk_level?: string;
+}, config: {
+    level?: string;
+}): boolean;
+export declare function shouldAskAtLevel(decision: {
+    decision: string;
+    risk_level?: string;
+}, config: {
+    level?: string;
+}): boolean;
+export declare function writeAuditLog(input: HookInput, decision: {
+    decision?: string;
+    risk_level?: string;
+    risk_tags?: string[];
+} | null, initiatingSkill?: string | null): void;
+export declare function getSkillTrustPolicy(skillId: string, registry: {
+    lookup: (s: {
+        id: string;
+        source: string;
+        version_ref: string;
+        artifact_hash: string;
+    }) => Promise<{
+        effective_trust_level: string;
+        effective_capabilities: Record<string, unknown>;
+        record: unknown | null;
+    }>;
+}): Promise<{
+    trustLevel: string | null;
+    capabilities: Record<string, unknown> | null;
+    isKnown: boolean;
+}>;
+export declare function isActionAllowedByCapabilities(actionType: string, capabilities: Record<string, unknown>): boolean;
+//# sourceMappingURL=common.d.ts.map

package/dist/adapters/common.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../src/adapters/common.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,SAAS,EAAc,MAAM,YAAY,CAAC;AAoBxD,wBAAgB,UAAU,IAAI;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,CAM9C;AAeD,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAMzD;AAMD,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,EACnD,MAAM,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACzB,OAAO,CAgBT;AAED,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,EACnD,MAAM,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACzB,OAAO,CAoBT;AAMD,wBAAgB,aAAa,CAC3B,KAAK,EAAE,SAAS,EAChB,QAAQ,EAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,IAAI,EACjF,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,GAC9B,IAAI,CAkBN;AAqBD,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE;IAAE,MAAM,EAAE,CAAC,CAAC,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC;QAAE,qBAAqB,EAAE,MAAM,CAAC;QAAC,sBAAsB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAAC,MAAM,EAAE,OAAO,GAAG,IAAI,CAAA;KAAE,CAAC,CAAA;CAAE,GAC3N,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC,CAmBxG;AAED,wBAAgB,6BAA6B,CAC3C,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACpC,OAAO,CAiBT"}

package/dist/adapters/common.js

@@ -0,0 +1,166 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadConfig = loadConfig;
+exports.isSensitivePath = isSensitivePath;
+exports.shouldDenyAtLevel = shouldDenyAtLevel;
+exports.shouldAskAtLevel = shouldAskAtLevel;
+exports.writeAuditLog = writeAuditLog;
+exports.getSkillTrustPolicy = getSkillTrustPolicy;
+exports.isActionAllowedByCapabilities = isActionAllowedByCapabilities;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const node_os_1 = require("node:os");
+// ---------------------------------------------------------------------------
+// Paths
+// ---------------------------------------------------------------------------
+const AGENTGUARD_DIR = process.env.AGENTGUARD_HOME || (0, node_path_1.join)((0, node_os_1.homedir)(), '.agentguard');
+const CONFIG_PATH = (0, node_path_1.join)(AGENTGUARD_DIR, 'config.json');
+const AUDIT_PATH = (0, node_path_1.join)(AGENTGUARD_DIR, 'audit.jsonl');
+function ensureDir() {
+    if (!(0, node_fs_1.existsSync)(AGENTGUARD_DIR)) {
+        (0, node_fs_1.mkdirSync)(AGENTGUARD_DIR, { recursive: true });
+    }
+}
+// ---------------------------------------------------------------------------
+// Config
+// ---------------------------------------------------------------------------
+function loadConfig() {
+    try {
+        return JSON.parse((0, node_fs_1.readFileSync)(CONFIG_PATH, 'utf-8'));
+    }
+    catch {
+        return { level: 'balanced' };
+    }
+}
+// ---------------------------------------------------------------------------
+// Sensitive path detection
+// ---------------------------------------------------------------------------
+const SENSITIVE_PATHS = [
+    '.env', '.env.local', '.env.production',
+    '.ssh/', 'id_rsa', 'id_ed25519',
+    '.aws/credentials', '.aws/config',
+    '.npmrc', '.netrc',
+    'credentials.json', 'serviceAccountKey.json',
+    '.kube/config',
+];
+function isSensitivePath(filePath) {
+    if (!filePath)
+        return false;
+    const normalized = filePath.replace(/\\/g, '/');
+    return SENSITIVE_PATHS.some((p) => normalized.includes(`/${p}`) || normalized.endsWith(p));
+}
+// ---------------------------------------------------------------------------
+// Protection level thresholds
+// ---------------------------------------------------------------------------
+function shouldDenyAtLevel(decision, config) {
+    const level = config.level || 'balanced';
+    if (level === 'strict') {
+        return decision.decision === 'deny' || decision.decision === 'confirm';
+    }
+    if (level === 'balanced') {
+        return decision.decision === 'deny';
+    }
+    if (level === 'permissive') {
+        return decision.decision === 'deny' && decision.risk_level === 'critical';
+    }
+    return decision.decision === 'deny';
+}
+function shouldAskAtLevel(decision, config) {
+    const level = config.level || 'balanced';
+    if (level === 'strict') {
+        return false;
+    }
+    if (level === 'balanced') {
+        return decision.decision === 'confirm';
+    }
+    if (level === 'permissive') {
+        return ((decision.decision === 'deny' && decision.risk_level !== 'critical') ||
+            (decision.decision === 'confirm' &&
+                (decision.risk_level === 'high' || decision.risk_level === 'critical')));
+    }
+    return decision.decision === 'confirm';
+}
+// ---------------------------------------------------------------------------
+// Audit logging
+// ---------------------------------------------------------------------------
+function writeAuditLog(input, decision, initiatingSkill) {
+    try {
+        ensureDir();
+        const entry = {
+            timestamp: new Date().toISOString(),
+            tool_name: input.toolName,
+            tool_input_summary: summarizeToolInput(input),
+            decision: decision?.decision || 'allow',
+            risk_level: decision?.risk_level || 'low',
+            risk_tags: decision?.risk_tags || [],
+        };
+        if (initiatingSkill) {
+            entry.initiating_skill = initiatingSkill;
+        }
+        (0, node_fs_1.appendFileSync)(AUDIT_PATH, JSON.stringify(entry) + '\n');
+    }
+    catch {
+        // Non-critical
+    }
+}
+function summarizeToolInput(input) {
+    const toolInput = input.toolInput;
+    if (typeof toolInput === 'object' && toolInput !== null) {
+        const cmd = toolInput.command;
+        if (typeof cmd === 'string')
+            return cmd.slice(0, 200);
+        const fp = toolInput.file_path ||
+            toolInput.path;
+        if (typeof fp === 'string')
+            return fp;
+        const url = toolInput.url ||
+            toolInput.query;
+        if (typeof url === 'string')
+            return url;
+    }
+    return JSON.stringify(toolInput).slice(0, 200);
+}
+// ---------------------------------------------------------------------------
+// Skill trust policy helpers
+// ---------------------------------------------------------------------------
+async function getSkillTrustPolicy(skillId, registry) {
+    if (!skillId) {
+        return { trustLevel: null, capabilities: null, isKnown: false };
+    }
+    try {
+        const result = await registry.lookup({
+            id: skillId,
+            source: skillId,
+            version_ref: '0.0.0',
+            artifact_hash: '',
+        });
+        return {
+            trustLevel: result.effective_trust_level,
+            capabilities: result.effective_capabilities,
+            isKnown: result.record !== null,
+        };
+    }
+    catch {
+        return { trustLevel: null, capabilities: null, isKnown: false };
+    }
+}
+function isActionAllowedByCapabilities(actionType, capabilities) {
+    if (!capabilities)
+        return true;
+    switch (actionType) {
+        case 'exec_command':
+            return capabilities.can_exec !== false;
+        case 'network_request':
+            return capabilities.can_network !== false;
+        case 'write_file':
+            return capabilities.can_write !== false;
+        case 'read_file':
+            return capabilities.can_read !== false;
+        case 'web3_tx':
+        case 'web3_sign':
+            return capabilities.can_web3 !== false;
+        default:
+            return true;
+    }
+}
+//# sourceMappingURL=common.js.map

package/dist/adapters/common.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.js","sourceRoot":"","sources":["../../src/adapters/common.ts"],"names":[],"mappings":";;AAuBA,gCAMC;AAeD,0CAMC;AAMD,8CAmBC;AAED,4CAuBC;AAMD,sCAsBC;AAqBD,kDAsBC;AAED,sEAoBC;AAjMD,qCAA8E;AAC9E,yCAAiC;AACjC,qCAAkC;AAGlC,8EAA8E;AAC9E,QAAQ;AACR,8EAA8E;AAE9E,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,aAAa,CAAC,CAAC;AACrF,MAAM,WAAW,GAAG,IAAA,gBAAI,EAAC,cAAc,EAAE,aAAa,CAAC,CAAC;AACxD,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,cAAc,EAAE,aAAa,CAAC,CAAC;AAEvD,SAAS,SAAS;IAChB,IAAI,CAAC,IAAA,oBAAU,EAAC,cAAc,CAAC,EAAE,CAAC;QAChC,IAAA,mBAAS,EAAC,cAAc,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,SAAS;AACT,8EAA8E;AAE9E,SAAgB,UAAU;IACxB,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E,MAAM,eAAe,GAAG;IACtB,MAAM,EAAE,YAAY,EAAE,iBAAiB;IACvC,OAAO,EAAE,QAAQ,EAAE,YAAY;IAC/B,kBAAkB,EAAE,aAAa;IACjC,QAAQ,EAAE,QAAQ;IAClB,kBAAkB,EAAE,wBAAwB;IAC5C,cAAc;CACf,CAAC;AAEF,SAAgB,eAAe,CAAC,QAAgB;IAC9C,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAChD,OAAO,eAAe,CAAC,IAAI,CACzB,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAC9D,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,8BAA8B;AAC9B,8EAA8E;AAE9E,SAAgB,iBAAiB,CAC/B,QAAmD,EACnD,MAA0B;IAE1B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,UAAU,CAAC;IAEzC,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvB,OAAO,QAAQ,CAAC,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,QAAQ,KAAK,SAAS,CAAC;IACzE,CAAC;IAED,IAAI,KAAK,KAAK,UAAU,EAAE,CAAC;QACzB,OAAO,QAAQ,CAAC,QAAQ,KAAK,MAAM,CAAC;IACtC,CAAC;IAED,IAAI,KAAK,KAAK,YAAY,EAAE,CAAC;QAC3B,OAAO,QAAQ,CAAC,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,UAAU,KAAK,UAAU,CAAC;IAC5E,CAAC;IAED,OAAO,QAAQ,CAAC,QAAQ,KAAK,MAAM,CAAC;AACtC,CAAC;AAED,SAAgB,gBAAgB,CAC9B,QAAmD,EACnD,MAA0B;IAE1B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,UAAU,CAAC;IAEzC,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,KAAK,KAAK,UAAU,EAAE,CAAC;QACzB,OAAO,QAAQ,CAAC,QAAQ,KAAK,SAAS,CAAC;IACzC,CAAC;IAED,IAAI,KAAK,KAAK,YAAY,EAAE,CAAC;QAC3B,OAAO,CACL,CAAC,QAAQ,CAAC,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,UAAU,KAAK,UAAU,CAAC;YACpE,CAAC,QAAQ,CAAC,QAAQ,KAAK,SAAS;gBAC9B,CAAC,QAAQ,CAAC,UAAU,KAAK,MAAM,IAAI,QAAQ,CAAC,UAAU,KAAK,UAAU,CAAC,CAAC,CAC1E,CAAC;IACJ,CAAC;IAED,OAAO,QAAQ,CAAC,QAAQ,KAAK,SAAS,CAAC;AACzC,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,SAAgB,aAAa,CAC3B,KAAgB,EAChB,QAAiF,EACjF,eAA+B;IAE/B,IAAI,CAAC;QACH,SAAS,EAAE,CAAC;QACZ,MAAM,KAAK,GAA4B;YACrC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,KAAK,CAAC,QAAQ;YACzB,kBAAkB,EAAE,kBAAkB,CAAC,KAAK,CAAC;YAC7C,QAAQ,EAAE,QAAQ,EAAE,QAAQ,IAAI,OAAO;YACvC,UAAU,EAAE,QAAQ,EAAE,UAAU,IAAI,KAAK;YACzC,SAAS,EAAE,QAAQ,EAAE,SAAS,IAAI,EAAE;SACrC,CAAC;QACF,IAAI,eAAe,EAAE,CAAC;YACpB,KAAK,CAAC,gBAAgB,GAAG,eAAe,CAAC;QAC3C,CAAC;QACD,IAAA,wBAAc,EAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,eAAe;IACjB,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAgB;IAC1C,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC;IAClC,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACxD,MAAM,GAAG,GAAI,SAAqC,CAAC,OAAO,CAAC;QAC3D,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACtD,MAAM,EAAE,GAAI,SAAqC,CAAC,SAAS;YAC/C,SAAqC,CAAC,IAAI,CAAC;QACvD,IAAI,OAAO,EAAE,KAAK,QAAQ;YAAE,OAAO,EAAE,CAAC;QACtC,MAAM,GAAG,GAAI,SAAqC,CAAC,GAAG;YACzC,SAAqC,CAAC,KAAK,CAAC;QACzD,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,GAAG,CAAC;IAC1C,CAAC;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACjD,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAEvE,KAAK,UAAU,mBAAmB,CACvC,OAAe,EACf,QAA4N;IAE5N,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAClE,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;YACnC,EAAE,EAAE,OAAO;YACX,MAAM,EAAE,OAAO;YACf,WAAW,EAAE,OAAO;YACpB,aAAa,EAAE,EAAE;SAClB,CAAC,CAAC;QACH,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,qBAAqB;YACxC,YAAY,EAAE,MAAM,CAAC,sBAAsB;YAC3C,OAAO,EAAE,MAAM,CAAC,MAAM,KAAK,IAAI;SAChC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAClE,CAAC;AACH,CAAC;AAED,SAAgB,6BAA6B,CAC3C,UAAkB,EAClB,YAAqC;IAErC,IAAI,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IAC/B,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,cAAc;YACjB,OAAO,YAAY,CAAC,QAAQ,KAAK,KAAK,CAAC;QACzC,KAAK,iBAAiB;YACpB,OAAO,YAAY,CAAC,WAAW,KAAK,KAAK,CAAC;QAC5C,KAAK,YAAY;YACf,OAAO,YAAY,CAAC,SAAS,KAAK,KAAK,CAAC;QAC1C,KAAK,WAAW;YACd,OAAO,YAAY,CAAC,QAAQ,KAAK,KAAK,CAAC;QACzC,KAAK,SAAS,CAAC;QACf,KAAK,WAAW;YACd,OAAO,YAAY,CAAC,QAAQ,KAAK,KAAK,CAAC;QACzC;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC"}

package/dist/adapters/engine.d.ts

@@ -0,0 +1,9 @@
+import type { HookAdapter, HookOutput, EngineOptions } from './types.js';
+/**
+ * Evaluate a hook event using the common AgentGuard decision engine.
+ *
+ * This is the platform-agnostic core — adapters handle I/O protocol,
+ * this function handles security logic.
+ */
+export declare function evaluateHook(adapter: HookAdapter, rawInput: unknown, options: EngineOptions): Promise<HookOutput>;
+//# sourceMappingURL=engine.d.ts.map

package/dist/adapters/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/adapters/engine.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAa,UAAU,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAUpF;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,OAAO,EAAE,WAAW,EACpB,QAAQ,EAAE,OAAO,EACjB,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,UAAU,CAAC,CAiGrB"}