npm - @goplus/agentguard - Versions diffs - 1.0.2 → 1.0.4 - Mend

@goplus/agentguard 1.0.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

package/README.md +126 -12
package/dist/adapters/claude-code.d.ts +16 -0
package/dist/adapters/claude-code.d.ts.map +1 -0
package/dist/adapters/claude-code.js +128 -0
package/dist/adapters/claude-code.js.map +1 -0
package/dist/adapters/common.d.ts +40 -0
package/dist/adapters/common.d.ts.map +1 -0
package/dist/adapters/common.js +166 -0
package/dist/adapters/common.js.map +1 -0
package/dist/adapters/engine.d.ts +9 -0
package/dist/adapters/engine.d.ts.map +1 -0
package/dist/adapters/engine.js +93 -0
package/dist/adapters/engine.js.map +1 -0
package/dist/adapters/index.d.ts +7 -0
package/dist/adapters/index.d.ts.map +1 -0
package/dist/adapters/index.js +22 -0
package/dist/adapters/index.js.map +1 -0
package/dist/adapters/openclaw-plugin.d.ts +72 -0
package/dist/adapters/openclaw-plugin.d.ts.map +1 -0
package/dist/adapters/openclaw-plugin.js +369 -0
package/dist/adapters/openclaw-plugin.js.map +1 -0
package/dist/adapters/openclaw.d.ts +22 -0
package/dist/adapters/openclaw.d.ts.map +1 -0
package/dist/adapters/openclaw.js +118 -0
package/dist/adapters/openclaw.js.map +1 -0
package/dist/adapters/types.d.ts +81 -0
package/dist/adapters/types.d.ts.map +1 -0
package/dist/adapters/types.js +3 -0
package/dist/adapters/types.js.map +1 -0
package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +14 -7
package/dist/index.js.map +1 -1
package/dist/tests/adapter.test.d.ts +2 -0
package/dist/tests/adapter.test.d.ts.map +1 -0
package/dist/tests/adapter.test.js +396 -0
package/dist/tests/adapter.test.js.map +1 -0
package/dist/tests/helpers/test-utils.d.ts +23 -0
package/dist/tests/helpers/test-utils.d.ts.map +1 -0
package/dist/tests/helpers/test-utils.js +37 -0
package/dist/tests/helpers/test-utils.js.map +1 -0
package/dist/tests/integration.test.d.ts +2 -0
package/dist/tests/integration.test.d.ts.map +1 -0
package/dist/tests/integration.test.js +229 -0
package/dist/tests/integration.test.js.map +1 -0
package/dist/tests/smoke.test.d.ts +2 -0
package/dist/tests/smoke.test.d.ts.map +1 -0
package/dist/tests/smoke.test.js +94 -0
package/dist/tests/smoke.test.js.map +1 -0
package/package.json +1 -1

package/dist/adapters/engine.js ADDED Viewed

@@ -0,0 +1,93 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.evaluateHook = evaluateHook;
+const common_js_1 = require("./common.js");
+/**
+ * Evaluate a hook event using the common AgentGuard decision engine.
+ *
+ * This is the platform-agnostic core — adapters handle I/O protocol,
+ * this function handles security logic.
+ */
+async function evaluateHook(adapter, rawInput, options) {
+    const input = adapter.parseInput(rawInput);
+    // Post-tool events → audit only
+    if (input.eventType === 'post') {
+        const skill = await adapter.inferInitiatingSkill(input);
+        (0, common_js_1.writeAuditLog)(input, null, skill);
+        return { decision: 'allow' };
+    }
+    // Build envelope
+    const initiatingSkill = await adapter.inferInitiatingSkill(input);
+    const envelope = adapter.buildEnvelope(input, initiatingSkill);
+    if (!envelope) {
+        return { decision: 'allow' };
+    }
+    // Fast check: sensitive file paths (Write/Edit)
+    const actionType = adapter.mapToolToActionType(input.toolName);
+    if (actionType === 'write_file') {
+        const filePath = input.toolInput.file_path ||
+            input.toolInput.path || '';
+        if ((0, common_js_1.isSensitivePath)(filePath)) {
+            const skillTag = initiatingSkill ? ` (via skill: ${initiatingSkill})` : '';
+            const reason = `GoPlus AgentGuard: blocked write to sensitive path "${filePath}"${skillTag}`;
+            (0, common_js_1.writeAuditLog)(input, { decision: 'deny', risk_level: 'critical', risk_tags: ['SENSITIVE_PATH'] }, initiatingSkill);
+            // In permissive mode, ask for user-initiated writes
+            if (options.config.level === 'permissive' && !initiatingSkill) {
+                return { decision: 'ask', reason, riskLevel: 'critical', riskTags: ['SENSITIVE_PATH'], initiatingSkill };
+            }
+            return { decision: 'deny', reason, riskLevel: 'critical', riskTags: ['SENSITIVE_PATH'], initiatingSkill };
+        }
+    }
+    // Full ActionScanner evaluation
+    try {
+        const decision = await options.agentguard.actionScanner.decide(envelope);
+        // Skill trust policy enforcement
+        if (initiatingSkill) {
+            const policy = await (0, common_js_1.getSkillTrustPolicy)(initiatingSkill, options.agentguard.registry);
+            if (!policy.isKnown || policy.trustLevel === 'untrusted') {
+                if (!(0, common_js_1.isActionAllowedByCapabilities)(envelope.action.type, { can_exec: false, can_network: false, can_write: false, can_read: true, can_web3: false })) {
+                    const reason = `GoPlus AgentGuard: untrusted skill "${initiatingSkill}" attempted ${envelope.action.type} — register it with /agentguard trust attest to allow`;
+                    (0, common_js_1.writeAuditLog)(input, { decision: 'deny', risk_level: 'high', risk_tags: ['UNTRUSTED_SKILL', ...(decision.risk_tags || [])] }, initiatingSkill);
+                    return { decision: 'ask', reason, riskLevel: 'high', riskTags: ['UNTRUSTED_SKILL'], initiatingSkill };
+                }
+            }
+            if (policy.isKnown && policy.capabilities) {
+                if (!(0, common_js_1.isActionAllowedByCapabilities)(envelope.action.type, policy.capabilities)) {
+                    const reason = `GoPlus AgentGuard: skill "${initiatingSkill}" is not allowed to ${envelope.action.type} per its trust policy`;
+                    (0, common_js_1.writeAuditLog)(input, { decision: 'deny', risk_level: 'high', risk_tags: ['CAPABILITY_EXCEEDED', ...(decision.risk_tags || [])] }, initiatingSkill);
+                    return { decision: 'deny', reason, riskLevel: 'high', riskTags: ['CAPABILITY_EXCEEDED'], initiatingSkill };
+                }
+            }
+        }
+        // Write audit log
+        (0, common_js_1.writeAuditLog)(input, decision, initiatingSkill);
+        // Apply protection level thresholds
+        const skillTag = initiatingSkill ? ` (via skill: ${initiatingSkill})` : '';
+        const tags = (decision.risk_tags || []).join(', ');
+        if ((0, common_js_1.shouldDenyAtLevel)(decision, options.config)) {
+            return {
+                decision: 'deny',
+                reason: `GoPlus AgentGuard: ${decision.explanation || 'Action blocked'}${skillTag} [${tags}]`,
+                riskLevel: decision.risk_level,
+                riskTags: decision.risk_tags,
+                initiatingSkill,
+            };
+        }
+        if ((0, common_js_1.shouldAskAtLevel)(decision, options.config)) {
+            return {
+                decision: 'ask',
+                reason: `GoPlus AgentGuard: ${decision.explanation || 'Action requires confirmation'}${skillTag} [${tags}]`,
+                riskLevel: decision.risk_level,
+                riskTags: decision.risk_tags,
+                initiatingSkill,
+            };
+        }
+        return { decision: 'allow', initiatingSkill };
+    }
+    catch {
+        // Engine error → fail open
+        (0, common_js_1.writeAuditLog)(input, { decision: 'error', risk_level: 'low', risk_tags: ['ENGINE_ERROR'] }, initiatingSkill);
+        return { decision: 'allow' };
+    }
+}
+//# sourceMappingURL=engine.js.map

package/dist/adapters/engine.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"engine.js","sourceRoot":"","sources":["../../src/adapters/engine.ts"],"names":[],"mappings":";;AAgBA,oCAqGC;AApHD,2CAOqB;AAErB;;;;;GAKG;AACI,KAAK,UAAU,YAAY,CAChC,OAAoB,EACpB,QAAiB,EACjB,OAAsB;IAEtB,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAE3C,gCAAgC;IAChC,IAAI,KAAK,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;QACxD,IAAA,yBAAa,EAAC,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAClC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC/B,CAAC;IAED,iBAAiB;IACjB,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;IAClE,MAAM,QAAQ,GAAG,OAAO,CAAC,aAAa,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAE/D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC/B,CAAC;IAED,gDAAgD;IAChD,MAAM,UAAU,GAAG,OAAO,CAAC,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC/D,IAAI,UAAU,KAAK,YAAY,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAI,KAAK,CAAC,SAAS,CAAC,SAAoB;YACpC,KAAK,CAAC,SAAS,CAAC,IAAe,IAAI,EAAE,CAAC;QACxD,IAAI,IAAA,2BAAe,EAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,eAAe,CAAC,CAAC,CAAC,gBAAgB,eAAe,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3E,MAAM,MAAM,GAAG,uDAAuD,QAAQ,IAAI,QAAQ,EAAE,CAAC;YAC7F,IAAA,yBAAa,EAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,gBAAgB,CAAC,EAAE,EAAE,eAAe,CAAC,CAAC;YAEnH,oDAAoD;YACpD,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,KAAK,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC9D,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;YAC3G,CAAC;YACD,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;QAC5G,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAEzE,iCAAiC;QACjC,IAAI,eAAe,EAAE,CAAC;YACpB,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAmB,EAAC,eAAe,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAEvF,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU,KAAK,WAAW,EAAE,CAAC;gBACzD,IAAI,CAAC,IAAA,yCAA6B,EAChC,QAAQ,CAAC,MAAM,CAAC,IAAI,EACpB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAC3F,EAAE,CAAC;oBACF,MAAM,MAAM,GAAG,uCAAuC,eAAe,eAAe,QAAQ,CAAC,MAAM,CAAC,IAAI,uDAAuD,CAAC;oBAChK,IAAA,yBAAa,EAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,iBAAiB,EAAE,GAAG,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,eAAe,CAAC,CAAC;oBAC/I,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,iBAAiB,CAAC,EAAE,eAAe,EAAE,CAAC;gBACxG,CAAC;YACH,CAAC;YAED,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBAC1C,IAAI,CAAC,IAAA,yCAA6B,EAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC9E,MAAM,MAAM,GAAG,6BAA6B,eAAe,uBAAuB,QAAQ,CAAC,MAAM,CAAC,IAAI,uBAAuB,CAAC;oBAC9H,IAAA,yBAAa,EAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,qBAAqB,EAAE,GAAG,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,eAAe,CAAC,CAAC;oBACnJ,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,qBAAqB,CAAC,EAAE,eAAe,EAAE,CAAC;gBAC7G,CAAC;YACH,CAAC;QACH,CAAC;QAED,kBAAkB;QAClB,IAAA,yBAAa,EAAC,KAAK,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;QAEhD,oCAAoC;QACpC,MAAM,QAAQ,GAAG,eAAe,CAAC,CAAC,CAAC,gBAAgB,eAAe,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEnD,IAAI,IAAA,6BAAiB,EAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAChD,OAAO;gBACL,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,sBAAsB,QAAQ,CAAC,WAAW,IAAI,gBAAgB,GAAG,QAAQ,KAAK,IAAI,GAAG;gBAC7F,SAAS,EAAE,QAAQ,CAAC,UAAU;gBAC9B,QAAQ,EAAE,QAAQ,CAAC,SAAS;gBAC5B,eAAe;aAChB,CAAC;QACJ,CAAC;QAED,IAAI,IAAA,4BAAgB,EAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/C,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,sBAAsB,QAAQ,CAAC,WAAW,IAAI,8BAA8B,GAAG,QAAQ,KAAK,IAAI,GAAG;gBAC3G,SAAS,EAAE,QAAQ,CAAC,UAAU;gBAC9B,QAAQ,EAAE,QAAQ,CAAC,SAAS;gBAC5B,eAAe;aAChB,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;QAC3B,IAAA,yBAAa,EAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,eAAe,CAAC,CAAC;QAC7G,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC"}

package/dist/adapters/index.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+export type { HookAdapter, HookInput, HookOutput, EngineOptions, AgentGuardInstance } from './types.js';
+export { ClaudeCodeAdapter } from './claude-code.js';
+export { OpenClawAdapter } from './openclaw.js';
+export { evaluateHook } from './engine.js';
+export { registerOpenClawPlugin, getPluginIdFromTool, getPluginScanResult, type OpenClawPluginOptions, } from './openclaw-plugin.js';
+export { loadConfig, isSensitivePath, shouldDenyAtLevel, shouldAskAtLevel, writeAuditLog, getSkillTrustPolicy, isActionAllowedByCapabilities, } from './common.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/adapters/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AACxG,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,EACnB,KAAK,qBAAqB,GAC3B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,UAAU,EACV,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EAChB,aAAa,EACb,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,aAAa,CAAC"}

package/dist/adapters/index.js ADDED Viewed

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isActionAllowedByCapabilities = exports.getSkillTrustPolicy = exports.writeAuditLog = exports.shouldAskAtLevel = exports.shouldDenyAtLevel = exports.isSensitivePath = exports.loadConfig = exports.getPluginScanResult = exports.getPluginIdFromTool = exports.registerOpenClawPlugin = exports.evaluateHook = exports.OpenClawAdapter = exports.ClaudeCodeAdapter = void 0;
+var claude_code_js_1 = require("./claude-code.js");
+Object.defineProperty(exports, "ClaudeCodeAdapter", { enumerable: true, get: function () { return claude_code_js_1.ClaudeCodeAdapter; } });
+var openclaw_js_1 = require("./openclaw.js");
+Object.defineProperty(exports, "OpenClawAdapter", { enumerable: true, get: function () { return openclaw_js_1.OpenClawAdapter; } });
+var engine_js_1 = require("./engine.js");
+Object.defineProperty(exports, "evaluateHook", { enumerable: true, get: function () { return engine_js_1.evaluateHook; } });
+var openclaw_plugin_js_1 = require("./openclaw-plugin.js");
+Object.defineProperty(exports, "registerOpenClawPlugin", { enumerable: true, get: function () { return openclaw_plugin_js_1.registerOpenClawPlugin; } });
+Object.defineProperty(exports, "getPluginIdFromTool", { enumerable: true, get: function () { return openclaw_plugin_js_1.getPluginIdFromTool; } });
+Object.defineProperty(exports, "getPluginScanResult", { enumerable: true, get: function () { return openclaw_plugin_js_1.getPluginScanResult; } });
+var common_js_1 = require("./common.js");
+Object.defineProperty(exports, "loadConfig", { enumerable: true, get: function () { return common_js_1.loadConfig; } });
+Object.defineProperty(exports, "isSensitivePath", { enumerable: true, get: function () { return common_js_1.isSensitivePath; } });
+Object.defineProperty(exports, "shouldDenyAtLevel", { enumerable: true, get: function () { return common_js_1.shouldDenyAtLevel; } });
+Object.defineProperty(exports, "shouldAskAtLevel", { enumerable: true, get: function () { return common_js_1.shouldAskAtLevel; } });
+Object.defineProperty(exports, "writeAuditLog", { enumerable: true, get: function () { return common_js_1.writeAuditLog; } });
+Object.defineProperty(exports, "getSkillTrustPolicy", { enumerable: true, get: function () { return common_js_1.getSkillTrustPolicy; } });
+Object.defineProperty(exports, "isActionAllowedByCapabilities", { enumerable: true, get: function () { return common_js_1.isActionAllowedByCapabilities; } });
+//# sourceMappingURL=index.js.map

package/dist/adapters/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":";;;AACA,mDAAqD;AAA5C,mHAAA,iBAAiB,OAAA;AAC1B,6CAAgD;AAAvC,8GAAA,eAAe,OAAA;AACxB,yCAA2C;AAAlC,yGAAA,YAAY,OAAA;AACrB,2DAK8B;AAJ5B,4HAAA,sBAAsB,OAAA;AACtB,yHAAA,mBAAmB,OAAA;AACnB,yHAAA,mBAAmB,OAAA;AAGrB,yCAQqB;AAPnB,uGAAA,UAAU,OAAA;AACV,4GAAA,eAAe,OAAA;AACf,8GAAA,iBAAiB,OAAA;AACjB,6GAAA,gBAAgB,OAAA;AAChB,0GAAA,aAAa,OAAA;AACb,gHAAA,mBAAmB,OAAA;AACnB,0HAAA,6BAA6B,OAAA"}

package/dist/adapters/openclaw-plugin.d.ts ADDED Viewed

@@ -0,0 +1,72 @@
+/**
+ * GoPlus AgentGuard — OpenClaw Plugin
+ *
+ * Registers before_tool_call, after_tool_call, and session_start hooks
+ * with the OpenClaw plugin API to evaluate tool safety at runtime and
+ * auto-scan installed skills on session startup.
+ *
+ * Features:
+ * - Auto-scan all loaded plugins on registration
+ * - Auto-scan skill directories (~/.openclaw/skills/, ~/.claude/skills/) on session_start
+ * - Auto-register plugins to AgentGuard trust registry
+ * - Build toolName → pluginId mapping for initiating skill inference
+ *
+ * Usage in OpenClaw plugin config:
+ *   import agentguard from '@goplus/agentguard/openclaw';
+ *   export default agentguard;
+ *
+ * Or register manually:
+ *   import { registerOpenClawPlugin } from '@goplus/agentguard';
+ *   registerOpenClawPlugin(api);
+ */
+import type { AgentGuardInstance } from './types.js';
+import { SkillScanner } from '../scanner/index.js';
+import { SkillRegistry } from '../registry/index.js';
+/**
+ * OpenClaw plugin API interface (subset we use)
+ */
+interface OpenClawPluginApi {
+    id: string;
+    name: string;
+    source: string;
+    on(event: string, handler: (event: unknown, ctx?: unknown) => Promise<unknown>): void;
+    on(event: string, options: Record<string, unknown>, handler: (event: unknown, ctx?: unknown) => Promise<unknown>): void;
+}
+/**
+ * Plugin registration options
+ */
+export interface OpenClawPluginOptions {
+    /** Protection level (strict/balanced/permissive) */
+    level?: string;
+    /** Enable auto-scanning of plugins (default: false — opt-in) */
+    skipAutoScan?: boolean;
+    /** Custom AgentGuard instance factory */
+    agentguardFactory?: () => AgentGuardInstance;
+    /** Custom scanner instance */
+    scanner?: SkillScanner;
+    /** Custom registry instance */
+    registry?: SkillRegistry;
+}
+/**
+ * Get plugin ID from tool name
+ */
+export declare function getPluginIdFromTool(toolName: string): string | null;
+/**
+ * Get scan result for a plugin
+ */
+export declare function getPluginScanResult(pluginId: string): {
+    riskLevel: string;
+    riskTags: string[];
+} | null;
+/**
+ * Register AgentGuard hooks with OpenClaw plugin API
+ */
+export declare function registerOpenClawPlugin(api: OpenClawPluginApi, options?: OpenClawPluginOptions): void;
+/**
+ * Default export for OpenClaw plugin registration
+ *
+ * Usage: export default from '@goplus/agentguard/openclaw'
+ */
+export default function register(api: OpenClawPluginApi): void;
+export {};
+//# sourceMappingURL=openclaw-plugin.d.ts.map

package/dist/adapters/openclaw-plugin.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"openclaw-plugin.d.ts","sourceRoot":"","sources":["../../src/adapters/openclaw-plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AASH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AA0BrD;;GAEG;AACH,UAAU,iBAAiB;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;IACtF,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;CACzH;AAkGD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,oDAAoD;IACpD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gEAAgE;IAChE,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,yCAAyC;IACzC,iBAAiB,CAAC,EAAE,MAAM,kBAAkB,CAAC;IAC7C,8BAA8B;IAC9B,OAAO,CAAC,EAAE,YAAY,CAAC;IACvB,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,aAAa,CAAC;CAC1B;AA6HD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAEnE;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,IAAI,CAEtG;AAMD;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,GAAG,EAAE,iBAAiB,EACtB,OAAO,GAAE,qBAA0B,GAClC,IAAI,CA8GN;AAED;;;;GAIG;AACH,MAAM,CAAC,OAAO,UAAU,QAAQ,CAAC,GAAG,EAAE,iBAAiB,GAAG,IAAI,CAE7D"}

package/dist/adapters/openclaw-plugin.js ADDED Viewed

@@ -0,0 +1,369 @@
+"use strict";
+/**
+ * GoPlus AgentGuard — OpenClaw Plugin
+ *
+ * Registers before_tool_call, after_tool_call, and session_start hooks
+ * with the OpenClaw plugin API to evaluate tool safety at runtime and
+ * auto-scan installed skills on session startup.
+ *
+ * Features:
+ * - Auto-scan all loaded plugins on registration
+ * - Auto-scan skill directories (~/.openclaw/skills/, ~/.claude/skills/) on session_start
+ * - Auto-register plugins to AgentGuard trust registry
+ * - Build toolName → pluginId mapping for initiating skill inference
+ *
+ * Usage in OpenClaw plugin config:
+ *   import agentguard from '@goplus/agentguard/openclaw';
+ *   export default agentguard;
+ *
+ * Or register manually:
+ *   import { registerOpenClawPlugin } from '@goplus/agentguard';
+ *   registerOpenClawPlugin(api);
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getPluginIdFromTool = getPluginIdFromTool;
+exports.getPluginScanResult = getPluginScanResult;
+exports.registerOpenClawPlugin = registerOpenClawPlugin;
+exports.default = register;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const node_os_1 = require("node:os");
+const path = __importStar(require("node:path"));
+const openclaw_js_1 = require("./openclaw.js");
+const engine_js_1 = require("./engine.js");
+const common_js_1 = require("./common.js");
+const index_js_1 = require("../scanner/index.js");
+const index_js_2 = require("../registry/index.js");
+// ---------------------------------------------------------------------------
+// Auto-scan helpers (skill directories)
+// ---------------------------------------------------------------------------
+const OPENCLAW_SKILLS_DIR = (0, node_path_1.join)((0, node_os_1.homedir)(), '.openclaw', 'skills');
+const CLAUDE_SKILLS_DIR = (0, node_path_1.join)((0, node_os_1.homedir)(), '.claude', 'skills');
+const AGENTGUARD_DIR = process.env.AGENTGUARD_HOME || (0, node_path_1.join)((0, node_os_1.homedir)(), '.agentguard');
+const AUDIT_PATH = (0, node_path_1.join)(AGENTGUARD_DIR, 'audit.jsonl');
+function ensureAgentGuardDir() {
+    if (!(0, node_fs_1.existsSync)(AGENTGUARD_DIR)) {
+        (0, node_fs_1.mkdirSync)(AGENTGUARD_DIR, { recursive: true });
+    }
+}
+function writeScanAuditLog(entry) {
+    try {
+        ensureAgentGuardDir();
+        (0, node_fs_1.appendFileSync)(AUDIT_PATH, JSON.stringify(entry) + '\n');
+    }
+    catch {
+        // Non-critical
+    }
+}
+/**
+ * Discover skill directories (containing SKILL.md) under the given path.
+ */
+function discoverSkillDirs(skillsDir) {
+    if (!(0, node_fs_1.existsSync)(skillsDir))
+        return [];
+    const skills = [];
+    try {
+        const entries = (0, node_fs_1.readdirSync)(skillsDir, { withFileTypes: true });
+        for (const entry of entries) {
+            if (!entry.isDirectory())
+                continue;
+            const skillDir = (0, node_path_1.join)(skillsDir, entry.name);
+            if ((0, node_fs_1.existsSync)((0, node_path_1.join)(skillDir, 'SKILL.md'))) {
+                skills.push({ name: entry.name, path: skillDir });
+            }
+        }
+    }
+    catch {
+        // Can't read skills dir
+    }
+    return skills;
+}
+/**
+ * Scan skill directories (~/.openclaw/skills/ and ~/.claude/skills/).
+ * Scan-only mode: reports results via logger, does NOT modify the trust registry.
+ * Users can register skills manually with /agentguard trust attest.
+ */
+async function autoScanSkillDirs(scanner, _registry, logger) {
+    const skills = [
+        ...discoverSkillDirs(OPENCLAW_SKILLS_DIR),
+        ...discoverSkillDirs(CLAUDE_SKILLS_DIR),
+    ];
+    if (skills.length === 0)
+        return;
+    let scanned = 0;
+    for (const skill of skills) {
+        // Skip self
+        if (skill.name === 'agentguard')
+            continue;
+        try {
+            const result = await scanner.quickScan(skill.path);
+            scanned++;
+            // Audit log — only record skill name, risk level, and tag names (no code/evidence)
+            writeScanAuditLog({
+                timestamp: new Date().toISOString(),
+                event: 'auto_scan',
+                skill_name: skill.name,
+                risk_level: result.risk_level,
+                risk_tags: result.risk_tags,
+            });
+            logger(`[AgentGuard] Skill "${skill.name}": ${result.risk_level} risk [${result.risk_tags.join(', ')}]`);
+        }
+        catch {
+            // Skip skills that fail to scan
+        }
+    }
+    if (scanned > 0) {
+        logger(`[AgentGuard] Scanned ${scanned} skill dir(s). Use /agentguard trust attest to register.`);
+    }
+}
+// ---------------------------------------------------------------------------
+// Global State
+// ---------------------------------------------------------------------------
+/** Symbol to access OpenClaw's global registry */
+const OPENCLAW_REGISTRY_STATE = Symbol.for('openclaw.pluginRegistryState');
+/** Tool name → Plugin ID mapping */
+const toolToPluginMap = new Map();
+/** Plugin ID → Scan result cache */
+const pluginScanCache = new Map();
+// ---------------------------------------------------------------------------
+// Helper Functions
+// ---------------------------------------------------------------------------
+/**
+ * Get OpenClaw's active plugin registry via global symbol
+ */
+function getOpenClawRegistry() {
+    const globalState = globalThis;
+    const state = globalState[OPENCLAW_REGISTRY_STATE];
+    return state?.registry ?? null;
+}
+/**
+ * Get plugin directory from source path
+ */
+function getPluginDir(source) {
+    // source is typically the entry file (e.g., /path/to/plugin/index.ts)
+    // We want the directory
+    return path.dirname(source);
+}
+/**
+ * Scan a plugin and cache its risk level. Scan-only: does NOT modify trust registry.
+ * Users can register plugins manually with /agentguard trust attest.
+ */
+async function scanAndRegisterPlugin(plugin, scanner, _registry, logger) {
+    // Skip if already scanned
+    if (pluginScanCache.has(plugin.id)) {
+        return;
+    }
+    const pluginDir = getPluginDir(plugin.source);
+    try {
+        // Perform scan
+        const scanResult = await scanner.quickScan(pluginDir);
+        // Cache result (for runtime before_tool_call checks)
+        pluginScanCache.set(plugin.id, {
+            riskLevel: scanResult.risk_level,
+            riskTags: scanResult.risk_tags,
+        });
+        // Build tool → plugin mapping
+        for (const toolName of plugin.toolNames) {
+            toolToPluginMap.set(toolName, plugin.id);
+        }
+        logger(`[AgentGuard] Scanned plugin "${plugin.id}": ${scanResult.risk_level} risk [${scanResult.risk_tags.join(', ')}]`);
+    }
+    catch (err) {
+        // If scan fails, cache as unknown
+        pluginScanCache.set(plugin.id, {
+            riskLevel: 'unknown',
+            riskTags: ['SCAN_FAILED'],
+        });
+        // Still build tool mapping
+        for (const toolName of plugin.toolNames) {
+            toolToPluginMap.set(toolName, plugin.id);
+        }
+        logger(`[AgentGuard] Plugin "${plugin.id}" scan failed: ${String(err)}`);
+    }
+}
+/**
+ * Scan all loaded OpenClaw plugins
+ */
+async function scanAllPlugins(scanner, registry, logger, selfPluginId) {
+    const openclawRegistry = getOpenClawRegistry();
+    if (!openclawRegistry) {
+        logger('[AgentGuard] OpenClaw registry not available, skipping plugin auto-scan');
+        return;
+    }
+    const plugins = openclawRegistry.plugins.filter(p => p.status === 'loaded' &&
+        p.enabled &&
+        p.id !== selfPluginId // Don't scan ourselves
+    );
+    logger(`[AgentGuard] Auto-scanning ${plugins.length} loaded plugins...`);
+    // Scan plugins in parallel (with concurrency limit)
+    const CONCURRENCY = 3;
+    for (let i = 0; i < plugins.length; i += CONCURRENCY) {
+        const batch = plugins.slice(i, i + CONCURRENCY);
+        await Promise.all(batch.map(plugin => scanAndRegisterPlugin(plugin, scanner, registry, logger)));
+    }
+    logger(`[AgentGuard] Plugin auto-scan complete. ${toolToPluginMap.size} tools mapped.`);
+}
+/**
+ * Get plugin ID from tool name
+ */
+function getPluginIdFromTool(toolName) {
+    return toolToPluginMap.get(toolName) ?? null;
+}
+/**
+ * Get scan result for a plugin
+ */
+function getPluginScanResult(pluginId) {
+    return pluginScanCache.get(pluginId) ?? null;
+}
+// ---------------------------------------------------------------------------
+// Main Registration
+// ---------------------------------------------------------------------------
+/**
+ * Register AgentGuard hooks with OpenClaw plugin API
+ */
+function registerOpenClawPlugin(api, options = {}) {
+    const adapter = new openclaw_js_1.OpenClawAdapter();
+    const config = options.level ? { level: options.level } : (0, common_js_1.loadConfig)();
+    const scanner = options.scanner ?? new index_js_1.SkillScanner({ useExternalScanner: false });
+    const trustRegistry = options.registry ?? new index_js_2.SkillRegistry();
+    // Simple logger
+    const logger = (msg) => console.log(msg);
+    // Lazy-initialize agentguard instance
+    let agentguard = null;
+    function getAgentGuard() {
+        if (!agentguard) {
+            if (options.agentguardFactory) {
+                agentguard = options.agentguardFactory();
+            }
+            else {
+                try {
+                    // eslint-disable-next-line @typescript-eslint/no-require-imports
+                    const { createAgentGuard } = require('@goplus/agentguard');
+                    agentguard = createAgentGuard();
+                }
+                catch {
+                    throw new Error('AgentGuard: unable to load engine. Install @goplus/agentguard.');
+                }
+            }
+        }
+        return agentguard;
+    }
+    // Auto-scan plugins on registration (async, non-blocking, opt-in)
+    if (options.skipAutoScan === false) {
+        // Use setImmediate to allow plugin registration to complete first
+        setImmediate(async () => {
+            try {
+                await scanAllPlugins(scanner, trustRegistry, logger, api.id);
+            }
+            catch (err) {
+                logger(`[AgentGuard] Plugin auto-scan error: ${String(err)}`);
+            }
+        });
+    }
+    // session_start → auto-scan skill directories (only when opt-in)
+    if (options.skipAutoScan === false) {
+        api.on('session_start', async () => {
+            try {
+                await autoScanSkillDirs(scanner, trustRegistry, logger);
+            }
+            catch {
+                // Non-critical — never block session startup
+            }
+        });
+    }
+    // before_tool_call → evaluate and optionally block
+    api.on('before_tool_call', async (event) => {
+        try {
+            // Try to infer plugin from tool name
+            const toolEvent = event;
+            const pluginId = toolEvent.toolName ? getPluginIdFromTool(toolEvent.toolName) : null;
+            // Check if plugin is untrusted
+            if (pluginId) {
+                const scanResult = getPluginScanResult(pluginId);
+                if (scanResult?.riskLevel === 'critical') {
+                    return {
+                        block: true,
+                        blockReason: `GoPlus AgentGuard: Plugin "${pluginId}" has critical security findings and is blocked. Run /agentguard trust attest to manually approve.`,
+                    };
+                }
+            }
+            const result = await (0, engine_js_1.evaluateHook)(adapter, event, {
+                config,
+                agentguard: getAgentGuard(),
+            });
+            if (result.decision === 'deny') {
+                return {
+                    block: true,
+                    blockReason: result.reason || 'Blocked by GoPlus AgentGuard',
+                };
+            }
+            // OpenClaw has no 'ask' mode — block with explanation in strict/balanced
+            if (result.decision === 'ask') {
+                return {
+                    block: true,
+                    blockReason: result.reason || 'Requires confirmation (GoPlus AgentGuard)',
+                };
+            }
+            return undefined; // allow
+        }
+        catch {
+            // Fail open
+            return undefined;
+        }
+    });
+    // after_tool_call → audit log
+    api.on('after_tool_call', async (event) => {
+        try {
+            const input = adapter.parseInput(event);
+            const toolEvent = event;
+            const pluginId = toolEvent.toolName ? getPluginIdFromTool(toolEvent.toolName) : null;
+            (0, common_js_1.writeAuditLog)(input, null, pluginId);
+        }
+        catch {
+            // Non-critical
+        }
+    });
+    logger(`[AgentGuard] Registered with OpenClaw (protection level: ${config.level || 'balanced'})`);
+}
+/**
+ * Default export for OpenClaw plugin registration
+ *
+ * Usage: export default from '@goplus/agentguard/openclaw'
+ */
+function register(api) {
+    registerOpenClawPlugin(api);
+}
+//# sourceMappingURL=openclaw-plugin.js.map

package/dist/adapters/openclaw-plugin.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"openclaw-plugin.js","sourceRoot":"","sources":["../../src/adapters/openclaw-plugin.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8RH,kDAEC;AAKD,kDAEC;AASD,wDAiHC;AAOD,2BAEC;AAxaD,qCAA6E;AAC7E,yCAAiC;AACjC,qCAAkC;AAClC,gDAAkC;AAClC,+CAAgD;AAChD,2CAA2C;AAC3C,2CAAwD;AAExD,kDAAmD;AACnD,mDAAqD;AAqCrD,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E,MAAM,mBAAmB,GAAG,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;AACnE,MAAM,iBAAiB,GAAG,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;AAC/D,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,aAAa,CAAC,CAAC;AACrF,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,cAAc,EAAE,aAAa,CAAC,CAAC;AAEvD,SAAS,mBAAmB;IAC1B,IAAI,CAAC,IAAA,oBAAU,EAAC,cAAc,CAAC,EAAE,CAAC;QAChC,IAAA,mBAAS,EAAC,cAAc,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,KAA8B;IACvD,IAAI,CAAC;QACH,mBAAmB,EAAE,CAAC;QACtB,IAAA,wBAAc,EAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,eAAe;IACjB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,SAAiB;IAC1C,IAAI,CAAC,IAAA,oBAAU,EAAC,SAAS,CAAC;QAAE,OAAO,EAAE,CAAC;IACtC,MAAM,MAAM,GAAqC,EAAE,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,qBAAW,EAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;gBAAE,SAAS;YACnC,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC7C,IAAI,IAAA,oBAAU,EAAC,IAAA,gBAAI,EAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC;gBAC3C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wBAAwB;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,iBAAiB,CAC9B,OAAqB,EACrB,SAAwB,EACxB,MAA6B;IAE7B,MAAM,MAAM,GAAG;QACb,GAAG,iBAAiB,CAAC,mBAAmB,CAAC;QACzC,GAAG,iBAAiB,CAAC,iBAAiB,CAAC;KACxC,CAAC;IAEF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IAEhC,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,YAAY;QACZ,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY;YAAE,SAAS;QAE1C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACnD,OAAO,EAAE,CAAC;YAEV,mFAAmF;YACnF,iBAAiB,CAAC;gBAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,KAAK,EAAE,WAAW;gBAClB,UAAU,EAAE,KAAK,CAAC,IAAI;gBACtB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;aAC5B,CAAC,CAAC;YAEH,MAAM,CAAC,uBAAuB,KAAK,CAAC,IAAI,MAAM,MAAM,CAAC,UAAU,UAAU,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3G,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;QAClC,CAAC;IACH,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;QAChB,MAAM,CAAC,wBAAwB,OAAO,0DAA0D,CAAC,CAAC;IACpG,CAAC;AACH,CAAC;AAsBD,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,kDAAkD;AAClD,MAAM,uBAAuB,GAAG,MAAM,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;AAE3E,oCAAoC;AACpC,MAAM,eAAe,GAAG,IAAI,GAAG,EAAkB,CAAC;AAElD,oCAAoC;AACpC,MAAM,eAAe,GAAG,IAAI,GAAG,EAAqD,CAAC;AAErF,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;GAEG;AACH,SAAS,mBAAmB;IAC1B,MAAM,WAAW,GAAG,UAEnB,CAAC;IACF,MAAM,KAAK,GAAG,WAAW,CAAC,uBAAuB,CAAC,CAAC;IACnD,OAAO,KAAK,EAAE,QAAQ,IAAI,IAAI,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,MAAc;IAClC,sEAAsE;IACtE,wBAAwB;IACxB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,qBAAqB,CAClC,MAA4B,EAC5B,OAAqB,EACrB,SAAwB,EACxB,MAA6B;IAE7B,0BAA0B;IAC1B,IAAI,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;QACnC,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAE9C,IAAI,CAAC;QACH,eAAe;QACf,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAEtD,qDAAqD;QACrD,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE;YAC7B,SAAS,EAAE,UAAU,CAAC,UAAU;YAChC,QAAQ,EAAE,UAAU,CAAC,SAAS;SAC/B,CAAC,CAAC;QAEH,8BAA8B;QAC9B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,CAAC,gCAAgC,MAAM,CAAC,EAAE,MAAM,UAAU,CAAC,UAAU,UAAU,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAE3H,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,kCAAkC;QAClC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE;YAC7B,SAAS,EAAE,SAAS;YACpB,QAAQ,EAAE,CAAC,aAAa,CAAC;SAC1B,CAAC,CAAC;QAEH,2BAA2B;QAC3B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,CAAC,wBAAwB,MAAM,CAAC,EAAE,kBAAkB,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAqB,EACrB,QAAuB,EACvB,MAA6B,EAC7B,YAAqB;IAErB,MAAM,gBAAgB,GAAG,mBAAmB,EAAE,CAAC;IAE/C,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,CAAC,yEAAyE,CAAC,CAAC;QAClF,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAClD,CAAC,CAAC,MAAM,KAAK,QAAQ;QACrB,CAAC,CAAC,OAAO;QACT,CAAC,CAAC,EAAE,KAAK,YAAY,CAAC,uBAAuB;KAC9C,CAAC;IAEF,MAAM,CAAC,8BAA8B,OAAO,CAAC,MAAM,oBAAoB,CAAC,CAAC;IAEzE,oDAAoD;IACpD,MAAM,WAAW,GAAG,CAAC,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;QACrD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;QAChD,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,qBAAqB,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAC9E,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,2CAA2C,eAAe,CAAC,IAAI,gBAAgB,CAAC,CAAC;AAC1F,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,QAAgB;IAClD,OAAO,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,QAAgB;IAClD,OAAO,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;GAEG;AACH,SAAgB,sBAAsB,CACpC,GAAsB,EACtB,UAAiC,EAAE;IAEnC,MAAM,OAAO,GAAG,IAAI,6BAAe,EAAE,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,IAAA,sBAAU,GAAE,CAAC;IACvE,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,uBAAY,CAAC,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,CAAC;IACnF,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAI,wBAAa,EAAE,CAAC;IAE9D,gBAAgB;IAChB,MAAM,MAAM,GAAG,CAAC,GAAW,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAEjD,sCAAsC;IACtC,IAAI,UAAU,GAA8B,IAAI,CAAC;IAEjD,SAAS,aAAa;QACpB,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;gBAC9B,UAAU,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;YAC3C,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC;oBACH,iEAAiE;oBACjE,MAAM,EAAE,gBAAgB,EAAE,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;oBAC3D,UAAU,GAAG,gBAAgB,EAAE,CAAC;gBAClC,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;gBACpF,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,UAAW,CAAC;IACrB,CAAC;IAED,kEAAkE;IAClE,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;QACnC,kEAAkE;QAClE,YAAY,CAAC,KAAK,IAAI,EAAE;YACtB,IAAI,CAAC;gBACH,MAAM,cAAc,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAC/D,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,wCAAwC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,iEAAiE;IACjE,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;QACnC,GAAG,CAAC,EAAE,CAAC,eAAe,EAAE,KAAK,IAAI,EAAE;YACjC,IAAI,CAAC;gBACH,MAAM,iBAAiB,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;YAC1D,CAAC;YAAC,MAAM,CAAC;gBACP,6CAA6C;YAC/C,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,mDAAmD;IACnD,GAAG,CAAC,EAAE,CAAC,kBAAkB,EAAE,KAAK,EAAE,KAAc,EAAE,EAAE;QAClD,IAAI,CAAC;YACH,qCAAqC;YACrC,MAAM,SAAS,GAAG,KAA8B,CAAC;YACjD,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,mBAAmB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAErF,+BAA+B;YAC/B,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,UAAU,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;gBACjD,IAAI,UAAU,EAAE,SAAS,KAAK,UAAU,EAAE,CAAC;oBACzC,OAAO;wBACL,KAAK,EAAE,IAAI;wBACX,WAAW,EAAE,8BAA8B,QAAQ,oGAAoG;qBACxJ,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAY,EAAC,OAAO,EAAE,KAAK,EAAE;gBAChD,MAAM;gBACN,UAAU,EAAE,aAAa,EAAE;aAC5B,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;gBAC/B,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,WAAW,EAAE,MAAM,CAAC,MAAM,IAAI,8BAA8B;iBAC7D,CAAC;YACJ,CAAC;YAED,yEAAyE;YACzE,IAAI,MAAM,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;gBAC9B,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,WAAW,EAAE,MAAM,CAAC,MAAM,IAAI,2CAA2C;iBAC1E,CAAC;YACJ,CAAC;YAED,OAAO,SAAS,CAAC,CAAC,QAAQ;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;YACZ,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,8BAA8B;IAC9B,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,KAAK,EAAE,KAAc,EAAE,EAAE;QACjD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACxC,MAAM,SAAS,GAAG,KAA8B,CAAC;YACjD,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,mBAAmB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACrF,IAAA,yBAAa,EAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,eAAe;QACjB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,4DAA4D,MAAM,CAAC,KAAK,IAAI,UAAU,GAAG,CAAC,CAAC;AACpG,CAAC;AAED;;;;GAIG;AACH,SAAwB,QAAQ,CAAC,GAAsB;IACrD,sBAAsB,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC"}

package/dist/adapters/openclaw.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { ActionEnvelope } from '../types/action.js';
+import type { HookAdapter, HookInput } from './types.js';
+/**
+ * OpenClaw hook adapter
+ *
+ * Bridges OpenClaw's before_tool_call / after_tool_call plugin hooks
+ * to the common AgentGuard decision engine.
+ *
+ * OpenClaw plugin hooks receive an event object:
+ *   { toolName: string, params: Record<string, any>, toolCallId?: string }
+ *
+ * Blocking is done by returning { block: true, blockReason: "..." }
+ * from the before_tool_call handler.
+ */
+export declare class OpenClawAdapter implements HookAdapter {
+    readonly name = "openclaw";
+    parseInput(raw: unknown): HookInput;
+    mapToolToActionType(toolName: string): string | null;
+    buildEnvelope(input: HookInput, initiatingSkill?: string | null): ActionEnvelope | null;
+    inferInitiatingSkill(input: HookInput): Promise<string | null>;
+}
+//# sourceMappingURL=openclaw.d.ts.map

package/dist/adapters/openclaw.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"openclaw.d.ts","sourceRoot":"","sources":["../../src/adapters/openclaw.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAazD;;;;;;;;;;;GAWG;AACH,qBAAa,eAAgB,YAAW,WAAW;IACjD,QAAQ,CAAC,IAAI,cAAc;IAE3B,UAAU,CAAC,GAAG,EAAE,OAAO,GAAG,SAAS;IAUnC,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAcpD,aAAa,CAAC,KAAK,EAAE,SAAS,EAAE,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,cAAc,GAAG,IAAI;IAgEjF,oBAAoB,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CAUrE"}