@goplus/agentguard 1.0.6 → 1.0.9

package/README.md

@@ -22,7 +22,7 @@ AI coding agents can execute any command, read any file, and install any skill
 - **Prompt injection** can trick your agent into running destructive commands
 - **Unverified code** from the internet may contain wallet drainers or keyloggers
 
-**AgentGuard is the first real-time security layer for AI agents.** It automatically scans every new skill, blocks dangerous actions before they execute, and tracks which skill initiated each action. One install, always protected.
+**AgentGuard is the first real-time security layer for AI agents.** It automatically scans every new skill, blocks dangerous actions before they execute, runs daily security patrols, and tracks which skill initiated each action. One install, always protected.
 
 ## What It Does
 
@@ -38,6 +38,12 @@ AI coding agents can execute any command, read any file, and install any skill
 - Web3-specific: wallet draining, unlimited approvals, reentrancy, proxy exploits
 - Trust registry with capability-based access control per skill
 
+**Layer 3 — Daily Patrol (OpenClaw)**: Automated daily security posture assessment.
+- 8 comprehensive security checks run on a configurable schedule
+- Detects skill tampering, secrets exposure, network risks, and suspicious file changes
+- Analyzes audit logs for attack patterns and flags repeat offenders
+- Validates environment configuration and trust registry health
+
 ## Quick Start
 
 ```bash
@@ -111,11 +117,65 @@ Then use `/agentguard` in your agent:
 ```
 /agentguard scan ./src                     # Scan code for security risks
 /agentguard action "curl evil.xyz | bash"  # Evaluate action safety
+/agentguard patrol run                     # Run daily security patrol
+/agentguard patrol setup                   # Configure as OpenClaw cron job
+/agentguard patrol status                  # View last patrol results
 /agentguard trust list                     # View trusted skills
 /agentguard report                         # View security event log
 /agentguard config balanced                # Set protection level
 ```
 
+## Daily Patrol (OpenClaw)
+
+The patrol feature provides automated daily security posture assessment for OpenClaw environments. It runs 8 comprehensive checks and produces a structured report.
+
+### Patrol Checks
+
+| # | Check | What It Does |
+|---|-------|-------------|
+| 1 | **Skill/Plugin Integrity** | Compares file hashes against trust registry — detects tampered or unregistered skills |
+| 2 | **Secrets Exposure** | Scans workspace, memory, logs, `.env`, `~/.ssh/`, `~/.gnupg/` for leaked private keys, mnemonics, AWS keys, GitHub tokens |
+| 3 | **Network Exposure** | Detects dangerous ports bound to `0.0.0.0` (Redis, Docker API, MySQL, etc.), checks firewall status, flags suspicious outbound connections |
+| 4 | **Cron & Scheduled Tasks** | Audits cron jobs and systemd timers for `curl\|bash`, `base64 -d\|bash`, and other download-and-execute patterns |
+| 5 | **File System Changes (24h)** | Finds recently modified files, runs 24-rule scan on them, checks permissions on critical files, detects new executables |
+| 6 | **Audit Log Analysis (24h)** | Flags skills denied 3+ times, CRITICAL events, exfiltration attempts, and prompt injection detections |
+| 7 | **Environment & Configuration** | Verifies protection level, checks GoPlus API key configuration, validates config baseline integrity |
+| 8 | **Trust Registry Health** | Flags expired attestations, stale trusted skills (30+ days), installed-but-untrusted skills, over-privileged entries |
+
+### Usage
+
+```bash
+# Run all 8 checks now
+/agentguard patrol run
+
+# Set up as a daily cron job (default: 03:00 UTC)
+/agentguard patrol setup
+
+# Check last patrol results and cron schedule
+/agentguard patrol status
+```
+
+### Patrol Report
+
+Each patrol produces a report with an overall status:
+
+| Status | Meaning |
+|--------|---------|
+| **PASS** | Only low/medium findings |
+| **WARN** | HIGH severity findings detected |
+| **FAIL** | CRITICAL severity findings detected |
+
+Reports include per-check status, finding counts, detailed findings for checks with issues, and actionable recommendations. Results are also logged to `~/.agentguard/audit.jsonl`.
+
+### Setup Options
+
+`patrol setup` configures an OpenClaw cron job with:
+- **Timezone** — defaults to UTC
+- **Schedule** — defaults to `0 3 * * *` (daily at 03:00)
+- **Notifications** — optional Telegram, Discord, or Signal alerts
+
+> **Note:** Patrol requires an OpenClaw environment. For non-OpenClaw setups, use `/agentguard scan` and `/agentguard report` for manual security checks.
+
 ## Protection Levels
 
 | Level | Behavior |
@@ -152,7 +212,7 @@ GoPlus AgentGuard follows the [Agent Skills](https://agentskills.io) open standa
 | Platform | Support | Features |
 |----------|---------|----------|
 | **Claude Code** | Full | Skill + hooks auto-guard, transcript-based skill tracking |
-| **OpenClaw** | Full | Plugin hooks + **auto-scan on load** + tool→plugin mapping |
+| **OpenClaw** | Full | Plugin hooks + **auto-scan on load** + tool→plugin mapping + **daily patrol** |
 | **OpenAI Codex CLI** | Skill | Scan/action/trust commands |
 | **Gemini CLI** | Skill | Scan/action/trust commands |
 | **Cursor** | Skill | Scan/action/trust commands |
@@ -160,7 +220,7 @@ GoPlus AgentGuard follows the [Agent Skills](https://agentskills.io) open standa
 
 > **Hooks-based auto-guard (Layer 1)** works on Claude Code (PreToolUse/PostToolUse) and OpenClaw (before_tool_call/after_tool_call). Both platforms share the same decision engine via a unified adapter abstraction layer.
 >
-> **OpenClaw exclusive**: Auto-scans all loaded plugins at registration time and automatically registers them to the trust registry with appropriate trust levels and capabilities.
+> **OpenClaw exclusive**: Auto-scans all loaded plugins at registration time, automatically registers them to the trust registry, and supports automated daily security patrols via cron.
 
 ## Hook Limitations
 
@@ -183,6 +243,15 @@ The auto-guard hooks (Layer 1) have the following constraints:
 - [x] Safe-command allowlist to reduce hook false positives
 - [x] Plugin manifest (`.claude-plugin/`) for one-step install
 
+### v1.5 — Daily Patrol
+- [x] `patrol run` — 8-check security posture assessment
+- [x] `patrol setup` — OpenClaw cron job configuration with timezone and notifications
+- [x] `patrol status` — Last results and schedule overview
+- [x] Skill/plugin integrity verification (hash drift detection)
+- [x] Secrets exposure scanning (private keys, mnemonics, AWS keys, GitHub tokens)
+- [x] Network exposure and firewall checks
+- [x] Audit log pattern analysis (repeat denials, exfiltration attempts)
+
 ### v2.0 — Multi-Platform
 - [x] OpenClaw gateway plugin integration
 - [x] `before_tool_call` / `after_tool_call` hook wiring
@@ -201,7 +270,7 @@ The auto-guard hooks (Layer 1) have the following constraints:
 
 ## OpenClaw Integration
 
-AgentGuard provides deep integration with OpenClaw through automatic plugin scanning and trust management.
+AgentGuard provides deep integration with OpenClaw through automatic plugin scanning, trust management, and daily security patrols.
 
 <details>
 <summary><b>How it works</b></summary>
@@ -237,6 +306,15 @@ When AgentGuard registers as an OpenClaw plugin:
 │  • Check plugin trust level & capabilities                      │
 │  • Evaluate action against security policies                    │
 │  • Allow / Deny / Log                                           │
+└─────────────────────────────────────────────────────────────────┘
+                              │
+                              ▼
+┌─────────────────────────────────────────────────────────────────┐
+│  Daily patrol (via cron):                                       │
+│  • Run 8 security checks against the environment                │
+│  • Verify skill integrity, detect secrets, audit logs           │
+│  • Generate report (PASS / WARN / FAIL)                         │
+│  • Send notifications (Telegram / Discord / Signal)             │
 └─────────────────────────────────────────────────────────────────┘
 ```
 

package/dist/adapters/openclaw-plugin.d.ts

@@ -46,6 +46,8 @@ export interface OpenClawPluginOptions {
     scanner?: SkillScanner;
     /** Custom registry instance */
     registry?: SkillRegistry;
+    /** Workspace paths the session is allowed to access (e.g., ['~/.openclaw/workspace/**']) */
+    workspacePaths?: string[];
 }
 /**
  * Get plugin ID from tool name

package/dist/adapters/openclaw-plugin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"openclaw-plugin.d.ts","sourceRoot":"","sources":["../../src/adapters/openclaw-plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AASH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AA0BrD;;GAEG;AACH,UAAU,iBAAiB;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;IACtF,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;CACzH;AAkGD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,oDAAoD;IACpD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gEAAgE;IAChE,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,yCAAyC;IACzC,iBAAiB,CAAC,EAAE,MAAM,kBAAkB,CAAC;IAC7C,8BAA8B;IAC9B,OAAO,CAAC,EAAE,YAAY,CAAC;IACvB,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,aAAa,CAAC;CAC1B;AA6HD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAEnE;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,IAAI,CAEtG;AAMD;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,GAAG,EAAE,iBAAiB,EACtB,OAAO,GAAE,qBAA0B,GAClC,IAAI,CA8GN;AAED;;;;GAIG;AACH,MAAM,CAAC,OAAO,UAAU,QAAQ,CAAC,GAAG,EAAE,iBAAiB,GAAG,IAAI,CAE7D"}
+{"version":3,"file":"openclaw-plugin.d.ts","sourceRoot":"","sources":["../../src/adapters/openclaw-plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AASH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AA4BrD;;GAEG;AACH,UAAU,iBAAiB;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;IACtF,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;CACzH;AAkGD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,oDAAoD;IACpD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gEAAgE;IAChE,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,yCAAyC;IACzC,iBAAiB,CAAC,EAAE,MAAM,kBAAkB,CAAC;IAC7C,8BAA8B;IAC9B,OAAO,CAAC,EAAE,YAAY,CAAC;IACvB,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,4FAA4F;IAC5F,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AA6HD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAEnE;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,IAAI,CAEtG;AAMD;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,GAAG,EAAE,iBAAiB,EACtB,OAAO,GAAE,qBAA0B,GAClC,IAAI,CAsHN;AAED;;;;GAIG;AACH,MAAM,CAAC,OAAO,UAAU,QAAQ,CAAC,GAAG,EAAE,iBAAiB,GAAG,IAAI,CAE7D"}

package/dist/adapters/openclaw-plugin.js

@@ -67,6 +67,8 @@ const engine_js_1 = require("./engine.js");
 const common_js_1 = require("./common.js");
 const index_js_1 = require("../scanner/index.js");
 const index_js_2 = require("../registry/index.js");
+const index_js_3 = require("../action/index.js");
+const skill_js_1 = require("../types/skill.js");
 // ---------------------------------------------------------------------------
 // Auto-scan helpers (skill directories)
 // ---------------------------------------------------------------------------
@@ -263,20 +265,26 @@ function registerOpenClawPlugin(api, options = {}) {
     const logger = (msg) => console.log(msg);
     // Lazy-initialize agentguard instance
     let agentguard = null;
+    // Build default capabilities from workspacePaths so the core session
+    // can access its own workspace files without a manual registry entry.
+    const defaultCapabilities = options.workspacePaths
+        ? { ...skill_js_1.DEFAULT_CAPABILITY, filesystem_allowlist: options.workspacePaths }
+        : undefined;
     function getAgentGuard() {
         if (!agentguard) {
             if (options.agentguardFactory) {
                 agentguard = options.agentguardFactory();
             }
             else {
-                try {
-                    // eslint-disable-next-line @typescript-eslint/no-require-imports
-                    const { createAgentGuard } = require('@goplus/agentguard');
-                    agentguard = createAgentGuard();
-                }
-                catch {
-                    throw new Error('AgentGuard: unable to load engine. Install @goplus/agentguard.');
-                }
+                // Build inline — avoids require() and passes workspace defaults
+                const actionScanner = new index_js_3.ActionScanner({
+                    registry: trustRegistry,
+                    ...(defaultCapabilities ? { defaultCapabilities } : {}),
+                });
+                agentguard = {
+                    registry: trustRegistry,
+                    actionScanner,
+                };
             }
         }
         return agentguard;

package/dist/adapters/openclaw-plugin.js.map

@@ -1 +1 @@
-{"version":3,"file":"openclaw-plugin.js","sourceRoot":"","sources":["../../src/adapters/openclaw-plugin.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8RH,kDAEC;AAKD,kDAEC;AASD,wDAiHC;AAOD,2BAEC;AAxaD,qCAA6E;AAC7E,yCAAiC;AACjC,qCAAkC;AAClC,gDAAkC;AAClC,+CAAgD;AAChD,2CAA2C;AAC3C,2CAAwD;AAExD,kDAAmD;AACnD,mDAAqD;AAqCrD,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E,MAAM,mBAAmB,GAAG,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;AACnE,MAAM,iBAAiB,GAAG,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;AAC/D,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,aAAa,CAAC,CAAC;AACrF,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,cAAc,EAAE,aAAa,CAAC,CAAC;AAEvD,SAAS,mBAAmB;IAC1B,IAAI,CAAC,IAAA,oBAAU,EAAC,cAAc,CAAC,EAAE,CAAC;QAChC,IAAA,mBAAS,EAAC,cAAc,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,KAA8B;IACvD,IAAI,CAAC;QACH,mBAAmB,EAAE,CAAC;QACtB,IAAA,wBAAc,EAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,eAAe;IACjB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,SAAiB;IAC1C,IAAI,CAAC,IAAA,oBAAU,EAAC,SAAS,CAAC;QAAE,OAAO,EAAE,CAAC;IACtC,MAAM,MAAM,GAAqC,EAAE,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,qBAAW,EAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;gBAAE,SAAS;YACnC,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC7C,IAAI,IAAA,oBAAU,EAAC,IAAA,gBAAI,EAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC;gBAC3C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wBAAwB;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,iBAAiB,CAC9B,OAAqB,EACrB,SAAwB,EACxB,MAA6B;IAE7B,MAAM,MAAM,GAAG;QACb,GAAG,iBAAiB,CAAC,mBAAmB,CAAC;QACzC,GAAG,iBAAiB,CAAC,iBAAiB,CAAC;KACxC,CAAC;IAEF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IAEhC,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,YAAY;QACZ,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY;YAAE,SAAS;QAE1C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACnD,OAAO,EAAE,CAAC;YAEV,mFAAmF;YACnF,iBAAiB,CAAC;gBAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,KAAK,EAAE,WAAW;gBAClB,UAAU,EAAE,KAAK,CAAC,IAAI;gBACtB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;aAC5B,CAAC,CAAC;YAEH,MAAM,CAAC,uBAAuB,KAAK,CAAC,IAAI,MAAM,MAAM,CAAC,UAAU,UAAU,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3G,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;QAClC,CAAC;IACH,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;QAChB,MAAM,CAAC,wBAAwB,OAAO,0DAA0D,CAAC,CAAC;IACpG,CAAC;AACH,CAAC;AAsBD,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,kDAAkD;AAClD,MAAM,uBAAuB,GAAG,MAAM,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;AAE3E,oCAAoC;AACpC,MAAM,eAAe,GAAG,IAAI,GAAG,EAAkB,CAAC;AAElD,oCAAoC;AACpC,MAAM,eAAe,GAAG,IAAI,GAAG,EAAqD,CAAC;AAErF,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;GAEG;AACH,SAAS,mBAAmB;IAC1B,MAAM,WAAW,GAAG,UAEnB,CAAC;IACF,MAAM,KAAK,GAAG,WAAW,CAAC,uBAAuB,CAAC,CAAC;IACnD,OAAO,KAAK,EAAE,QAAQ,IAAI,IAAI,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,MAAc;IAClC,sEAAsE;IACtE,wBAAwB;IACxB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,qBAAqB,CAClC,MAA4B,EAC5B,OAAqB,EACrB,SAAwB,EACxB,MAA6B;IAE7B,0BAA0B;IAC1B,IAAI,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;QACnC,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAE9C,IAAI,CAAC;QACH,eAAe;QACf,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAEtD,qDAAqD;QACrD,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE;YAC7B,SAAS,EAAE,UAAU,CAAC,UAAU;YAChC,QAAQ,EAAE,UAAU,CAAC,SAAS;SAC/B,CAAC,CAAC;QAEH,8BAA8B;QAC9B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,CAAC,gCAAgC,MAAM,CAAC,EAAE,MAAM,UAAU,CAAC,UAAU,UAAU,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAE3H,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,kCAAkC;QAClC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE;YAC7B,SAAS,EAAE,SAAS;YACpB,QAAQ,EAAE,CAAC,aAAa,CAAC;SAC1B,CAAC,CAAC;QAEH,2BAA2B;QAC3B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,CAAC,wBAAwB,MAAM,CAAC,EAAE,kBAAkB,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAqB,EACrB,QAAuB,EACvB,MAA6B,EAC7B,YAAqB;IAErB,MAAM,gBAAgB,GAAG,mBAAmB,EAAE,CAAC;IAE/C,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,CAAC,yEAAyE,CAAC,CAAC;QAClF,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAClD,CAAC,CAAC,MAAM,KAAK,QAAQ;QACrB,CAAC,CAAC,OAAO;QACT,CAAC,CAAC,EAAE,KAAK,YAAY,CAAC,uBAAuB;KAC9C,CAAC;IAEF,MAAM,CAAC,8BAA8B,OAAO,CAAC,MAAM,oBAAoB,CAAC,CAAC;IAEzE,oDAAoD;IACpD,MAAM,WAAW,GAAG,CAAC,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;QACrD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;QAChD,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,qBAAqB,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAC9E,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,2CAA2C,eAAe,CAAC,IAAI,gBAAgB,CAAC,CAAC;AAC1F,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,QAAgB;IAClD,OAAO,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,QAAgB;IAClD,OAAO,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;GAEG;AACH,SAAgB,sBAAsB,CACpC,GAAsB,EACtB,UAAiC,EAAE;IAEnC,MAAM,OAAO,GAAG,IAAI,6BAAe,EAAE,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,IAAA,sBAAU,GAAE,CAAC;IACvE,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,uBAAY,CAAC,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,CAAC;IACnF,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAI,wBAAa,EAAE,CAAC;IAE9D,gBAAgB;IAChB,MAAM,MAAM,GAAG,CAAC,GAAW,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAEjD,sCAAsC;IACtC,IAAI,UAAU,GAA8B,IAAI,CAAC;IAEjD,SAAS,aAAa;QACpB,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;gBAC9B,UAAU,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;YAC3C,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC;oBACH,iEAAiE;oBACjE,MAAM,EAAE,gBAAgB,EAAE,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;oBAC3D,UAAU,GAAG,gBAAgB,EAAE,CAAC;gBAClC,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;gBACpF,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,UAAW,CAAC;IACrB,CAAC;IAED,kEAAkE;IAClE,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;QACnC,kEAAkE;QAClE,YAAY,CAAC,KAAK,IAAI,EAAE;YACtB,IAAI,CAAC;gBACH,MAAM,cAAc,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAC/D,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,wCAAwC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,iEAAiE;IACjE,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;QACnC,GAAG,CAAC,EAAE,CAAC,eAAe,EAAE,KAAK,IAAI,EAAE;YACjC,IAAI,CAAC;gBACH,MAAM,iBAAiB,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;YAC1D,CAAC;YAAC,MAAM,CAAC;gBACP,6CAA6C;YAC/C,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,mDAAmD;IACnD,GAAG,CAAC,EAAE,CAAC,kBAAkB,EAAE,KAAK,EAAE,KAAc,EAAE,EAAE;QAClD,IAAI,CAAC;YACH,qCAAqC;YACrC,MAAM,SAAS,GAAG,KAA8B,CAAC;YACjD,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,mBAAmB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAErF,+BAA+B;YAC/B,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,UAAU,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;gBACjD,IAAI,UAAU,EAAE,SAAS,KAAK,UAAU,EAAE,CAAC;oBACzC,OAAO;wBACL,KAAK,EAAE,IAAI;wBACX,WAAW,EAAE,8BAA8B,QAAQ,oGAAoG;qBACxJ,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAY,EAAC,OAAO,EAAE,KAAK,EAAE;gBAChD,MAAM;gBACN,UAAU,EAAE,aAAa,EAAE;aAC5B,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;gBAC/B,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,WAAW,EAAE,MAAM,CAAC,MAAM,IAAI,8BAA8B;iBAC7D,CAAC;YACJ,CAAC;YAED,yEAAyE;YACzE,IAAI,MAAM,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;gBAC9B,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,WAAW,EAAE,MAAM,CAAC,MAAM,IAAI,2CAA2C;iBAC1E,CAAC;YACJ,CAAC;YAED,OAAO,SAAS,CAAC,CAAC,QAAQ;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;YACZ,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,8BAA8B;IAC9B,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,KAAK,EAAE,KAAc,EAAE,EAAE;QACjD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACxC,MAAM,SAAS,GAAG,KAA8B,CAAC;YACjD,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,mBAAmB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACrF,IAAA,yBAAa,EAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,eAAe;QACjB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,4DAA4D,MAAM,CAAC,KAAK,IAAI,UAAU,GAAG,CAAC,CAAC;AACpG,CAAC;AAED;;;;GAIG;AACH,SAAwB,QAAQ,CAAC,GAAsB;IACrD,sBAAsB,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC"}
+{"version":3,"file":"openclaw-plugin.js","sourceRoot":"","sources":["../../src/adapters/openclaw-plugin.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkSH,kDAEC;AAKD,kDAEC;AASD,wDAyHC;AAOD,2BAEC;AApbD,qCAA6E;AAC7E,yCAAiC;AACjC,qCAAkC;AAClC,gDAAkC;AAClC,+CAAgD;AAChD,2CAA2C;AAC3C,2CAAwD;AAExD,kDAAmD;AACnD,mDAAqD;AACrD,iDAAmD;AACnD,gDAAuD;AAqCvD,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E,MAAM,mBAAmB,GAAG,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;AACnE,MAAM,iBAAiB,GAAG,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;AAC/D,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,aAAa,CAAC,CAAC;AACrF,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,cAAc,EAAE,aAAa,CAAC,CAAC;AAEvD,SAAS,mBAAmB;IAC1B,IAAI,CAAC,IAAA,oBAAU,EAAC,cAAc,CAAC,EAAE,CAAC;QAChC,IAAA,mBAAS,EAAC,cAAc,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,KAA8B;IACvD,IAAI,CAAC;QACH,mBAAmB,EAAE,CAAC;QACtB,IAAA,wBAAc,EAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,eAAe;IACjB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,SAAiB;IAC1C,IAAI,CAAC,IAAA,oBAAU,EAAC,SAAS,CAAC;QAAE,OAAO,EAAE,CAAC;IACtC,MAAM,MAAM,GAAqC,EAAE,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,qBAAW,EAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;gBAAE,SAAS;YACnC,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC7C,IAAI,IAAA,oBAAU,EAAC,IAAA,gBAAI,EAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC;gBAC3C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wBAAwB;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,iBAAiB,CAC9B,OAAqB,EACrB,SAAwB,EACxB,MAA6B;IAE7B,MAAM,MAAM,GAAG;QACb,GAAG,iBAAiB,CAAC,mBAAmB,CAAC;QACzC,GAAG,iBAAiB,CAAC,iBAAiB,CAAC;KACxC,CAAC;IAEF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IAEhC,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,YAAY;QACZ,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY;YAAE,SAAS;QAE1C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACnD,OAAO,EAAE,CAAC;YAEV,mFAAmF;YACnF,iBAAiB,CAAC;gBAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,KAAK,EAAE,WAAW;gBAClB,UAAU,EAAE,KAAK,CAAC,IAAI;gBACtB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;aAC5B,CAAC,CAAC;YAEH,MAAM,CAAC,uBAAuB,KAAK,CAAC,IAAI,MAAM,MAAM,CAAC,UAAU,UAAU,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3G,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;QAClC,CAAC;IACH,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;QAChB,MAAM,CAAC,wBAAwB,OAAO,0DAA0D,CAAC,CAAC;IACpG,CAAC;AACH,CAAC;AAwBD,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,kDAAkD;AAClD,MAAM,uBAAuB,GAAG,MAAM,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;AAE3E,oCAAoC;AACpC,MAAM,eAAe,GAAG,IAAI,GAAG,EAAkB,CAAC;AAElD,oCAAoC;AACpC,MAAM,eAAe,GAAG,IAAI,GAAG,EAAqD,CAAC;AAErF,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;GAEG;AACH,SAAS,mBAAmB;IAC1B,MAAM,WAAW,GAAG,UAEnB,CAAC;IACF,MAAM,KAAK,GAAG,WAAW,CAAC,uBAAuB,CAAC,CAAC;IACnD,OAAO,KAAK,EAAE,QAAQ,IAAI,IAAI,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,MAAc;IAClC,sEAAsE;IACtE,wBAAwB;IACxB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,qBAAqB,CAClC,MAA4B,EAC5B,OAAqB,EACrB,SAAwB,EACxB,MAA6B;IAE7B,0BAA0B;IAC1B,IAAI,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;QACnC,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAE9C,IAAI,CAAC;QACH,eAAe;QACf,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAEtD,qDAAqD;QACrD,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE;YAC7B,SAAS,EAAE,UAAU,CAAC,UAAU;YAChC,QAAQ,EAAE,UAAU,CAAC,SAAS;SAC/B,CAAC,CAAC;QAEH,8BAA8B;QAC9B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,CAAC,gCAAgC,MAAM,CAAC,EAAE,MAAM,UAAU,CAAC,UAAU,UAAU,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAE3H,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,kCAAkC;QAClC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE;YAC7B,SAAS,EAAE,SAAS;YACpB,QAAQ,EAAE,CAAC,aAAa,CAAC;SAC1B,CAAC,CAAC;QAEH,2BAA2B;QAC3B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,CAAC,wBAAwB,MAAM,CAAC,EAAE,kBAAkB,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAqB,EACrB,QAAuB,EACvB,MAA6B,EAC7B,YAAqB;IAErB,MAAM,gBAAgB,GAAG,mBAAmB,EAAE,CAAC;IAE/C,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,CAAC,yEAAyE,CAAC,CAAC;QAClF,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAClD,CAAC,CAAC,MAAM,KAAK,QAAQ;QACrB,CAAC,CAAC,OAAO;QACT,CAAC,CAAC,EAAE,KAAK,YAAY,CAAC,uBAAuB;KAC9C,CAAC;IAEF,MAAM,CAAC,8BAA8B,OAAO,CAAC,MAAM,oBAAoB,CAAC,CAAC;IAEzE,oDAAoD;IACpD,MAAM,WAAW,GAAG,CAAC,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;QACrD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;QAChD,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,qBAAqB,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAC9E,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,2CAA2C,eAAe,CAAC,IAAI,gBAAgB,CAAC,CAAC;AAC1F,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,QAAgB;IAClD,OAAO,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,QAAgB;IAClD,OAAO,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;GAEG;AACH,SAAgB,sBAAsB,CACpC,GAAsB,EACtB,UAAiC,EAAE;IAEnC,MAAM,OAAO,GAAG,IAAI,6BAAe,EAAE,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,IAAA,sBAAU,GAAE,CAAC;IACvE,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,uBAAY,CAAC,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,CAAC;IACnF,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAI,wBAAa,EAAE,CAAC;IAE9D,gBAAgB;IAChB,MAAM,MAAM,GAAG,CAAC,GAAW,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAEjD,sCAAsC;IACtC,IAAI,UAAU,GAA8B,IAAI,CAAC;IAEjD,qEAAqE;IACrE,sEAAsE;IACtE,MAAM,mBAAmB,GAAG,OAAO,CAAC,cAAc;QAChD,CAAC,CAAC,EAAE,GAAG,6BAAkB,EAAE,oBAAoB,EAAE,OAAO,CAAC,cAAc,EAAE;QACzE,CAAC,CAAC,SAAS,CAAC;IAEd,SAAS,aAAa;QACpB,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;gBAC9B,UAAU,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;YAC3C,CAAC;iBAAM,CAAC;gBACN,gEAAgE;gBAChE,MAAM,aAAa,GAAG,IAAI,wBAAa,CAAC;oBACtC,QAAQ,EAAE,aAAa;oBACvB,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACxD,CAAC,CAAC;gBACH,UAAU,GAAG;oBACX,QAAQ,EAAE,aAA0D;oBACpE,aAAa;iBACd,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,UAAW,CAAC;IACrB,CAAC;IAED,kEAAkE;IAClE,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;QACnC,kEAAkE;QAClE,YAAY,CAAC,KAAK,IAAI,EAAE;YACtB,IAAI,CAAC;gBACH,MAAM,cAAc,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAC/D,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,wCAAwC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,iEAAiE;IACjE,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;QACnC,GAAG,CAAC,EAAE,CAAC,eAAe,EAAE,KAAK,IAAI,EAAE;YACjC,IAAI,CAAC;gBACH,MAAM,iBAAiB,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;YAC1D,CAAC;YAAC,MAAM,CAAC;gBACP,6CAA6C;YAC/C,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,mDAAmD;IACnD,GAAG,CAAC,EAAE,CAAC,kBAAkB,EAAE,KAAK,EAAE,KAAc,EAAE,EAAE;QAClD,IAAI,CAAC;YACH,qCAAqC;YACrC,MAAM,SAAS,GAAG,KAA8B,CAAC;YACjD,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,mBAAmB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAErF,+BAA+B;YAC/B,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,UAAU,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;gBACjD,IAAI,UAAU,EAAE,SAAS,KAAK,UAAU,EAAE,CAAC;oBACzC,OAAO;wBACL,KAAK,EAAE,IAAI;wBACX,WAAW,EAAE,8BAA8B,QAAQ,oGAAoG;qBACxJ,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAY,EAAC,OAAO,EAAE,KAAK,EAAE;gBAChD,MAAM;gBACN,UAAU,EAAE,aAAa,EAAE;aAC5B,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;gBAC/B,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,WAAW,EAAE,MAAM,CAAC,MAAM,IAAI,8BAA8B;iBAC7D,CAAC;YACJ,CAAC;YAED,yEAAyE;YACzE,IAAI,MAAM,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;gBAC9B,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,WAAW,EAAE,MAAM,CAAC,MAAM,IAAI,2CAA2C;iBAC1E,CAAC;YACJ,CAAC;YAED,OAAO,SAAS,CAAC,CAAC,QAAQ;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;YACZ,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,8BAA8B;IAC9B,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,KAAK,EAAE,KAAc,EAAE,EAAE;QACjD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACxC,MAAM,SAAS,GAAG,KAA8B,CAAC;YACjD,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,mBAAmB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACrF,IAAA,yBAAa,EAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,eAAe;QACjB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,4DAA4D,MAAM,CAAC,KAAK,IAAI,UAAU,GAAG,CAAC,CAAC;AACpG,CAAC;AAED;;;;GAIG;AACH,SAAwB,QAAQ,CAAC,GAAsB;IACrD,sBAAsB,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC"}

package/dist/index.d.ts

@@ -16,12 +16,15 @@ export { ClaudeCodeAdapter, OpenClawAdapter, evaluateHook, registerOpenClawPlugi
 import { SkillScanner } from './scanner/index.js';
 import { SkillRegistry } from './registry/index.js';
 import { ActionScanner } from './action/index.js';
+import type { CapabilityModel } from './types/skill.js';
 /**
  * Create a complete AgentGuard instance with all modules
  */
 export declare function createAgentGuard(options?: {
     registryPath?: string;
     useExternalScanner?: boolean;
+    /** Default capabilities used when no registry record is found for an actor */
+    defaultCapabilities?: CapabilityModel;
 }): {
     scanner: SkillScanner;
     registry: SkillRegistry;

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,cAAc,kBAAkB,CAAC;AAGjC,OAAO,EAAE,YAAY,EAAE,KAAK,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACvE,OAAO,EACL,aAAa,EACb,eAAe,EACf,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,YAAY,GAClB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,aAAa,EACb,YAAY,EACZ,KAAK,oBAAoB,GAC1B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,qBAAqB,EACrB,kBAAkB,EAClB,KAAK,YAAY,GAClB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,kBAAkB,GACnB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,YAAY,EACZ,sBAAsB,EACtB,UAAU,EACV,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,aAAa,GACnB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,CAAC,EAAE;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;;;;EAgBA;AAGD,eAAe,gBAAgB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,cAAc,kBAAkB,CAAC;AAGjC,OAAO,EAAE,YAAY,EAAE,KAAK,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACvE,OAAO,EACL,aAAa,EACb,eAAe,EACf,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,YAAY,GAClB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,aAAa,EACb,YAAY,EACZ,KAAK,oBAAoB,GAC1B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,qBAAqB,EACrB,kBAAkB,EAClB,KAAK,YAAY,GAClB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,kBAAkB,GACnB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,YAAY,EACZ,sBAAsB,EACtB,UAAU,EACV,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,aAAa,GACnB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,CAAC,EAAE;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,8EAA8E;IAC9E,mBAAmB,CAAC,EAAE,eAAe,CAAC;CACvC;;;;EAmBA;AAGD,eAAe,gBAAgB,CAAC"}

package/dist/index.js

@@ -69,7 +69,10 @@ function createAgentGuard(options) {
     const scanner = new index_js_5.SkillScanner({
         useExternalScanner: options?.useExternalScanner ?? true,
     });
-    const actionScanner = new index_js_7.ActionScanner({ registry });
+    const actionScanner = new index_js_7.ActionScanner({
+        registry,
+        defaultCapabilities: options?.defaultCapabilities,
+    });
     return {
         scanner,
         registry,

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;AA4DH,4CAmBC;AA7ED,eAAe;AACf,mDAAiC;AAEjC,iBAAiB;AACjB,+CAAuE;AAA9D,wGAAA,YAAY,OAAA;AACrB,gDAO6B;AAN3B,yGAAA,aAAa,OAAA;AACb,2GAAA,eAAe,OAAA;AAMjB,8CAI2B;AAHzB,yGAAA,aAAa,OAAA;AACb,wGAAA,YAAY,OAAA;AAId,wBAAwB;AACxB,kDAM6B;AAL3B,8GAAA,gBAAgB,OAAA;AAChB,oHAAA,sBAAsB,OAAA;AACtB,mHAAA,qBAAqB,OAAA;AACrB,gHAAA,kBAAkB,OAAA;AAIpB,2BAA2B;AAC3B,mDAM6B;AAL3B,oHAAA,qBAAqB,OAAA;AACrB,gHAAA,iBAAiB,OAAA;AACjB,4GAAA,aAAa,OAAA;AACb,8GAAA,eAAe,OAAA;AACf,iHAAA,kBAAkB,OAAA;AAGpB,gDAAgD;AAChD,gDAU6B;AAT3B,6GAAA,iBAAiB,OAAA;AACjB,2GAAA,eAAe,OAAA;AACf,wGAAA,YAAY,OAAA;AACZ,kHAAA,sBAAsB,OAAA;AACtB,sGAAA,UAAU,OAAA;AAOZ,gCAAgC;AAChC,iDAAkD;AAClD,kDAAoD;AACpD,gDAAkD;AAElD;;GAEG;AACH,SAAgB,gBAAgB,CAAC,OAGhC;IACC,MAAM,QAAQ,GAAG,IAAI,wBAAa,CAAC;QACjC,QAAQ,EAAE,OAAO,EAAE,YAAY;KAChC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,uBAAY,CAAC;QAC/B,kBAAkB,EAAE,OAAO,EAAE,kBAAkB,IAAI,IAAI;KACxD,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,IAAI,wBAAa,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAEtD,OAAO;QACL,OAAO;QACP,QAAQ;QACR,aAAa;KACd,CAAC;AACJ,CAAC;AAED,iBAAiB;AACjB,kBAAe,gBAAgB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;AA6DH,4CAwBC;AAnFD,eAAe;AACf,mDAAiC;AAEjC,iBAAiB;AACjB,+CAAuE;AAA9D,wGAAA,YAAY,OAAA;AACrB,gDAO6B;AAN3B,yGAAA,aAAa,OAAA;AACb,2GAAA,eAAe,OAAA;AAMjB,8CAI2B;AAHzB,yGAAA,aAAa,OAAA;AACb,wGAAA,YAAY,OAAA;AAId,wBAAwB;AACxB,kDAM6B;AAL3B,8GAAA,gBAAgB,OAAA;AAChB,oHAAA,sBAAsB,OAAA;AACtB,mHAAA,qBAAqB,OAAA;AACrB,gHAAA,kBAAkB,OAAA;AAIpB,2BAA2B;AAC3B,mDAM6B;AAL3B,oHAAA,qBAAqB,OAAA;AACrB,gHAAA,iBAAiB,OAAA;AACjB,4GAAA,aAAa,OAAA;AACb,8GAAA,eAAe,OAAA;AACf,iHAAA,kBAAkB,OAAA;AAGpB,gDAAgD;AAChD,gDAU6B;AAT3B,6GAAA,iBAAiB,OAAA;AACjB,2GAAA,eAAe,OAAA;AACf,wGAAA,YAAY,OAAA;AACZ,kHAAA,sBAAsB,OAAA;AACtB,sGAAA,UAAU,OAAA;AAOZ,gCAAgC;AAChC,iDAAkD;AAClD,kDAAoD;AACpD,gDAAkD;AAGlD;;GAEG;AACH,SAAgB,gBAAgB,CAAC,OAKhC;IACC,MAAM,QAAQ,GAAG,IAAI,wBAAa,CAAC;QACjC,QAAQ,EAAE,OAAO,EAAE,YAAY;KAChC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,uBAAY,CAAC;QAC/B,kBAAkB,EAAE,OAAO,EAAE,kBAAkB,IAAI,IAAI;KACxD,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,IAAI,wBAAa,CAAC;QACtC,QAAQ;QACR,mBAAmB,EAAE,OAAO,EAAE,mBAAmB;KAClD,CAAC,CAAC;IAEH,OAAO;QACL,OAAO;QACP,QAAQ;QACR,aAAa;KACd,CAAC;AACJ,CAAC;AAED,iBAAiB;AACjB,kBAAe,gBAAgB,CAAC"}

package/package.json

@@ -1,9 +1,14 @@
 {
   "name": "@goplus/agentguard",
-  "version": "1.0.6",
+  "version": "1.0.9",
   "description": "GoPlus AgentGuard — Security guard for AI agents. Blocks dangerous commands, prevents data leaks, protects secrets. 20 detection rules, runtime action evaluation, trust registry.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
+  "openclaw": {
+    "extensions": [
+      "./dist/index.js"
+    ]
+  },
   "bin": {
     "agentguard": "./dist/mcp-server.js"
   },

package/skills/agentguard/.clawignore

@@ -0,0 +1,6 @@
+node_modules/
+scripts/node_modules/
+scripts/package-lock.json
+scripts/data/registry.json
+*.log
+.DS_Store

package/skills/agentguard/README.md

@@ -0,0 +1,31 @@
+# GoPlus AgentGuard
+
+AI Agent Security Guard — protect your AI agents from dangerous commands, data leaks, and malicious skills.
+
+## Features
+
+- **Code Scanning** — 24 detection rules covering shell injection, credential leaks, prompt injection, Web3 exploits, and more
+- **Action Evaluation** — Real-time allow/deny/confirm decisions for runtime actions (network, exec, file, Web3)
+- **Trust Registry** — Manage skill trust levels with capability-based access control
+- **Security Patrol** — Automated daily security checks for OpenClaw environments
+- **Audit Logging** — Full security event trail with reporting
+
+## Usage
+
+```
+/agentguard scan <path>          — Scan code for security risks
+/agentguard action <description> — Evaluate runtime action safety
+/agentguard patrol [run|setup|status] — Daily security patrol
+/agentguard trust <subcommand>   — Manage skill trust levels
+/agentguard report               — View security event audit log
+/agentguard config <level>       — Set protection level (strict/balanced/permissive)
+```
+
+## Requirements
+
+- Node.js 18+
+- Optional: GoPlus API credentials for enhanced Web3 transaction simulation
+
+## Author
+
+Built by [GoPlus Security](https://gopluslabs.io) — the leading Web3 security infrastructure provider.

package/skills/agentguard/SKILL.md

@@ -1,15 +1,15 @@
 ---
 name: agentguard
-description: GoPlus AgentGuard — AI agent security guard. Automatically blocks dangerous commands, prevents data leaks, and protects secrets. Use when reviewing third-party code, auditing skills, checking for vulnerabilities, evaluating action safety, or viewing security logs.
+description: GoPlus AgentGuard — AI agent security guard. Automatically blocks dangerous commands, prevents data leaks, and protects secrets. Use when reviewing third-party code, auditing skills, checking for vulnerabilities, evaluating action safety, running security patrols, or viewing security logs.
 license: MIT
 compatibility: Requires Node.js 18+. Optional GoPlus API credentials for enhanced Web3 simulation.
 metadata:
   author: GoPlusSecurity
-  version: "1.0"
+  version: "1.1"
   optional_env: "GOPLUS_API_KEY, GOPLUS_API_SECRET (for Web3 transaction simulation only)"
 user-invocable: true
-allowed-tools: Read, Grep, Glob, Bash(node scripts/trust-cli.ts *) Bash(node scripts/action-cli.ts *)
-argument-hint: "[scan|action|trust|report|config] [args...]"
+allowed-tools: Read, Grep, Glob, Bash(node scripts/trust-cli.ts *) Bash(node scripts/action-cli.ts *) Bash(openclaw *) Bash(ss *) Bash(lsof *) Bash(ufw *) Bash(iptables *) Bash(crontab *) Bash(systemctl list-timers *) Bash(find *) Bash(stat *) Bash(env) Bash(sha256sum *)
+argument-hint: "[scan|action|patrol|trust|report|config] [args...]"
 ---
 
 # GoPlus AgentGuard — AI Agent Security Framework
@@ -22,6 +22,7 @@ Parse `$ARGUMENTS` to determine the subcommand:
 
 - **`scan <path>`** — Scan a skill or codebase for security risks
 - **`action <description>`** — Evaluate whether a runtime action is safe
+- **`patrol [run|setup|status]`** — Daily security patrol for OpenClaw environments
 - **`trust <lookup|attest|revoke|list> [args]`** — Manage skill trust levels
 - **`report`** — View recent security events from the audit log
 - **`config <strict|balanced|permissive>`** — Set protection level
@@ -30,6 +31,8 @@ If no subcommand is given, or the first argument is a path, default to **scan**.
 
 ---
 
+# Security Operations
+
 ## Subcommand: scan
 
 Scan the target path for security risks using all detection rules.
@@ -220,6 +223,227 @@ Always combine script results with the policy-based checks (webhook domains, sec
 
 ---
 
+## Subcommand: patrol
+
+**OpenClaw-specific daily security patrol.** Runs 8 automated checks that leverage AgentGuard's scan engine, trust registry, and audit log to assess the security posture of an OpenClaw deployment.
+
+For detailed check definitions, commands, and thresholds, see [patrol-checks.md](patrol-checks.md).
+
+### Sub-subcommands
+
+- **`patrol`** or **`patrol run`** — Execute all 8 checks and output a patrol report
+- **`patrol setup`** — Configure as an OpenClaw daily cron job
+- **`patrol status`** — Show last patrol results and cron schedule
+
+### Pre-flight: OpenClaw Detection
+
+Before running any checks, verify the OpenClaw environment:
+
+1. Check for `$OPENCLAW_STATE_DIR` env var, fall back to `~/.openclaw/`
+2. Verify the directory exists and contains `openclaw.json`
+3. Check if `openclaw` CLI is available in PATH
+
+If OpenClaw is not detected, output:
+```
+This command requires an OpenClaw environment. Detected: <what was found/missing>
+For non-OpenClaw environments, use /agentguard scan and /agentguard report instead.
+```
+
+Set `$OC` to the resolved OpenClaw state directory for all subsequent checks.
+
+### The 8 Patrol Checks
+
+#### [1] Skill/Plugin Integrity
+
+Detect tampered or unregistered skill packages by comparing file hashes against the trust registry.
+
+**Steps**:
+1. Discover skill directories under `$OC/skills/` (look for dirs containing `SKILL.md`)
+2. For each skill, compute hash: `node scripts/trust-cli.ts hash --path <skill_dir>`
+3. Look up the attested hash: `node scripts/trust-cli.ts lookup --source <skill_dir>`
+4. If hash differs from attested → **INTEGRITY_DRIFT** (HIGH)
+5. If skill has no trust record → **UNREGISTERED_SKILL** (MEDIUM)
+6. For drifted skills, run the scan rules against the changed files to detect new threats
+
+#### [2] Secrets Exposure
+
+Scan workspace files for leaked secrets using AgentGuard's own detection patterns.
+
+**Steps**:
+1. Use Grep to scan `$OC/workspace/` (especially `memory/` and `logs/`) with patterns from:
+   - scan-rules.md Rule 7 (PRIVATE_KEY_PATTERN): `0x[a-fA-F0-9]{64}` in quotes
+   - scan-rules.md Rule 8 (MNEMONIC_PATTERN): BIP-39 word sequences, `seed_phrase`, `mnemonic`
+   - scan-rules.md Rule 5 (READ_SSH_KEYS): SSH key file references in workspace
+   - action-policies.md secret patterns: AWS keys (`AKIA...`), GitHub tokens (`gh[pousr]_...`), DB connection strings
+2. Scan any `.env*` files under `$OC/` for plaintext credentials
+3. Check `~/.ssh/` and `~/.gnupg/` directory permissions (should be 700)
+
+#### [3] Network Exposure
+
+Detect dangerous port exposure and firewall misconfigurations.
+
+**Steps**:
+1. List listening ports: `ss -tlnp` or `lsof -i -P -n | grep LISTEN`
+2. Flag high-risk services on 0.0.0.0: Redis(6379), Docker API(2375), MySQL(3306), PostgreSQL(5432), MongoDB(27017)
+3. Check firewall status: `ufw status` or `iptables -L INPUT -n`
+4. Check outbound connections (`ss -tnp state established`) and cross-reference against action-policies.md webhook/exfil domain list and high-risk TLDs
+
+#### [4] Cron & Scheduled Tasks
+
+Audit all cron jobs for download-and-execute patterns.
+
+**Steps**:
+1. List OpenClaw cron jobs: `openclaw cron list`
+2. List system crontab: `crontab -l` and contents of `/etc/cron.d/`
+3. List systemd timers: `systemctl list-timers --all`
+4. Scan all cron command bodies using scan-rules.md Rule 2 (AUTO_UPDATE) patterns: `curl|bash`, `wget|sh`, `eval "$(curl`, `base64 -d | bash`
+5. Flag unknown cron jobs that touch `$OC/` directories
+
+#### [5] File System Changes (24h)
+
+Detect suspicious file modifications in the last 24 hours.
+
+**Steps**:
+1. Find recently modified files: `find $OC/ ~/.ssh/ ~/.gnupg/ /etc/cron.d/ -type f -mtime -1`
+2. For modified files with scannable extensions (.js/.ts/.py/.sh/.md/.json), run the full scan rule set
+3. Check permissions on critical files:
+   - `$OC/openclaw.json` → should be 600
+   - `$OC/devices/paired.json` → should be 600
+   - `~/.ssh/authorized_keys` → should be 600
+4. Detect new executable files in workspace: `find $OC/workspace/ -type f -perm +111 -mtime -1`
+
+#### [6] Audit Log Analysis (24h)
+
+Analyze AgentGuard's audit trail for attack patterns.
+
+**Steps**:
+1. Read `~/.agentguard/audit.jsonl`, filter to last 24h by timestamp
+2. Compute statistics: total events, deny/confirm/allow counts, group denials by `risk_tags` and `initiating_skill`
+3. Flag patterns:
+   - Same skill denied 3+ times → potential attack (HIGH)
+   - Any event with `risk_level: critical` → (CRITICAL)
+   - `WEBHOOK_EXFIL` or `NET_EXFIL_UNRESTRICTED` tags → (HIGH)
+   - `PROMPT_INJECTION` tag → (CRITICAL)
+4. For skills with high deny rates still not revoked: recommend `/agentguard trust revoke`
+
+#### [7] Environment & Configuration
+
+Verify security configuration is production-appropriate.
+
+**Steps**:
+1. List environment variables matching sensitive names (values masked): `API_KEY`, `SECRET`, `PASSWORD`, `TOKEN`, `PRIVATE`, `CREDENTIAL`
+2. Check if `GOPLUS_API_KEY`/`GOPLUS_API_SECRET` are configured (if Web3 features are in use)
+3. Read `~/.agentguard/config.json` — flag `permissive` protection level in production
+4. If `$OC/.config-baseline.sha256` exists, verify: `sha256sum -c $OC/.config-baseline.sha256`
+
+#### [8] Trust Registry Health
+
+Check for expired, stale, or over-privileged trust records.
+
+**Steps**:
+1. List all records: `node scripts/trust-cli.ts list`
+2. Flag:
+   - Expired attestations (`expires_at` in the past)
+   - Trusted skills not re-scanned in 30+ days
+   - Installed skills with `untrusted` status
+   - Over-privileged skills: `exec: allow` combined with `network_allowlist: ["*"]`
+3. Output registry statistics: total records, distribution by trust level
+
+### Patrol Report Format
+
+```
+## GoPlus AgentGuard Patrol Report
+
+**Timestamp**: <ISO datetime>
+**OpenClaw Home**: <$OC path>
+**Protection Level**: <current level>
+**Overall Status**: PASS | WARN | FAIL
+
+### Check Results
+
+| # | Check | Status | Findings | Severity |
+|---|-------|--------|----------|----------|
+| 1 | Skill/Plugin Integrity | PASS/WARN/FAIL | <count> | <highest> |
+| 2 | Secrets Exposure | ... | ... | ... |
+| 3 | Network Exposure | ... | ... | ... |
+| 4 | Cron & Scheduled Tasks | ... | ... | ... |
+| 5 | File System Changes | ... | ... | ... |
+| 6 | Audit Log Analysis | ... | ... | ... |
+| 7 | Environment & Config | ... | ... | ... |
+| 8 | Trust Registry Health | ... | ... | ... |
+
+### Findings Detail
+(only checks with findings are shown)
+
+#### [N] Check Name
+- <finding with file path, evidence, and severity>
+
+### Recommendations
+1. [SEVERITY] <actionable recommendation>
+
+### Next Patrol
+<Cron schedule if configured, or suggest: /agentguard patrol setup>
+```
+
+**Overall status**: Any CRITICAL → **FAIL**, any HIGH → **WARN**, else **PASS**
+
+After outputting the report, append a summary entry to `~/.agentguard/audit.jsonl`:
+```json
+{"timestamp":"...","event":"patrol","overall_status":"PASS|WARN|FAIL","checks":8,"findings":<count>,"critical":<count>,"high":<count>}
+```
+
+### patrol setup
+
+Configure the patrol as an OpenClaw daily cron job.
+
+**Steps**:
+
+1. Verify OpenClaw environment (same pre-flight as `patrol run`)
+2. Ask the user for:
+   - **Timezone** (default: UTC). Examples: `Asia/Shanghai`, `America/New_York`, `Europe/London`
+   - **Schedule** (default: `0 3 * * *` — daily at 03:00)
+   - **Notification channel** (optional): `telegram`, `discord`, `signal`
+   - **Chat ID / webhook** (required if channel is set)
+3. Generate the cron registration command:
+
+```bash
+openclaw cron add \
+  --name "agentguard-patrol" \
+  --description "GoPlus AgentGuard daily security patrol" \
+  --cron "<schedule>" \
+  --tz "<timezone>" \
+  --session "isolated" \
+  --message "/agentguard patrol run" \
+  --timeout-seconds 300 \
+  --thinking off \
+  # Only include these if notification is configured:
+  --announce \
+  --channel <channel> \
+  --to <chat-id>
+```
+
+4. **Show the exact command to the user and wait for explicit confirmation** before executing
+5. After execution, verify with `openclaw cron list`
+6. Output confirmation with the cron schedule
+
+> **Note**: `--timeout-seconds 300` is required because isolated sessions need cold-start time. The default 120s is not enough.
+
+### patrol status
+
+Show the current patrol state.
+
+**Steps**:
+
+1. Read `~/.agentguard/audit.jsonl`, find the most recent `event: "patrol"` entry
+2. If found, display: timestamp, overall status, finding counts
+3. Run `openclaw cron list` and look for `agentguard-patrol` job
+4. If cron is configured, show: schedule, timezone, last run time, next run time
+5. If cron is not configured, suggest: `/agentguard patrol setup`
+
+---
+
+# Trust & Configuration
+
 ## Subcommand: trust
 
 Manage skill trust levels using the GoPlus AgentGuard registry.
@@ -280,6 +504,35 @@ If scripts are not available, help the user inspect `data/registry.json` directl
 
 ---
 
+## Subcommand: config
+
+Set the GoPlus AgentGuard protection level.
+
+### Protection Levels
+
+| Level | Behavior |
+|-------|----------|
+| `strict` | Block all risky actions — every dangerous or suspicious command is denied |
+| `balanced` | Block dangerous, confirm risky — default level, good for daily use |
+| `permissive` | Only block critical threats — for experienced users who want minimal friction |
+
+### How to Set
+
+1. Read `$ARGUMENTS` to get the desired level
+2. Write the config to `~/.agentguard/config.json`:
+
+```json
+{"level": "balanced"}
+```
+
+3. Confirm the change to the user
+
+If no level is specified, read and display the current config.
+
+---
+
+# Reporting
+
 ## Subcommand: report
 
 Display recent security events from the GoPlus AgentGuard audit log.
@@ -335,34 +588,7 @@ If the log file doesn't exist, inform the user that no security events have been
 
 ---
 
-## Subcommand: config
-
-Set the GoPlus AgentGuard protection level.
-
-### Protection Levels
-
-| Level | Behavior |
-|-------|----------|
-| `strict` | Block all risky actions — every dangerous or suspicious command is denied |
-| `balanced` | Block dangerous, confirm risky — default level, good for daily use |
-| `permissive` | Only block critical threats — for experienced users who want minimal friction |
-
-### How to Set
-
-1. Read `$ARGUMENTS` to get the desired level
-2. Write the config to `~/.agentguard/config.json`:
-
-```json
-{"level": "balanced"}
-```
-
-3. Confirm the change to the user
-
-If no level is specified, read and display the current config.
-
----
-
-## Auto-Scan on Session Start (Opt-In)
+# Auto-Scan on Session Start (Opt-In)
 
 AgentGuard can optionally scan installed skills at session startup. **This is disabled by default** and must be explicitly enabled:
 

package/skills/agentguard/patrol-checks.md

@@ -0,0 +1,334 @@
+# Patrol Check Reference — OpenClaw Daily Security Patrol
+
+Detailed commands, patterns, and thresholds for the 8 patrol checks. This document is the reference for the `patrol` subcommand.
+
+**Path convention**: `$OC` = `${OPENCLAW_STATE_DIR:-$HOME/.openclaw}`
+
+---
+
+## Check 1: Skill/Plugin Integrity
+
+**Purpose**: Detect tampered, unregistered, or drifted skill packages.
+
+### Steps
+
+1. Discover skill directories:
+   ```bash
+   ls -d $OC/skills/*/ ~/.openclaw/skills/*/ 2>/dev/null
+   ```
+   Each directory containing a `SKILL.md` is a skill.
+
+2. For each skill, compute hash:
+   ```bash
+   node scripts/trust-cli.ts hash --path <skill_dir>
+   ```
+
+3. Look up attested hash in trust registry:
+   ```bash
+   node scripts/trust-cli.ts lookup --source <skill_dir> --version <version>
+   ```
+
+4. Compare hashes. If mismatch, run quick re-scan:
+   ```bash
+   # Use Grep + scan rules on the skill directory (same as /agentguard scan)
+   ```
+
+### Findings
+
+| Tag | Severity | Condition |
+|-----|----------|-----------|
+| `INTEGRITY_DRIFT` | HIGH | Computed hash differs from attested hash |
+| `UNREGISTERED_SKILL` | MEDIUM | Skill directory exists but has no trust record |
+| `NEWLY_CRITICAL` | CRITICAL | Re-scan of drifted skill finds CRITICAL findings |
+
+---
+
+## Check 2: Secrets Exposure
+
+**Purpose**: Detect plaintext secrets leaked in workspace files, memory logs, and sensitive directories.
+
+### Scan Targets
+
+| Path | Scope |
+|------|-------|
+| `$OC/workspace/` | Full recursive (especially `memory/`, `logs/`) |
+| `$OC/.env*` | Any dotenv files in OC root |
+| `~/.ssh/` | Permission check only |
+| `~/.gnupg/` | Permission check only |
+
+### Patterns (cross-ref scan-rules.md)
+
+| Rule ID | Tag | Pattern Summary |
+|---------|-----|-----------------|
+| Rule 7 | PRIVATE_KEY_PATTERN | `['"\x60]0x[a-fA-F0-9]{64}['"\x60]`, `private[_\s]?key\s*[:=]` |
+| Rule 8 | MNEMONIC_PATTERN | 12/24 BIP-39 words, `seed[_\s]?phrase`, `mnemonic\s*[:=]` |
+| Rule 5 | READ_SSH_KEYS | `\.ssh/id_rsa`, `\.ssh/id_ed25519` in workspace files |
+
+### Additional Patterns (cross-ref action-policies.md)
+
+| Type | Pattern | Severity |
+|------|---------|----------|
+| AWS Secret Key | `[A-Za-z0-9/+=]{40}` near AWS context | HIGH |
+| AWS Access Key | `AKIA[0-9A-Z]{16}` | HIGH |
+| GitHub Token | `gh[pousr]_[A-Za-z0-9_]{36,}` | HIGH |
+| DB Connection String | `(postgres\|mysql\|mongodb)://` | MEDIUM |
+
+### Permission Checks
+
+```bash
+# SSH directory — should be 700
+stat -f "%Lp" ~/.ssh/ 2>/dev/null || stat -c "%a" ~/.ssh/ 2>/dev/null
+# GnuPG — should be 700
+stat -f "%Lp" ~/.gnupg/ 2>/dev/null || stat -c "%a" ~/.gnupg/ 2>/dev/null
+```
+
+| Condition | Severity |
+|-----------|----------|
+| `~/.ssh/` permissions > 700 | HIGH |
+| `~/.gnupg/` permissions > 700 | MEDIUM |
+
+---
+
+## Check 3: Network Exposure
+
+**Purpose**: Detect dangerous port exposure, missing firewall, and suspicious connections.
+
+### Listening Ports
+
+```bash
+# Linux
+ss -tlnp 2>/dev/null || netstat -tlnp 2>/dev/null
+# macOS
+lsof -i -P -n | grep LISTEN 2>/dev/null
+```
+
+### High-Risk Default Ports
+
+Flag if bound to `0.0.0.0` or `*` (not `127.0.0.1`):
+
+| Port | Service | Severity |
+|------|---------|----------|
+| 22 | SSH (default port) | MEDIUM |
+| 3306 | MySQL | HIGH |
+| 5432 | PostgreSQL | HIGH |
+| 6379 | Redis | CRITICAL |
+| 27017 | MongoDB | HIGH |
+| 9200 | Elasticsearch | HIGH |
+| 2375/2376 | Docker API | CRITICAL |
+| 8080 | Generic HTTP | LOW |
+
+### Firewall Status
+
+```bash
+# Linux (UFW)
+ufw status 2>/dev/null
+# Linux (iptables) — check for ACCEPT all on INPUT
+iptables -L INPUT -n 2>/dev/null | head -20
+# macOS
+/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2>/dev/null
+```
+
+| Condition | Severity |
+|-----------|----------|
+| Firewall disabled / inactive | HIGH |
+| Redis/Docker API on 0.0.0.0 | CRITICAL |
+| Database on 0.0.0.0 without auth | HIGH |
+| SSH on default port 22 | MEDIUM (informational) |
+
+### Outbound Connection Check
+
+```bash
+# Established outbound connections
+ss -tnp state established 2>/dev/null || netstat -tnp 2>/dev/null | grep ESTABLISHED
+```
+
+Cross-reference remote IPs/domains against:
+- action-policies.md webhook/exfil domain list (Discord, Telegram, ngrok, webhook.site, etc.)
+- scan-rules.md Rule 23 SUSPICIOUS_IP validation (exclude private ranges)
+- action-policies.md high-risk TLDs (`.xyz`, `.top`, `.tk`, `.ml`, `.ga`, `.cf`, `.gq`)
+
+---
+
+## Check 4: Cron & Scheduled Tasks
+
+**Purpose**: Detect malicious or unauthorized scheduled tasks, especially download-and-execute patterns.
+
+### Data Collection
+
+```bash
+# OpenClaw cron jobs
+openclaw cron list 2>/dev/null
+
+# System crontab
+crontab -l 2>/dev/null
+
+# System cron directories
+ls -la /etc/cron.d/ /etc/cron.daily/ /etc/cron.hourly/ 2>/dev/null
+
+# Systemd timers
+systemctl list-timers --all 2>/dev/null
+
+# User systemd units
+ls -la ~/.config/systemd/user/ 2>/dev/null
+```
+
+### Scan Patterns (cross-ref scan-rules.md Rule 2: AUTO_UPDATE)
+
+Scan cron command bodies for:
+
+| Pattern | Description | Severity |
+|---------|-------------|----------|
+| `curl.*\|\s*(bash\|sh)` | curl pipe to shell | CRITICAL |
+| `wget.*\|\s*(bash\|sh)` | wget pipe to shell | CRITICAL |
+| `fetch.*then.*eval` | Fetch and eval | CRITICAL |
+| `download.*execute` (i) | Download-and-execute | HIGH |
+| `base64 -d \| bash` | Decode and execute | CRITICAL |
+| `eval "$(curl`  | eval curl output | CRITICAL |
+
+### Additional Checks
+
+| Condition | Severity |
+|-----------|----------|
+| Unknown cron job touching `$OC/` as root | HIGH |
+| Cron job downloading from external URL | HIGH |
+| Cron job not present in `openclaw cron list` but touches `$OC/` | MEDIUM |
+
+---
+
+## Check 5: File System Changes
+
+**Purpose**: Detect suspicious file modifications in the last 24 hours.
+
+### Scan Targets
+
+```bash
+# Files modified in last 24h
+find $OC/ -type f -mtime -1 2>/dev/null
+find ~/.ssh/ -type f -mtime -1 2>/dev/null
+find ~/.gnupg/ -type f -mtime -1 2>/dev/null
+find /etc/cron.d/ -type f -mtime -1 2>/dev/null
+```
+
+### Analysis
+
+1. **Count and list** all modified files
+2. For files matching scannable extensions (`.js`, `.ts`, `.py`, `.sh`, `.md`, `.json`, `.yaml`):
+   - Run the full scan rule set against each file (same rules as `/agentguard scan`)
+   - Report any findings with the relevant rule IDs
+3. **Permission check** on critical files:
+
+| File | Expected Permission |
+|------|-------------------|
+| `$OC/openclaw.json` | 600 |
+| `$OC/devices/paired.json` | 600 |
+| `~/.ssh/authorized_keys` | 600 |
+| `/etc/ssh/sshd_config` | 644 |
+
+4. **New executable detection**:
+   ```bash
+   find $OC/workspace/ -type f -perm +111 -mtime -1 2>/dev/null
+   ```
+
+---
+
+## Check 6: Audit Log Analysis
+
+**Purpose**: Analyze AgentGuard's own audit trail for attack patterns and anomalies.
+
+### Data Source
+
+```
+~/.agentguard/audit.jsonl
+```
+
+Each line: `{"timestamp":"...","tool_name":"...","decision":"...","risk_level":"...","risk_tags":[...],"initiating_skill":"..."}`
+
+### Analysis (last 24h)
+
+1. **Aggregate statistics**:
+   - Total events, deny count, confirm count, allow count
+   - Group denials by `risk_tags`
+   - Group denials by `initiating_skill`
+
+2. **Pattern detection**:
+
+| Pattern | Condition | Severity |
+|---------|-----------|----------|
+| Repeated denial | Same skill denied 3+ times | HIGH |
+| Critical event | Any event with `risk_level: critical` | CRITICAL |
+| Exfiltration attempt | `WEBHOOK_EXFIL` or `NET_EXFIL_UNRESTRICTED` tag | HIGH |
+| Prompt injection | `PROMPT_INJECTION` tag in events | CRITICAL |
+| Unrevoked violator | Skill with 5+ denials still not revoked in registry | MEDIUM |
+
+3. **Recommendation generation**:
+   - For skills with high deny rates: suggest `/agentguard trust revoke`
+   - For critical events: suggest immediate investigation
+
+---
+
+## Check 7: Environment & Configuration
+
+**Purpose**: Verify OpenClaw and AgentGuard configuration security.
+
+### Environment Variable Scan
+
+```bash
+# List env vars with sensitive names (names only, values masked)
+env | grep -iE 'API_KEY|SECRET|PASSWORD|TOKEN|PRIVATE|CREDENTIAL' | awk -F= '{print $1 "=(masked)"}'
+```
+
+### Configuration Checks
+
+| Check | Command | Expected |
+|-------|---------|----------|
+| AgentGuard protection level | Read `~/.agentguard/config.json` | Not `permissive` for production |
+| GoPlus API configured | Check `GOPLUS_API_KEY` exists | Set if Web3 features used |
+| Config baseline hash | `sha256sum -c $OC/.config-baseline.sha256` | All OK (if baseline exists) |
+
+### Severity
+
+| Condition | Severity |
+|-----------|----------|
+| Protection level = `permissive` | MEDIUM |
+| Sensitive env var with `PRIVATE_KEY` or `MNEMONIC` in name | HIGH |
+| Config baseline hash mismatch | HIGH |
+| Config baseline missing | LOW (informational) |
+
+---
+
+## Check 8: Trust Registry Health
+
+**Purpose**: Verify the trust registry is well-maintained and no over-privileged skills exist.
+
+### Data Collection
+
+```bash
+node scripts/trust-cli.ts list
+```
+
+### Analysis
+
+| Check | Condition | Severity |
+|-------|-----------|----------|
+| Expired attestation | `expires_at` < now | MEDIUM |
+| Stale trusted skill | `trust_level: trusted` + `updated_at` > 30 days ago | LOW |
+| Installed but untrusted | Skill directory exists + `trust_level: untrusted` | MEDIUM |
+| Over-privileged | `exec: allow` AND `network_allowlist: ["*"]` | HIGH |
+| Empty registry | No records at all despite installed skills | MEDIUM |
+
+### Statistics Output
+
+- Total trust records
+- Distribution: trusted / restricted / untrusted / revoked
+- Skills with Web3 capabilities enabled
+
+---
+
+## Overall Status Calculation
+
+| Condition | Status |
+|-----------|--------|
+| Any check has CRITICAL findings | **FAIL** |
+| Any check has HIGH findings | **WARN** |
+| Only MEDIUM/LOW findings | **PASS** (with notes) |
+| No findings | **PASS** |

package/skills/agentguard/scripts/package.json

@@ -2,6 +2,6 @@
   "private": true,
   "type": "module",
   "dependencies": {
-    "@goplus/agentguard": "file:../../.."
+    "@goplus/agentguard": "^1.0.6"
   }
 }