@guava-parity/guard-scanner 15.0.0 → 16.0.0

package/docs/data/corpus-metrics.json

@@ -1,8 +1,8 @@
 {
-  "generatedAt": "2026-03-10T10:00:34.307Z",
+  "generatedAt": "2026-03-13T14:27:53.074Z",
   "corpus": {
-    "benign": 3,
-    "malicious": 3
+    "benign": 17,
+    "malicious": 15
   },
   "precision": 1,
   "recall": 1,

package/docs/data/fp-ledger.json

@@ -0,0 +1,18 @@
+{
+  "benchmark_version": "2026-03-13.quality-v1",
+  "generatedAt": "2026-03-14T05:45:37.147Z",
+  "entries": [
+    {
+      "layer": "layer_b",
+      "sample_id": "adv-benign-06",
+      "title": "secret-placeholder",
+      "risk": 3,
+      "matched_categories": [
+        "credential-handling"
+      ],
+      "detection_ids": [
+        "CRED_ENV_REF"
+      ]
+    }
+  ]
+}

package/docs/data/quality-contract.json

@@ -0,0 +1,36 @@
+{
+  "contract_version": "2026-03-13.quality-v1",
+  "benchmark_version": "2026-03-13.quality-v1",
+  "quality_targets": {
+    "precision_min": 0.9,
+    "recall_min": 0.9,
+    "false_positive_rate_max": 0.1,
+    "false_negative_rate_max": 0.1,
+    "explainability_completeness_rate_min": 1,
+    "runtime_check_latency_budget_ms": 5,
+    "false_positive_budget_by_category": {
+      "prompt-injection": 0.05,
+      "runtime-policy": 0.02,
+      "secret-detection": 0.08,
+      "supply-chain": 0.05,
+      "memory-poisoning": 0.03
+    }
+  },
+  "layers": [
+    {
+      "id": "layer_a",
+      "corpus": "test/fixtures/corpus/security-corpus.json",
+      "scanner_options": {}
+    },
+    {
+      "id": "layer_b",
+      "corpus": "test/fixtures/corpus/adversarial-corpus.json",
+      "scanner_options": {}
+    },
+    {
+      "id": "layer_c",
+      "corpus": "test/fixtures/corpus/ecosystem-corpus.json",
+      "scanner_options": {}
+    }
+  ]
+}

package/docs/generated/openclaw-upstream-status.json

@@ -1,22 +1,22 @@
 {
-  "checkedAt": "2026-03-11T19:33:06.437Z",
-  "pinnedVersion": "2026.3.8",
-  "latestVersion": "2026.3.8",
-  "latestPublishedAt": "2026-03-09T07:44:44.237Z",
-  "registryModifiedAt": "2026-03-09T07:50:30.149Z",
-  "githubLatestVersion": "2026.3.8",
-  "githubPublishedAt": "2026-03-09T07:49:27Z",
-  "githubUrl": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.8",
+  "checkedAt": "2026-03-13T13:54:07.403Z",
+  "pinnedVersion": "2026.3.12",
+  "latestVersion": "2026.3.12",
+  "latestPublishedAt": "2026-03-13T04:13:28.358Z",
+  "registryModifiedAt": "2026-03-13T04:29:39.807Z",
+  "githubLatestVersion": "2026.3.12",
+  "githubPublishedAt": "2026-03-13T04:26:46Z",
+  "githubUrl": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.12",
   "sourceParity": {
-    "npmLatestVersion": "2026.3.8",
-    "githubLatestVersion": "2026.3.8",
+    "npmLatestVersion": "2026.3.12",
+    "githubLatestVersion": "2026.3.12",
     "inParity": true
   },
   "source": "npm",
   "status": {
-    "pinnedVersion": "2026.3.8",
-    "latestVersion": "2026.3.8",
-    "latestPublishedAt": "2026-03-09T07:44:44.237Z",
+    "pinnedVersion": "2026.3.12",
+    "latestVersion": "2026.3.12",
+    "latestPublishedAt": "2026-03-13T04:13:28.358Z",
     "source": "npm",
     "upToDate": true,
     "ahead": false,

package/docs/openclaw-compatibility-audit.md

@@ -1,7 +1,8 @@
 # guard-scanner OpenClaw Compatibility Audit
 
 Date: 2026-03-12
-Target baseline: OpenClaw `v2026.3.8`
+Public compatibility baseline: OpenClaw `v2026.3.8`
+Upstream drift lane: newer OpenClaw stable releases measured separately by `check:upstream`
 
 ## Official upstream requirements used
 
@@ -20,7 +21,7 @@ Target baseline: OpenClaw `v2026.3.8`
 | Runtime hook registration | ✅ | `openclaw-plugin.mts` registers `before_tool_call` with priority 90 |
 | Malicious tool-call blocking | ✅ | `test/openclaw-plugin-compat.test.js` + `scripts/release-gate.js` |
 | Benign tool-call passthrough | ✅ | `test/openclaw-plugin-compat.test.js` + `scripts/release-gate.js` |
-| Upstream latest-version drift detection | ✅ | `npm run check:upstream` + `docs/generated/openclaw-upstream-status.json` (npm + GitHub Releases parity) |
+| Upstream latest-version drift detection | ✅ | `npm run check:upstream` + `docs/generated/openclaw-upstream-status.json` (used for revalidation, not automatic claim widening) |
 
 ## Explicitly out of scope
 

package/docs/openclaw-continuous-compatibility-plan.md

@@ -1,7 +1,8 @@
 # guard-scanner Continuous OpenClaw Compatibility Plan
 
 Date: 2026-03-12
-Baseline: OpenClaw `2026.3.8`
+Stable target: OpenClaw `2026.3.12`
+Baseline regression lane: OpenClaw `2026.3.8`
 
 ## Goal
 

package/docs/spec/capabilities.json

@@ -1,12 +1,12 @@
 {
-  "package_version": "15.0.0",
-  "plugin_version": "15.0.0",
+  "package_version": "16.0.0",
+  "plugin_version": "16.0.0",
   "static_pattern_count": 358,
   "threat_category_count": 35,
   "runtime_check_count": 27,
-  "test_file_count": 23,
+  "test_file_count": 28,
   "dependencies_runtime": 1,
-  "dependencies_dev": 3,
+  "dependencies_dev": 5,
   "mcp_tools": [
     "scan_skill",
     "scan_text",
@@ -20,6 +20,7 @@
   ],
   "cli_commands": [
     "scan",
+    "benchmark",
     "serve",
     "watch",
     "audit",
@@ -38,5 +39,136 @@
     "virustotal",
     "github",
     "npm"
-  ]
+  ],
+  "benchmark_corpus_version": "2026-03-13.quality-v1",
+  "benchmark_layers": [
+    {
+      "id": "layer_a",
+      "benign": 17,
+      "malicious": 15,
+      "precision": 1,
+      "recall": 1,
+      "false_positive_rate": 0,
+      "false_negative_rate": 0
+    },
+    {
+      "id": "layer_b",
+      "benign": 12,
+      "malicious": 12,
+      "precision": 0.9167,
+      "recall": 0.9167,
+      "false_positive_rate": 0.0833,
+      "false_negative_rate": 0.0833
+    },
+    {
+      "id": "layer_c",
+      "benign": 8,
+      "malicious": 8,
+      "precision": 1,
+      "recall": 1,
+      "false_positive_rate": 0,
+      "false_negative_rate": 0
+    }
+  ],
+  "analysis_layers": [
+    {
+      "layer": 1,
+      "name": "Static Analysis"
+    },
+    {
+      "layer": 2,
+      "name": "Protocol Analysis"
+    },
+    {
+      "layer": 3,
+      "name": "Runtime Behavior"
+    },
+    {
+      "layer": 4,
+      "name": "Cognitive Threat Detection"
+    },
+    {
+      "layer": 5,
+      "name": "Threat Intelligence"
+    }
+  ],
+  "owasp_asi_coverage": [
+    {
+      "id": "ASI01",
+      "count": 11,
+      "categories": [
+        "prompt-injection"
+      ]
+    },
+    {
+      "id": "ASI02",
+      "count": 28,
+      "categories": [
+        "credential-handling",
+        "exfiltration",
+        "malicious-code",
+        "pii-exposure",
+        "secret-detection",
+        "suspicious-download"
+      ]
+    },
+    {
+      "id": "ASI04",
+      "count": 8,
+      "categories": [
+        "suspicious-download",
+        "unverifiable-deps"
+      ]
+    },
+    {
+      "id": "ASI05",
+      "count": 2,
+      "categories": [
+        "financial-access"
+      ]
+    },
+    {
+      "id": "ASI06",
+      "count": 10,
+      "categories": [
+        "exfiltration",
+        "memory-poisoning",
+        "pii-exposure"
+      ]
+    },
+    {
+      "id": "ASI07",
+      "count": 9,
+      "categories": [
+        "credential-handling",
+        "secret-detection"
+      ]
+    }
+  ],
+  "capability_flags": {
+    "protocol_analysis": true,
+    "runtime_evidence": true,
+    "cognitive_detection": true,
+    "threat_intelligence": true
+  },
+  "compliance_modes": [
+    "owasp-asi"
+  ],
+  "explainability_completeness_rate": 1,
+  "runtime_check_latency_budget_ms": 5,
+  "quality_targets": {
+    "precision_min": 0.9,
+    "recall_min": 0.9,
+    "false_positive_rate_max": 0.1,
+    "false_negative_rate_max": 0.1,
+    "explainability_completeness_rate_min": 1,
+    "runtime_check_latency_budget_ms": 5,
+    "false_positive_budget_by_category": {
+      "prompt-injection": 0.05,
+      "runtime-policy": 0.02,
+      "secret-detection": 0.08,
+      "supply-chain": 0.05,
+      "memory-poisoning": 0.03
+    }
+  }
 }

package/docs/spec/plugin-trust.json

@@ -0,0 +1,11 @@
+{
+  "version": 1,
+  "enforce": true,
+  "entries": [
+    {
+      "path": "./dist/openclaw-plugin.mjs",
+      "issuer": "guard-scanner-release-gate",
+      "source": "local-build"
+    }
+  ]
+}

package/hooks/{context.js → context.ts}

@@ -1,3 +1,4 @@
+// @ts-nocheck
 /**
  * guard-scanner Context Engine Hooks — OpenClaw Lifecycle Integration
  *

package/openclaw-plugin.mts

@@ -1,8 +1,7 @@
-import { createRequire } from "node:module";
 import type { OpenClawPluginApi } from "openclaw/plugin-sdk/core";
+import * as runtimeGuard from "./src/index.js";
 
-const require = createRequire(import.meta.url);
-const runtimeGuard = require("../src/runtime-guard.js") as {
+const runtimeGuardApi = runtimeGuard as {
     scanToolCall: (
         toolName: string,
         params: Record<string, unknown>,
@@ -14,6 +13,14 @@ const runtimeGuard = require("../src/runtime-guard.js") as {
             runId?: string;
             toolCallId?: string;
             agentId?: string;
+            policy?: {
+                id?: string;
+                allowed_tools?: string[];
+                blocked_tools?: string[];
+                max_network_scope?: "none" | "internal-only" | "external-ok";
+                secret_bearing_context?: boolean;
+                memory_write_permission?: boolean;
+            };
         },
     ) => {
         blocked: boolean;
@@ -35,6 +42,14 @@ type PluginHookToolContext = {
     runId?: string;
     toolName: string;
     toolCallId?: string;
+    policy?: {
+        id?: string;
+        allowed_tools?: string[];
+        blocked_tools?: string[];
+        max_network_scope?: "none" | "internal-only" | "external-ok";
+        secret_bearing_context?: boolean;
+        memory_write_permission?: boolean;
+    };
 };
 
 function resolveMode(pluginConfig?: Record<string, unknown>): GuardMode | undefined {
@@ -54,7 +69,7 @@ function beforeToolCall(
     ctx: PluginHookToolContext,
     api: OpenClawPluginApi,
 ) {
-    const result = runtimeGuard.scanToolCall(event.toolName, event.params, {
+    const result = runtimeGuardApi.scanToolCall(event.toolName, event.params, {
         mode: resolveMode(api.pluginConfig),
         auditLog: resolveAuditLog(api.pluginConfig),
         sessionKey: ctx.sessionKey,
@@ -62,6 +77,7 @@ function beforeToolCall(
         runId: ctx.runId ?? event.runId,
         toolCallId: ctx.toolCallId ?? event.toolCallId,
         agentId: ctx.agentId,
+        policy: ctx.policy,
     });
 
     if (!result.blocked) return;
@@ -83,7 +99,7 @@ const plugin = {
             { priority: 90 },
         );
         api.logger.info(
-            "guard-scanner registered OpenClaw before_tool_call hook (validated for v2026.3.8).",
+            "guard-scanner registered OpenClaw before_tool_call hook (stable: v2026.3.12, regression lane: v2026.3.8).",
         );
     },
 };

package/openclaw.plugin.json

@@ -1,8 +1,8 @@
 {
   "id": "guard-scanner",
   "name": "guard-scanner",
-  "description": "Runtime guard plugin for OpenClaw before_tool_call enforcement.",
-  "version": "15.0.0",
+  "description": "Runtime guard plugin for OpenClaw before_tool_call enforcement with capability-scoped policy rationale.",
+  "version": "16.0.0",
   "configSchema": {
     "type": "object",
     "properties": {

package/package.json

@@ -1,35 +1,71 @@
 {
   "name": "@guava-parity/guard-scanner",
-  "version": "15.0.0",
+  "version": "16.0.0",
   "publishConfig": {
     "access": "public",
     "registry": "https://registry.npmjs.org/"
   },
-  "description": "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v15)",
+  "description": "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v16)",
   "openclaw": {
     "extensions": [
       "./dist/openclaw-plugin.mjs"
     ]
   },
-  "main": "src/scanner.js",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.cjs",
+      "default": "./dist/index.mjs"
+    },
+    "./plugin": {
+      "types": "./dist/openclaw-plugin.d.mts",
+      "import": "./dist/openclaw-plugin.mjs",
+      "require": "./dist/openclaw-plugin.cjs",
+      "default": "./dist/openclaw-plugin.mjs"
+    },
+    "./mcp": {
+      "types": "./dist/mcp-server.d.ts",
+      "import": "./dist/mcp-server.mjs",
+      "require": "./dist/mcp-server.cjs",
+      "default": "./dist/mcp-server.mjs"
+    },
+    "./types": {
+      "types": "./dist/types.d.ts",
+      "default": "./dist/types.d.ts"
+    },
+    "./package.json": "./package.json"
+  },
+  "sideEffects": [
+    "./dist/cli.cjs",
+    "./dist/openclaw-plugin.mjs",
+    "./dist/openclaw-plugin.cjs"
+  ],
   "bin": {
-    "guard-scanner": "src/cli.js"
+    "guard-scanner": "dist/cli.cjs"
   },
   "scripts": {
-    "build:plugin": "npx tsc -p tsconfig.build.json",
-    "check:upstream": "node scripts/check-openclaw-upstream.js",
-    "scan": "node src/cli.js",
-    "lint": "node scripts/lint.js",
-    "typecheck": "npx tsc --noEmit -p tsconfig.json",
-    "release:gate": "node scripts/release-gate.js",
-    "test": "npm run lint && npm run typecheck && npm run build:plugin && node scripts/generate-capabilities.js && node scripts/generate-readme-metrics.js && node scripts/generate-readme-stats.js && node scripts/verify-capabilities.js && node scripts/test-quality-gate.js && node scripts/corpus-metrics.js --check && node scripts/perf-regression.js && node scripts/release-gate.js && node --test test/*.test.js",
-    "test:core": "node --test test/scanner.test.js test/patterns.test.js",
-    "test:contracts": "npm run build:plugin && node scripts/release-gate.js && node --test test/finding-schema.test.js test/mcp.test.js test/e2e-mcp.test.js test/openclaw-plugin-compat.test.js test/stale-claims.test.js test/openclaw-upstream-check.test.js",
-    "test:corpus": "node scripts/corpus-metrics.js --check",
-    "test:perf": "node scripts/perf-regression.js",
-    "test:quality": "node scripts/test-quality-gate.js",
-    "sbom": "node scripts/generate-sbom.js",
-    "sync:readme": "node scripts/generate-capabilities.js && node scripts/generate-readme-metrics.js && node scripts/generate-readme-stats.js",
+    "build": "tsup --config tsup.config.ts",
+    "build:plugin": "npm run build",
+    "benchmark": "tsx scripts/benchmark.ts --write-ledgers",
+    "check:upstream": "tsx scripts/check-openclaw-upstream.ts",
+    "check:tarball": "tsx scripts/validate-tarball.ts",
+    "scan": "tsx src/cli.ts",
+    "lint": "tsx scripts/lint.ts",
+    "typecheck": "tsc --noEmit -p tsconfig.json",
+    "release:gate": "npm run build && npm run benchmark && tsx scripts/generate-capabilities.ts && tsx scripts/release-gate.ts && tsx scripts/validate-tarball.ts",
+    "test": "npm run build && npm run benchmark && tsx scripts/generate-capabilities.ts && tsx scripts/verify-capabilities.ts && tsx scripts/test-quality-gate.ts && tsx --test test/*.test.ts",
+    "test:core": "tsx --test test/scanner.test.ts test/patterns.test.ts",
+    "test:contracts": "npm run build:plugin && tsx scripts/release-gate.ts && tsx --test test/finding-schema.test.ts test/mcp.test.ts test/e2e-mcp.test.ts test/openclaw-plugin-compat.test.ts test/stale-claims.test.ts test/openclaw-upstream-check.test.ts",
+    "test:corpus": "tsx scripts/corpus-metrics.ts --check",
+    "test:perf": "tsx scripts/perf-regression.ts",
+    "test:quality": "tsx scripts/test-quality-gate.ts",
+    "test:rust-parity": "tsx scripts/rust-parity.ts",
+    "sbom": "tsx scripts/generate-sbom.ts",
+    "sync:readme": "tsx scripts/generate-capabilities.ts && tsx scripts/generate-readme-metrics.ts && tsx scripts/generate-readme-stats.ts",
     "prepack": "npm run build:plugin && npm run release:gate"
   },
   "keywords": [
@@ -60,7 +96,6 @@
   "homepage": "https://github.com/koatora20/guard-scanner",
   "files": [
     "dist/",
-    "src/",
     "hooks/",
     "docs/",
     "openclaw-plugin.mts",
@@ -68,11 +103,14 @@
     "SKILL.md",
     "SECURITY.md",
     "README.md",
+    "README_ja.md",
     "LICENSE"
   ],
   "devDependencies": {
     "@types/node": "^22.0.0",
-    "openclaw": "2026.3.8",
+    "openclaw": "2026.3.12",
+    "tsx": "^4.20.5",
+    "tsup": "^8.5.0",
     "typescript": "^5.7.0"
   },
   "dependencies": {