@limits/openclaw 0.0.1 → 0.0.3

package/skills/limits-policy-generator/SKILL.md

@@ -1,110 +0,0 @@
----
-name: limits-policy-generator
-description: "Generate and create or update policy rules on the Limits SaaS from natural language. Use when the user asks to add, change, or create policy rules enforced by the Limits backend."
-metadata: {"openclaw": {"emoji": "📜", "requires": {"config": ["plugins.entries[\"@limits/openclaw\"].config.apiToken"]}}}
----
-
-# Limits Policy Generator
-
-You have two tools for creating and updating policies on the Limits SaaS from natural language. They call the Limits backend so the user's enforcement rules are created or updated there (and apply to tool-call enforcement via the @limits/openclaw plugin).
-
-## When to use this skill
-
-Use these tools when the user says things like:
-
-- "Create a policy that blocks all payment tools"
-- "Add a rule: never run bash with rm -rf"
-- "Generate a policy from this: block transactions over 500"
-- "Update my policy to also block stripe_* tools"
-- "I want to add a guardrail that redacts emails from tool output"
-- "Change the payment limit to 700"
-
-## Tools available
-
-### `limits_generate_create_policy`
-
-Generate a new policy from natural language and create it on the Limits backend. Use when the user wants to **add** a new policy.
-
-```
-limits_generate_create_policy(
-  input="Block any tool whose name starts with stripe_ or payment_. Allow all other tools.",
-  mode="INSTRUCTIONS",
-  tools=["stripe_.*", "payment_.*"]
-)
-```
-
-- **input** (required): Natural-language description of the policy (what to block, allow, or require).
-- **mode** (optional): `"INSTRUCTIONS"` | `"CONDITIONS"` | `"GUARDRAIL"`. Default is INSTRUCTIONS. Use GUARDRAIL for rules that scan tool **output** (e.g. redact PII).
-- **tools** (required): Which tool calls this policy applies to. See "Where to apply" section below.
-
-### `limits_generate_update_policy`
-
-Generate updates from natural language and apply them to an **existing** policy. Use when the user wants to **change** a policy they already have.
-
-```
-limits_generate_update_policy(
-  policyId="uuid-of-existing-policy",
-  input="Also block transfer_money. Keep the existing amount limit.",
-  mode="INSTRUCTIONS"
-)
-```
-
-- **policyId** (required): The ID of the existing policy to update (UUID).
-- **input** (required): Natural-language description of the changes or additions.
-- **mode** (optional): Same as above.
-- **Note:** Update does **not** change which tools the policy applies to — scope is fixed at creation time. If the user wants to change scope, they should create a new policy.
-
-## Where to apply (tools parameter)
-
-The `tools` parameter on `limits_generate_create_policy` is **required** and controls which tool calls the policy is enforced on.
-
-### Values
-
-| Value | Meaning |
-|-------|---------|
-| `["*"]` | Apply to **all** tool calls / all requests |
-| `["<tool_name>"]` | Apply to the exact tool (use only names from the agent's actual tool list) |
-| `["<prefix>.*"]` | Apply to all tools whose name starts with that prefix (e.g. `payment_.*`) |
-
-Use `prefix.*` (dot-star) for prefix matching. The backend also accepts `prefix_*` and normalizes it to `prefix_.*`. **Use only tool names or prefixes that exist in the user's / agent's available tools** — do not invent names.
-
-### Ask-once logic (required)
-
-**Do not call `limits_generate_create_policy` until you know scope.** If the user did not say scope, ask once.
-
-- User says **"everywhere"**, **"all requests"**, **"globally"**, or **"all tools"** → use `["*"]` without asking.
-- User **explicitly names specific tools** (e.g. "for read_file", "payment tools", "stripe_*") → use those tools without asking.
-- User **does not say** "all" / "everywhere" / "globally" and **does not name any tools** (e.g. "create a policy if currency is JOD allow request", "create a policy that blocks payments") → you **must ask once** before calling the tool: _"Which tools should this policy apply to: all tool calls, or only specific tools? If specific, which tool names from your available tools?"_ Then call the tool with the user's answer.
-
-Do not assume scope. Do not call the create-policy tool immediately when the user only describes the rule (e.g. "if currency is JOD allow") without stating where it applies. Ask once, then call.
-
-### Tool names: use source of truth only
-
-When setting the `tools` parameter, use **only tool names from the agent's actual available tools** (the list of tools you have access to). Do not invent or assume tool names. If the user wants "specific tools", list the relevant tools from your real tool list and use those exact names (or prefix patterns like `name_.*` that match them). If you do not have a list of available tools, ask the user which tools should be in scope and use only names they confirm.
-
-## Recommended flow
-
-1. If the user wants a **new** policy:
-   - **First determine scope.** If the user did not say "all tools" / "everywhere" / "globally" and did not name specific tools, ask once: "Which tools should this apply to: all tool calls or specific tools? If specific, which ones?"
-   - Only then call `limits_generate_create_policy` with `input`, `tools` (from user or from their actual tool list), and optionally `mode`.
-   - Confirm what was created and **where it applies** (e.g. "This policy applies to all tools" or "This policy applies to [tool names]").
-2. If the user wants to **change** an existing policy:
-   - Use `limits_generate_update_policy` with the policy id and the change description. (You may need to list or find the policy id first if the user says "update my payment policy".)
-   - Remind the user that **scope (which tools the policy applies to) cannot be changed via update** — it stays as set when the policy was created.
-3. Policies on the Limits backend apply to tool-call enforcement (via @limits/openclaw) for that organization.
-
-## Sandbox vs host
-
-**If you are running inside a sandbox:** The `limits_generate_create_policy` and `limits_generate_update_policy` tools are only available if the gateway config allows them in the sandbox (e.g. `tools.sandbox.tools.allow` includes `"@limits/openclaw"`). If those tools are not in your tool list, you cannot invoke them from this environment.
-
-- **To run the policy tools from the sandbox:** The admin must add `@limits/openclaw` to the agent allowlist and to `tools.sandbox.tools.allow` (see the @limits/openclaw README). After that, you can call the tools from here.
-- **If the tools are still not available:** Tell the user to run the policy command on the **host** or an agent instance that has the Limits backend wired up and the tools allowed.
-
-## Configuration
-
-The plugin must be configured with:
-
-- **baseUrl**: Base URL of the Limits API (e.g. `https://api.limits.dev`). Used for enforce and policy-generator tools.
-- **apiToken**: Organization API key (Bearer) for the Limits backend. Used for enforce and policy-generator tools.
-
-Without these, the tools will not be available or will return an error asking the user to configure them.

package/src/config.ts

@@ -1,70 +0,0 @@
-/**
- * Plugin config: loaded from gateway config with env var overrides.
- */
-
-const STATIC_BASE_URL = "https://extensionally-jettisonable-rosann.ngrok-free.dev";
-
-export interface EnforcerConfig {
-  baseUrl: string;
-  timeoutMs: number;
-  failMode: "allow" | "block";
-  tokenSource: string;
-  redactLogs: boolean;
-  /** Optional: organization API key sent as apiToken to POST /openclaw/enforce and for policy-generator tools. Used when event/context don't provide a token (fallback for all requests). */
-  apiToken?: string;
-}
-
-const DEFAULTS: EnforcerConfig = {
-  baseUrl: STATIC_BASE_URL,
-  timeoutMs: 2500,
-  failMode: "allow",
-  tokenSource: "event.metadata.apiToken",
-  redactLogs: true,
-};
-
-export type ApiLike = {
-  config?: {
-    plugins?: {
-      entries?: Record<
-        string,
-        { enabled?: boolean; config?: Partial<EnforcerConfig> }
-      >;
-    };
-  };
-};
-
-export function loadConfig(api: ApiLike): EnforcerConfig {
-  const raw =
-    api.config?.plugins?.entries?.["@limits/openclaw"]?.config ?? ({} as Partial<EnforcerConfig>);
-
-  // baseUrl defaults to static; not in wizard or schema so users don't edit it (config override only for tests/advanced)
-  const baseUrl = raw.baseUrl ?? DEFAULTS.baseUrl;
-  const timeoutMs =
-    typeof process.env.LIMITS_ENFORCER_TIMEOUT_MS === "string"
-      ? parseInt(process.env.LIMITS_ENFORCER_TIMEOUT_MS, 10)
-      : raw.timeoutMs ?? DEFAULTS.timeoutMs;
-  const failMode =
-    (process.env.LIMITS_ENFORCER_FAIL_MODE as "allow" | "block") ??
-    raw.failMode ??
-    DEFAULTS.failMode;
-  const tokenSource =
-    process.env.LIMITS_ENFORCER_TOKEN_SOURCE ??
-    raw.tokenSource ??
-    DEFAULTS.tokenSource;
-  const redactLogs =
-    process.env.LIMITS_ENFORCER_REDACT_LOGS !== undefined
-      ? process.env.LIMITS_ENFORCER_REDACT_LOGS === "true" ||
-        process.env.LIMITS_ENFORCER_REDACT_LOGS === "1"
-      : raw.redactLogs ?? DEFAULTS.redactLogs;
-  const apiToken =
-    process.env.LIMITS_ENFORCER_API_TOKEN ?? raw.apiToken ?? undefined;
-
-  return {
-    baseUrl,
-    timeoutMs: Number.isNaN(timeoutMs) ? DEFAULTS.timeoutMs : timeoutMs,
-    failMode: failMode === "block" ? "block" : "allow",
-    tokenSource: typeof tokenSource === "string" ? tokenSource : DEFAULTS.tokenSource,
-    redactLogs: Boolean(redactLogs),
-    ...(typeof apiToken === "string" && apiToken.length > 0 && { apiToken }),
-  };
-}

package/src/configure-wizard.ts

@@ -1,149 +0,0 @@
-import { createInterface } from "node:readline";
-import { spawn } from "node:child_process";
-import { dirname, join } from "node:path";
-import { fileURLToPath } from "node:url";
-import fs from "node:fs";
-import os from "node:os";
-
-const CONFIG_PREFIX = 'plugins.entries["@limits/openclaw"].config';
-
-const SKILL_NAME = "limits-policy-generator";
-
-function getPluginRoot(): string {
-  const currentDir = dirname(fileURLToPath(import.meta.url));
-  return join(currentDir, "..");
-}
-
-function getWorkspaceSkillsDest(): string {
-  const workspaceRoot =
-    process.env.OPENCLAW_WORKSPACE || join(os.homedir(), ".openclaw", "workspace");
-  return join(workspaceRoot, "skills", SKILL_NAME);
-}
-
-function copySkillToWorkspace(): void {
-  const pluginRoot = getPluginRoot();
-  const source = join(pluginRoot, "skills", SKILL_NAME);
-  const dest = getWorkspaceSkillsDest();
-
-  if (!fs.existsSync(source)) {
-    console.log("\nSkill source not found, skipping.");
-    return;
-  }
-  try {
-    fs.mkdirSync(dest, { recursive: true });
-    fs.cpSync(source, dest, { recursive: true });
-    console.log(`\nCopied ${SKILL_NAME} to ${dest}.`);
-  } catch (err) {
-    console.error("\nFailed to copy skill:", err instanceof Error ? err.message : String(err));
-  }
-}
-
-export function ask(
-  rl: ReturnType<typeof createInterface>,
-  question: string,
-  defaultValue = ""
-): Promise<string> {
-  const prompt = defaultValue ? `${question} [${defaultValue}]: ` : `${question}: `;
-  return new Promise((resolve) => {
-    rl.question(prompt, (answer) => {
-      resolve(
-        typeof answer === "string" && answer.trim() !== "" ? answer.trim() : defaultValue
-      );
-    });
-  });
-}
-
-function runConfigSet(key: string, value: string): Promise<void> {
-  return new Promise((resolve, reject) => {
-    const fullKey = `${CONFIG_PREFIX}.${key}`;
-    const child = spawn("openclaw", ["config", "set", fullKey, value], {
-      stdio: "inherit",
-      shell: true,
-    });
-    child.on("close", (code) =>
-      code === 0 ? resolve() : reject(new Error(`openclaw config set exited ${code}`))
-    );
-    child.on("error", reject);
-  });
-}
-
-function runConfigGet(fullKey: string): Promise<string> {
-  return new Promise((resolve) => {
-    const child = spawn("openclaw", ["config", "get", fullKey], {
-      stdio: ["inherit", "pipe", "inherit"],
-      shell: true,
-    });
-    let out = "";
-    child.stdout?.on("data", (d) => (out += d.toString()));
-    child.on("close", () => resolve(out.trim()));
-    child.on("error", () => resolve(""));
-  });
-}
-
-function runConfigSetFull(fullKey: string, value: string): Promise<void> {
-  return new Promise((resolve, reject) => {
-    const child = spawn("openclaw", ["config", "set", fullKey, value], {
-      stdio: "inherit",
-      shell: true,
-    });
-    child.on("close", (code) =>
-      code === 0 ? resolve() : reject(new Error(`openclaw config set exited ${code}`))
-    );
-    child.on("error", reject);
-  });
-}
-
-/**
- * Run the configure wizard (interactive prompts, then openclaw config set).
- * Call this when the user runs `openclaw limits configure` or after link.
- */
-export async function runConfigureWizard(): Promise<void> {
-  const rl = createInterface({ input: process.stdin, output: process.stdout });
-
-  console.log("\n🦞 Limits OpenClaw — configure plugin (API token)");
-  console.log("   Base URL is fixed. apiToken is used for /openclaw/enforce and policy-generator tools. Run after: openclaw plugins install -l <path>\n");
-
-  const apiToken = await ask(
-    rl,
-    "Organization API key (apiToken) — required for enforce and policy-generator tools",
-    process.env.LIMITS_ENFORCER_API_TOKEN ?? ""
-  );
-
-  const sandboxAnswer = await ask(rl, "Do you run agents inside a sandbox?", "N");
-  const addSkillAnswer = await ask(
-    rl,
-    "Add limits-policy-generator skill to OpenClaw workspace?",
-    "Y"
-  );
-  rl.close();
-
-  if (apiToken) await runConfigSet("apiToken", JSON.stringify(apiToken));
-
-  const sandboxYes = /^y(es)?$/i.test(sandboxAnswer.trim());
-  if (sandboxYes) {
-    const SANDBOX_ALLOW_KEY = "tools.sandbox.tools.allow";
-    const raw = await runConfigGet(SANDBOX_ALLOW_KEY);
-    let allow: string[] = [];
-    if (raw) {
-      try {
-        const parsed = JSON.parse(raw);
-        allow = Array.isArray(parsed) ? parsed : [];
-      } catch {
-        allow = [];
-      }
-    }
-    if (allow.includes("@limits/openclaw")) {
-      console.log("\n@limits/openclaw is already in tools.sandbox.tools.allow, skipping.");
-    } else {
-      allow.push("@limits/openclaw");
-      await runConfigSetFull(SANDBOX_ALLOW_KEY, JSON.stringify(allow));
-      console.log("\nAdded @limits/openclaw to tools.sandbox.tools.allow.");
-    }
-  }
-
-  const addSkillYes = /^y(es)?$/i.test(addSkillAnswer.trim());
-  if (addSkillYes) copySkillToWorkspace();
-
-  console.log("\nDone. Restart the gateway if it is running.");
-  console.log('Verify: openclaw config get plugins.entries["@limits/openclaw"]\n');
-}

package/src/enforcer.ts

@@ -1,98 +0,0 @@
-/**
- * SaaS HTTP client: POST /openclaw/enforce with timeout and retries.
- * Never logs request body or apiToken.
- */
-
-import type { EnforcerConfig } from "./config.js";
-
-export interface EnforceContext {
-  requestId?: string;
-  runId?: string;
-  sessionKey?: string;
-  agentId?: string;
-  channel?: string;
-  userMessageSummary?: string;
-  [key: string]: unknown;
-}
-
-export interface EnforceBody {
-  phase: "pre" | "post";
-  apiToken?: string;
-  tool?: {
-    name?: string;
-    args?: unknown;
-    toolCallId?: string;
-    result?: unknown;
-  };
-  context?: EnforceContext;
-  [key: string]: unknown;
-}
-
-export type EnforceResponse =
-  | { action: "ALLOW" }
-  | { action: "BLOCK"; reason?: string }
-  | { action: "REWRITE"; rewriteArgs?: unknown; rewrittenResult?: unknown; redactedResult?: unknown }
-  | { action: "REDACT"; redactedResult?: unknown };
-
-const RETRY_DELAYS_MS = [200, 400];
-
-function isRetryableStatus(status: number): boolean {
-  return status === 429 || (status >= 500 && status < 600);
-}
-
-export async function callEnforce(
-  config: EnforcerConfig,
-  body: EnforceBody
-): Promise<EnforceResponse | null> {
-  const url = `${config.baseUrl.replace(/\/$/, "")}/openclaw/enforce`;
-  let lastError: Error | null = null;
-
-  for (let attempt = 0; attempt <= RETRY_DELAYS_MS.length; attempt++) {
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), config.timeoutMs);
-
-    try {
-      const res = await fetch(url, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify(body),
-        signal: controller.signal,
-      });
-      clearTimeout(timeoutId);
-
-      if (!res.ok) {
-        if (isRetryableStatus(res.status) && attempt < RETRY_DELAYS_MS.length) {
-          await new Promise((r) =>
-            setTimeout(r, RETRY_DELAYS_MS[attempt] ?? 0)
-          );
-          continue;
-        }
-        return null;
-      }
-
-      const data = (await res.json()) as EnforceResponse;
-      if (
-        data &&
-        typeof data === "object" &&
-        "action" in data &&
-        typeof (data as EnforceResponse).action === "string"
-      ) {
-        return data as EnforceResponse;
-      }
-      return null;
-    } catch (err) {
-      clearTimeout(timeoutId);
-      lastError = err instanceof Error ? err : new Error(String(err));
-      const isAbort = (err as { name?: string }).name === "AbortError";
-      if (!isAbort && attempt < RETRY_DELAYS_MS.length) {
-        await new Promise((r) =>
-          setTimeout(r, RETRY_DELAYS_MS[attempt] ?? 0)
-        );
-        continue;
-      }
-      return null;
-    }
-  }
-
-  return null;
-}