@opentrust/guards 7.3.15 → 7.3.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/agent/command-executor.ts +54 -21
- package/openclaw.plugin.json +1 -1
- package/package.json +1 -1
- package/platform-client/types.ts +1 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { execSync } from "node:child_process";
|
|
1
|
+
import { execSync, type ExecSyncOptions } from "node:child_process";
|
|
2
2
|
import fs from "node:fs";
|
|
3
3
|
import os from "node:os";
|
|
4
4
|
import path from "node:path";
|
|
@@ -11,6 +11,18 @@ export interface CommandResult {
|
|
|
11
11
|
error?: string;
|
|
12
12
|
}
|
|
13
13
|
|
|
14
|
+
const OPENCLAW_HOME = process.env.OPENCLAW_HOME || path.join(os.homedir(), ".openclaw");
|
|
15
|
+
|
|
16
|
+
function execOpts(timeoutMs = 120_000): ExecSyncOptions {
|
|
17
|
+
return {
|
|
18
|
+
encoding: "utf-8" as const,
|
|
19
|
+
timeout: timeoutMs,
|
|
20
|
+
stdio: ["pipe", "pipe", "pipe"] as const,
|
|
21
|
+
cwd: os.homedir(),
|
|
22
|
+
env: { ...process.env, HOME: os.homedir(), OPENCLAW_HOME },
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
|
|
14
26
|
export function executeCommand(cmd: RemoteCommand, log: Logger): CommandResult {
|
|
15
27
|
switch (cmd.type) {
|
|
16
28
|
case "install_skill":
|
|
@@ -19,6 +31,10 @@ export function executeCommand(cmd: RemoteCommand, log: Logger): CommandResult {
|
|
|
19
31
|
return executeCustomSkillInstall(cmd.payload, log);
|
|
20
32
|
case "uninstall_skill":
|
|
21
33
|
return executeSkillUninstall(cmd.payload, log);
|
|
34
|
+
case "install_plugin":
|
|
35
|
+
return executePluginInstall(cmd.payload, log);
|
|
36
|
+
case "uninstall_plugin":
|
|
37
|
+
return executePluginUninstall(cmd.payload, log);
|
|
22
38
|
case "update_config":
|
|
23
39
|
return executeUpdateConfig(cmd.payload, log);
|
|
24
40
|
default:
|
|
@@ -32,11 +48,7 @@ function executeSkillInstall(payload: Record<string, unknown> | null, log: Logge
|
|
|
32
48
|
|
|
33
49
|
try {
|
|
34
50
|
log.info(`Command: installing skill "${skillName}"...`);
|
|
35
|
-
const output = execSync(`clawhub install ${skillName}`,
|
|
36
|
-
encoding: "utf-8",
|
|
37
|
-
timeout: 120_000,
|
|
38
|
-
stdio: ["pipe", "pipe", "pipe"],
|
|
39
|
-
});
|
|
51
|
+
const output = execSync(`clawhub install ${skillName} --force`, execOpts()) as string;
|
|
40
52
|
log.info(`Command: skill "${skillName}" installed`);
|
|
41
53
|
return { success: true, output: output.trim() };
|
|
42
54
|
} catch (err: any) {
|
|
@@ -54,10 +66,7 @@ function executeCustomSkillInstall(payload: Record<string, unknown> | null, log:
|
|
|
54
66
|
}
|
|
55
67
|
|
|
56
68
|
try {
|
|
57
|
-
const skillsDir = path.join(
|
|
58
|
-
process.env.OPENCLAW_HOME || path.join(os.homedir(), ".openclaw"),
|
|
59
|
-
"skills",
|
|
60
|
-
);
|
|
69
|
+
const skillsDir = path.join(OPENCLAW_HOME, "workspace", "skills");
|
|
61
70
|
const skillDir = path.join(skillsDir, skillName);
|
|
62
71
|
|
|
63
72
|
fs.mkdirSync(skillDir, { recursive: true });
|
|
@@ -68,11 +77,7 @@ function executeCustomSkillInstall(payload: Record<string, unknown> | null, log:
|
|
|
68
77
|
log.info(`Command: custom skill "${skillName}" written to ${skillDir}/${fileName}`);
|
|
69
78
|
|
|
70
79
|
try {
|
|
71
|
-
const output = execSync(`clawhub install ${skillDir}`,
|
|
72
|
-
encoding: "utf-8",
|
|
73
|
-
timeout: 120_000,
|
|
74
|
-
stdio: ["pipe", "pipe", "pipe"],
|
|
75
|
-
});
|
|
80
|
+
const output = execSync(`clawhub install ${skillDir} --force`, execOpts()) as string;
|
|
76
81
|
return { success: true, output: output.trim() };
|
|
77
82
|
} catch {
|
|
78
83
|
return { success: true, output: `Custom skill "${skillName}" saved to ${skillDir}/${fileName}` };
|
|
@@ -90,11 +95,7 @@ function executeSkillUninstall(payload: Record<string, unknown> | null, log: Log
|
|
|
90
95
|
|
|
91
96
|
try {
|
|
92
97
|
log.info(`Command: uninstalling skill "${skillName}"...`);
|
|
93
|
-
const output = execSync(`clawhub uninstall ${skillName}`,
|
|
94
|
-
encoding: "utf-8",
|
|
95
|
-
timeout: 60_000,
|
|
96
|
-
stdio: ["pipe", "pipe", "pipe"],
|
|
97
|
-
});
|
|
98
|
+
const output = execSync(`clawhub uninstall ${skillName} --yes`, execOpts(60_000)) as string;
|
|
98
99
|
log.info(`Command: skill "${skillName}" uninstalled`);
|
|
99
100
|
return { success: true, output: output.trim() };
|
|
100
101
|
} catch (err: any) {
|
|
@@ -104,13 +105,45 @@ function executeSkillUninstall(payload: Record<string, unknown> | null, log: Log
|
|
|
104
105
|
}
|
|
105
106
|
}
|
|
106
107
|
|
|
108
|
+
function executePluginInstall(payload: Record<string, unknown> | null, log: Logger): CommandResult {
|
|
109
|
+
const spec = payload?.spec as string;
|
|
110
|
+
if (!spec) return { success: false, error: "Missing spec in payload (npm package name or path)" };
|
|
111
|
+
|
|
112
|
+
try {
|
|
113
|
+
log.info(`Command: installing plugin "${spec}"...`);
|
|
114
|
+
const output = execSync(`openclaw plugins install ${spec}`, execOpts(180_000)) as string;
|
|
115
|
+
log.info(`Command: plugin "${spec}" installed`);
|
|
116
|
+
return { success: true, output: output.trim().slice(-500) };
|
|
117
|
+
} catch (err: any) {
|
|
118
|
+
const msg = err.stderr?.toString() || err.message || String(err);
|
|
119
|
+
log.warn(`Command: plugin install failed — ${msg}`);
|
|
120
|
+
return { success: false, error: msg.slice(0, 500) };
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
function executePluginUninstall(payload: Record<string, unknown> | null, log: Logger): CommandResult {
|
|
125
|
+
const pluginId = payload?.pluginId as string;
|
|
126
|
+
if (!pluginId) return { success: false, error: "Missing pluginId in payload" };
|
|
127
|
+
|
|
128
|
+
try {
|
|
129
|
+
log.info(`Command: uninstalling plugin "${pluginId}"...`);
|
|
130
|
+
const output = execSync(`openclaw plugins uninstall ${pluginId} --force`, execOpts(60_000)) as string;
|
|
131
|
+
log.info(`Command: plugin "${pluginId}" uninstalled`);
|
|
132
|
+
return { success: true, output: output.trim().slice(-500) };
|
|
133
|
+
} catch (err: any) {
|
|
134
|
+
const msg = err.stderr?.toString() || err.message || String(err);
|
|
135
|
+
log.warn(`Command: plugin uninstall failed — ${msg}`);
|
|
136
|
+
return { success: false, error: msg.slice(0, 500) };
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
|
|
107
140
|
function executeUpdateConfig(payload: Record<string, unknown> | null, log: Logger): CommandResult {
|
|
108
141
|
if (!payload || Object.keys(payload).length === 0) {
|
|
109
142
|
return { success: false, error: "Empty config payload" };
|
|
110
143
|
}
|
|
111
144
|
|
|
112
145
|
try {
|
|
113
|
-
const configDir =
|
|
146
|
+
const configDir = OPENCLAW_HOME;
|
|
114
147
|
const configFile = path.join(configDir, "openclaw.json");
|
|
115
148
|
|
|
116
149
|
if (!fs.existsSync(configFile)) {
|
package/openclaw.plugin.json
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"id": "opentrust-guard",
|
|
3
3
|
"name": "OpenTrust Guard",
|
|
4
4
|
"description": "AI security guard for OpenClaw agents: prompt injection detection, credential scanning, and behavioral monitoring.",
|
|
5
|
-
"version": "7.3.
|
|
5
|
+
"version": "7.3.17",
|
|
6
6
|
"configSchema": {
|
|
7
7
|
"type": "object",
|
|
8
8
|
"additionalProperties": false,
|
package/package.json
CHANGED
package/platform-client/types.ts
CHANGED
|
@@ -111,7 +111,7 @@ export type ToolCallObservationRequest = {
|
|
|
111
111
|
export type RemoteCommand = {
|
|
112
112
|
id: string;
|
|
113
113
|
agentId: string;
|
|
114
|
-
type: "install_skill" | "install_custom_skill" | "uninstall_skill" | "update_config";
|
|
114
|
+
type: "install_skill" | "install_custom_skill" | "uninstall_skill" | "install_plugin" | "uninstall_plugin" | "update_config";
|
|
115
115
|
payload: Record<string, unknown> | null;
|
|
116
116
|
status: string;
|
|
117
117
|
createdAt: string;
|