@riddledc/openclaw-riddledc 0.3.2 → 0.3.4

package/CHECKSUMS.txt

@@ -0,0 +1,4 @@
+3185b3314096550b3b62561d979cedbf819a24a4fea6d001ace2a95c9c6e7f18  dist/index.cjs
+94ce04f0e2d84bf64dd68f0500dfdd2f951287a3deccec87f197261961927f6f  dist/index.d.cts
+94ce04f0e2d84bf64dd68f0500dfdd2f951287a3deccec87f197261961927f6f  dist/index.d.ts
+599dba9020d9825d7809b8f0ae6bceb6ccdfefc9a9be247299d13f1b73d84398  dist/index.js

package/README.md

@@ -1,34 +1,78 @@
 # @riddledc/openclaw-riddledc
 
-OpenClaw integration package for RiddleDC. No secrets. No assumption about MCP.
+OpenClaw plugin for [Riddle](https://riddledc.com) - hosted browser automation API. Take screenshots, run Playwright scripts, and automate web interactions from your OpenClaw agent.
 
 ## Install
 
-```
+```bash
+# 1. Install the plugin
 openclaw plugins install @riddledc/openclaw-riddledc
-openclaw plugins enable openclaw-riddledc
+
+# 2. Add to allowlist and enable
+openclaw config set plugins.allow --json '["discord","telegram","memory-core","openclaw-riddledc"]'
+openclaw config set tools.alsoAllow --json '["openclaw-riddledc"]'
+
+# 3. Set your API key
+openclaw config set plugins.entries.openclaw-riddledc.config.apiKey "YOUR_RIDDLE_API_KEY"
+
+# 4. Restart gateway
+openclaw gateway restart
+# Or if using systemd: systemctl restart openclaw-gateway
 ```
 
-## OpenClaw plugin metadata
+Get your API key at [riddledc.com](https://riddledc.com).
 
-This package ships `openclaw.plugin.json` for OpenClaw registration.
+## Tools
 
-The plugin id is `openclaw-riddledc`.
+| Tool | Description |
+|------|-------------|
+| `riddle_screenshot` | Take a screenshot of a single URL |
+| `riddle_screenshots` | Take screenshots of multiple URLs in one job |
+| `riddle_steps` | Run a workflow using steps (goto/click/fill/etc.) |
+| `riddle_script` | Run full Playwright code |
+| `riddle_run` | Low-level pass-through to the Riddle API |
 
-## Configuration
+All tools return screenshots + console logs by default. Pass `include: ["har"]` to also capture network traffic.
 
-The plugin accepts:
-- `apiKey` (or `RIDDLE_API_KEY` env var)
-- `baseUrl` (defaults to `https://api.riddledc.com`)
+## How It Works
 
-## Tools
+Screenshots are automatically saved to `~/.openclaw/workspace/riddle/screenshots/` and the tool returns a file reference instead of inline base64. This keeps agent context small and prevents token overflow.
 
-- `riddle_run`
-- `riddle_screenshot`
-- `riddle_screenshots`
-- `riddle_steps`
-- `riddle_script`
+Example response:
+```json
+{
+  "ok": true,
+  "job_id": "job_abc123",
+  "screenshot": { "saved": "riddle/screenshots/job_abc123.png", "sizeBytes": 45000 },
+  "console": []
+}
+```
+
+## Configuration
+
+| Option | Description |
+|--------|-------------|
+| `apiKey` | Your Riddle API key (or set `RIDDLE_API_KEY` env var) |
+| `baseUrl` | API endpoint (defaults to `https://api.riddledc.com`) |
 
 ## Security
 
-Do not hardcode keys. Provide credentials via env vars or your secret manager.
+- Never hardcode API keys in config files
+- Use environment variables or a secret manager
+- The plugin only communicates with `api.riddledc.com` over HTTPS
+- Hardcoded domain allowlist prevents credential exfiltration
+- See [SECURITY.md](./SECURITY.md) for full threat model and data flow
+
+## Reproducible Builds
+
+To verify a build matches the published package:
+
+1. Clone the repo at the tagged version
+2. Run: `pnpm install && pnpm build`
+3. Compare checksums: `shasum -a 256 dist/*`
+
+Expected checksums are in `CHECKSUMS.txt`.
+
+## License
+
+MIT

package/SECURITY.md

@@ -0,0 +1,76 @@
+# Security Model
+
+## Data Flow
+
+```
+┌─────────────────┐     HTTPS only      ┌──────────────────┐
+│  OpenClaw Agent │ ──────────────────► │ api.riddledc.com │
+│                 │   POST /v1/run      │                  │
+│  - RIDDLE_API_KEY                     │  - Runs browser  │
+│  - User prompts │ ◄────────────────── │  - Returns data  │
+└─────────────────┘   JSON response     └──────────────────┘
+        │
+        ▼
+┌─────────────────┐
+│ Local Workspace │
+│ ~/.openclaw/    │
+│ workspace/riddle│  Screenshots saved
+│ /screenshots/   │  as files (not inline)
+└─────────────────┘
+```
+
+## What This Plugin CAN Do
+
+- Send requests to api.riddledc.com (hardcoded, cannot be changed)
+- Read your RIDDLE_API_KEY from config or environment
+- Write screenshot/HAR files to your workspace directory
+- Execute Playwright scripts on Riddle's remote browser
+
+## What This Plugin CANNOT Do
+
+- Send your API key to any other domain (blocked by `assertAllowedBaseUrl`)
+- Access your filesystem outside the workspace directory
+- Make network requests to arbitrary URLs from your machine
+- Run code locally (all execution happens on Riddle's servers)
+
+## Security Controls
+
+### 1. Hardcoded Domain Allowlist
+
+```typescript
+function assertAllowedBaseUrl(baseUrl: string) {
+  const url = new URL(baseUrl);
+  if (url.protocol !== "https:")
+    throw new Error(`Riddle baseUrl must be https`);
+  if (url.hostname !== "api.riddledc.com")
+    throw new Error(`Refusing to use non-official Riddle host`);
+}
+```
+
+This runs on EVERY request. Even if config is manipulated, keys never leave riddledc.com.
+
+### 2. No Inline Base64
+
+Screenshots are saved to disk, not returned inline. This prevents:
+
+- Context overflow attacks
+- Memory exhaustion
+- Accidental key leakage in logs
+
+### 3. Minimal Permissions
+
+Only requires one secret: `RIDDLE_API_KEY`. No OAuth, no cookies, no session state.
+
+## Threat Model
+
+| Threat | Mitigation |
+|--------|------------|
+| API key exfiltration to attacker server | Hardcoded domain check blocks all non-riddledc.com requests |
+| Malicious config injection | Domain check runs at request time, not config time |
+| Supply chain attack (npm) | Use npm provenance to verify package origin |
+| Build tampering | Checksums + reproducible builds |
+| Local file access | Plugin only writes to designated workspace subdirectory |
+
+## Reporting Security Issues
+
+Email: security@riddledc.com

package/dist/index.cjs

@@ -93,15 +93,32 @@ async function applySafetySpec(result, opts) {
   if (result.screenshot != null) {
     let base64Data = null;
     if (typeof result.screenshot === "string") {
-      base64Data = result.screenshot;
+      base64Data = result.screenshot.replace(/^data:image\/\w+;base64,/, "");
     } else if (typeof result.screenshot === "object" && result.screenshot.data) {
-      base64Data = result.screenshot.data;
+      base64Data = result.screenshot.data.replace(/^data:image\/\w+;base64,/, "");
     }
     if (base64Data) {
       const ref = await writeArtifactBinary(opts.workspace, "screenshots", `${jobId}.png`, base64Data);
       result.screenshot = { saved: ref.path, sizeBytes: ref.sizeBytes };
     }
   }
+  if (Array.isArray(result.screenshots)) {
+    const savedRefs = [];
+    for (let i = 0; i < result.screenshots.length; i++) {
+      const ss = result.screenshots[i];
+      let base64Data = null;
+      if (typeof ss === "string") {
+        base64Data = ss;
+      } else if (typeof ss === "object" && ss.data) {
+        base64Data = ss.data.replace(/^data:image\/\w+;base64,/, "");
+      }
+      if (base64Data) {
+        const ref = await writeArtifactBinary(opts.workspace, "screenshots", `${jobId}-${i}.png`, base64Data);
+        savedRefs.push({ saved: ref.path, sizeBytes: ref.sizeBytes });
+      }
+    }
+    result.screenshots = savedRefs;
+  }
   if (result.rawPngBase64 != null) {
     const ref = await writeArtifactBinary(opts.workspace, "screenshots", `${jobId}.png`, result.rawPngBase64);
     result.screenshot = { saved: ref.path, sizeBytes: ref.sizeBytes };

package/dist/index.js

@@ -69,15 +69,32 @@ async function applySafetySpec(result, opts) {
   if (result.screenshot != null) {
     let base64Data = null;
     if (typeof result.screenshot === "string") {
-      base64Data = result.screenshot;
+      base64Data = result.screenshot.replace(/^data:image\/\w+;base64,/, "");
     } else if (typeof result.screenshot === "object" && result.screenshot.data) {
-      base64Data = result.screenshot.data;
+      base64Data = result.screenshot.data.replace(/^data:image\/\w+;base64,/, "");
     }
     if (base64Data) {
       const ref = await writeArtifactBinary(opts.workspace, "screenshots", `${jobId}.png`, base64Data);
       result.screenshot = { saved: ref.path, sizeBytes: ref.sizeBytes };
     }
   }
+  if (Array.isArray(result.screenshots)) {
+    const savedRefs = [];
+    for (let i = 0; i < result.screenshots.length; i++) {
+      const ss = result.screenshots[i];
+      let base64Data = null;
+      if (typeof ss === "string") {
+        base64Data = ss;
+      } else if (typeof ss === "object" && ss.data) {
+        base64Data = ss.data.replace(/^data:image\/\w+;base64,/, "");
+      }
+      if (base64Data) {
+        const ref = await writeArtifactBinary(opts.workspace, "screenshots", `${jobId}-${i}.png`, base64Data);
+        savedRefs.push({ saved: ref.path, sizeBytes: ref.sizeBytes });
+      }
+    }
+    result.screenshots = savedRefs;
+  }
   if (result.rawPngBase64 != null) {
     const ref = await writeArtifactBinary(opts.workspace, "screenshots", `${jobId}.png`, result.rawPngBase64);
     result.screenshot = { saved: ref.path, sizeBytes: ref.sizeBytes };

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "openclaw-riddledc",
   "name": "Riddle",
   "description": "Riddle (riddledc.com) hosted browser API tools for OpenClaw agents.",
-  "version": "0.3.2",
+  "version": "0.3.4",
   "notes": "0.3.1: Screenshots now saved to workspace files instead of inline base64 to prevent context bloat.",
   "configSchema": {
     "type": "object",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@riddledc/openclaw-riddledc",
-  "version": "0.3.2",
+  "version": "0.3.4",
   "description": "OpenClaw integration package for RiddleDC (no secrets).",
   "license": "MIT",
   "author": "RiddleDC",
@@ -22,7 +22,9 @@
   },
   "files": [
     "dist",
-    "openclaw.plugin.json"
+    "openclaw.plugin.json",
+    "CHECKSUMS.txt",
+    "SECURITY.md"
   ],
   "sideEffects": false,
   "engines": {
@@ -42,10 +44,11 @@
     "typescript": "^5.4.5"
   },
   "scripts": {
-    "build": "tsup src/index.ts --format cjs,esm --dts --out-dir dist",
+    "build": "npm run sync:openclaw-plugin-version && tsup src/index.ts --format cjs,esm --dts --out-dir dist",
     "clean": "rm -rf dist",
     "lint": "echo 'lint: (not configured)'",
     "test": "echo 'test: (not configured)'",
-    "sync:openclaw-plugin-version": "node scripts/sync-openclaw-plugin-version.mjs"
+    "sync:openclaw-plugin-version": "node scripts/sync-openclaw-plugin-version.mjs",
+    "checksums": "node scripts/generate-checksums.mjs"
   }
 }