@signet-labs/signet-guardian 0.1.0

package/README.md

@@ -0,0 +1,146 @@
+# Signet Guardian
+
+Payment guard middleware for AI agents. Enforces a single policy layer (payments on/off, per-transaction limit, monthly cap) so any payment-capable skill can route through it before and after spending.
+
+- **Preflight** — Check if a payment is allowed (ALLOW / DENY / CONFIRM_REQUIRED).
+- **Record** — Append a completed payment to the ledger (enforces monthly cap under lock).
+- **Report** — View spending for today or month.
+- **Policy** — Show or edit limits and rules.
+
+Full behaviour and agent contract: see [SKILL.md](./SKILL.md).
+
+## Requirements
+
+- Node.js 18+
+- `tsx` (used via `npx`, or install locally)
+
+## Install
+
+```bash
+pnpm install
+# or: npm install
+```
+
+## Configuration
+
+**Source of truth:** The CLI reads policy from **OpenClaw config** first (`signet.policy` in e.g. `~/.openclaw/openclaw.json`), then falls back to `references/policy.json`. So you can edit policy in the **Control UI (Dashboard)** if the extension is installed; see [openclaw-extension/README.md](./openclaw-extension/README.md).
+
+Policy shape (file or config `signet.policy`). Example:
+
+```json
+{
+  "paymentsEnabled": true,
+  "maxPerTransaction": 20,
+  "maxPerMonth": 500,
+  "currency": "GBP",
+  "requireConfirmationAbove": 5,
+  "blockedMerchants": [],
+  "allowedMerchants": []
+}
+```
+
+Create or edit with:
+
+```bash
+npx tsx scripts/signet-cli.ts signet-policy --edit
+```
+
+Interactive wizard (no JSON editing):
+
+```bash
+npx tsx scripts/signet-cli.ts signet-policy --wizard
+```
+
+Migrate existing file-based policy into OpenClaw config (one-time):
+
+```bash
+npx tsx scripts/signet-cli.ts signet-policy --migrate-file-to-config
+```
+
+## Seeing Signet in the OpenClaw dashboard
+
+### Install from GitHub (manual)
+
+If you cloned this repo, the dashboard will show Signet only after the plugin is in OpenClaw’s extensions path.
+
+1. **Open the dashboard**
+
+   ```bash
+   openclaw dashboard
+   ```
+
+   (or visit <http://127.0.0.1:18789/>)
+
+2. **Install the plugin into the OpenClaw extensions path** (not only inside the skills repo):
+
+   ```bash
+   mkdir -p ~/.openclaw/workspace/.openclaw/extensions
+   cp -r ~/.openclaw/workspace/skills/signet-guardian/openclaw-extension/signet-guardian \
+     ~/.openclaw/workspace/.openclaw/extensions/
+   ```
+
+   Adjust the source path if your clone lives elsewhere (e.g. `$PWD/openclaw-extension/signet-guardian`).
+
+3. **Restart the gateway**
+
+   ```bash
+   openclaw gateway restart
+   ```
+
+4. **In the dashboard** go to **Settings → Config** and look under:
+   - `plugins.entries.signet-guardian.config.policy`  
+   That’s where the Signet policy UI should appear.
+
+   If it doesn’t, run:
+
+   ```bash
+   openclaw plugins list | grep -i signet
+   ```
+
+   and use the output to verify the plugin is loaded.
+
+### Install via plugin (recommended when published)
+
+When Signet is published as an OpenClaw plugin (e.g. on npm), install it with the plugin installer so the dashboard picks it up with no manual copy:
+
+```bash
+openclaw plugins install @signet-labs/signet-guardian
+openclaw gateway restart
+openclaw dashboard
+```
+
+Then you’ll see `plugins.entries.signet-guardian.config.policy` in the config UI automatically. The plugin is installed under `~/.openclaw/extensions/<id>/` and enabled for you.
+
+*(Until the package is published, use the “Install from GitHub (manual)” steps above.)*
+
+## Usage
+
+Use the project’s `references/` by setting the skill dir:
+
+```bash
+export OPENCLAW_SKILL_DIR="$PWD"   # or OPENCLAW_BASE_DIR="$PWD"
+```
+
+| Command | Purpose |
+|--------|--------|
+| `npx tsx scripts/signet-cli.ts signet-policy --show` | Print current policy (config, then file) |
+| `npx tsx scripts/signet-cli.ts signet-policy --edit` | Edit policy file in `$EDITOR` |
+| `npx tsx scripts/signet-cli.ts signet-policy --wizard` | Interactive policy setup |
+| `npx tsx scripts/signet-cli.ts signet-policy --migrate-file-to-config` | Copy file policy into OpenClaw config |
+| `npx tsx scripts/signet-cli.ts signet-preflight --amount 10 --currency GBP --payee "shop.com" --purpose "Order"` | Check if payment is allowed |
+| `npx tsx scripts/signet-cli.ts signet-record --amount 10 --currency GBP --payee "shop.com" --purpose "Order" --idempotency-key "order-123"` | Record a completed payment |
+| `npx tsx scripts/signet-cli.ts signet-report --period month` | Show spending for the month |
+
+Preflight returns JSON: `{"result":"ALLOW","reason":"..."}` or `"DENY"` / `"CONFIRM_REQUIRED"`. Exit code is 0 for ALLOW/CONFIRM_REQUIRED and 1 for DENY.
+
+## Testing
+
+Run the script that uses the repo’s `references/` and exercises preflight, record, and report:
+
+```bash
+./test-guardian.sh
+```
+
+## License
+
+See repository.

package/SKILL.md

@@ -0,0 +1,133 @@
+---
+name: signet-guardian
+description: "Payment guard middleware for AI agents. Use whenever any skill is about to initiate a payment. Runs a preflight check against the user's policy (payments enabled, per-transaction limit, monthly cap). Returns ALLOW, DENY, or CONFIRM_REQUIRED. Other payment-capable skills must call signet-preflight before proceeding and signet-record after a successful payment."
+metadata: {"openclaw":{"emoji":"🛡️","homepage":"https://getsignet.xyz"}}
+---
+
+# Signet Guardian — Payment Guard Middleware
+
+## Overview
+
+Signet Guardian is a **policy firewall** for money actions. It does not intercept payments at runtime by itself; **payment-capable skills must route through it by contract**:
+
+1. Before any payment: call **signet-preflight** (amount, currency, payee, purpose).
+2. If result is **ALLOW** or **CONFIRM_REQUIRED** (and user has confirmed): the skill may proceed.
+3. If result is **DENY**: do **not** proceed; tell the user the reason.
+4. After a successful payment: call **signet-record** to append to the ledger.
+
+This gives one place to enforce: master switch (payments on/off), max per transaction (e.g. £20), max per month (e.g. £500), and optional confirmation above a threshold (e.g. £5).
+
+**Concurrency:** Preflight is advisory (no lock). **Record enforces the monthly cap under a file lock** (`{baseDir}/references/.ledger.lock`): it re-checks the cap before appending and refuses to record if the month would be exceeded. So the monthly limit is enforced at record time; idempotency and cap are both safe under concurrent calls. Preflight can still be used to fail fast; the definitive check is in record.
+
+**Currency:** No FX conversion. The request currency **must match** the policy currency; otherwise preflight returns DENY. Conversion source/rules are not defined.
+
+## Policy (user configuration)
+
+**Source of truth:** OpenClaw config first (`signet.policy` in the main config, e.g. editable in the Control UI if the extension is installed), then fallback to `{baseDir}/references/policy.json`. OpenClaw sets `{baseDir}` via `OPENCLAW_SKILL_DIR` or `OPENCLAW_BASE_DIR`.
+
+| Field | Meaning |
+|-------|--------|
+| `paymentsEnabled` | Master switch. If `false`, all payments are denied. |
+| `maxPerTransaction` | Max amount allowed for a single transaction (e.g. 20). |
+| `maxPerMonth` | Max total spend in the current calendar month (e.g. 500). |
+| `currency` | ISO currency code (e.g. GBP, USD). Request currency must match. |
+| `requireConfirmationAbove` | Above this amount, return CONFIRM_REQUIRED so the user must explicitly confirm (e.g. 5). |
+| `blockedMerchants` | Optional list of substrings; payee matching any is denied. |
+| `allowedMerchants` | Optional; if non-empty, only payees matching one of these are allowed. |
+| `version` | Optional number for future policy migrations. |
+
+**Default behaviour:** If the policy file is missing or invalid, **preflight returns DENY** (default-deny).
+
+## Commands
+
+### `signet-preflight`
+
+Run **before** initiating any payment. Validates: payments enabled, currency match, amount > 0 and ≤ max per transaction, (current month spend + amount) ≤ max per month, and optional merchant rules. Optionally requires explicit confirmation above a threshold. Amount must be greater than zero.
+
+```bash
+signet-preflight --amount 15 --currency GBP --payee "shop.example.com" --purpose "Subscription"
+```
+
+Optional:
+
+- `--idempotency-key "unique-key"` — Used when recording later to avoid duplicate ledger entries.
+- `--caller-skill "skill-name"` — Name of the skill invoking the guard (for audit).
+
+**Output (JSON):**
+
+- `{ "result": "ALLOW", "reason": "Within policy" }` — Proceed with the payment.
+- `{ "result": "CONFIRM_REQUIRED", "reason": "..." }` — Ask the user for explicit confirmation; if they agree, proceed then call signet-record. (Confirmation is the caller’s responsibility.)
+- `{ "result": "DENY", "reason": "..." }` — Do **not** proceed. Notify the user.
+
+Every DENY is logged to the audit trail.
+
+**Exit code:** 0 for ALLOW or CONFIRM_REQUIRED, 1 for DENY.
+
+### `signet-record`
+
+Call **after** a payment has successfully been made. Appends one line to the ledger (append-only). If an idempotency key was used in preflight, pass the same key here to avoid double-counting.
+
+**Record validation scope:** `signet-record` re-checks only **currency** and **monthly cap** (under lock). It does **not** re-check `paymentsEnabled` or merchant allow/block lists. Policy enforcement (switch, merchants, per-tx limit) is done at **preflight** (and in an optional future authorize phase). Record is the post-success log; the cap check at record time prevents double-counting when concurrent preflights both allowed.
+
+```bash
+signet-record --amount 15 --currency GBP --payee "shop.example.com" --purpose "Subscription" --idempotency-key "sub-123"
+```
+
+Optional: `--caller-skill "skill-name"` for audit.
+
+If the same `idempotency-key` was already recorded, the command is a no-op (idempotent).
+
+### `signet-report`
+
+Shows spending and transaction history for the user.
+
+```bash
+signet-report --period today
+signet-report --period month
+```
+
+### `signet-policy`
+
+Show, edit, or configure policy via wizard.
+
+```bash
+signet-policy --show    # Print current policy (config, then file)
+signet-policy --edit    # Open policy.json in $EDITOR
+signet-policy --wizard  # Interactive step-by-step setup (no JSON)
+signet-policy --migrate-file-to-config  # One-time: copy file policy into OpenClaw config
+```
+
+## Audit (ledger and deny log)
+
+Ledger file: `{baseDir}/references/ledger.jsonl`. Format is **strict JSONL**: one JSON object per line, **newline-separated** (no space between entries). Each line contains:
+
+- **ts** — Timestamp UTC (ISO 8601).
+- **callerSkill** — Optional; skill that invoked preflight/record.
+- **idempotencyKey** — Optional; dedupe key for record.
+- **status** — `completed` or `denied`.
+- **reason** — Decision reason (especially for denials).
+- Plus: amount, currency, payee, purpose.
+
+All preflight denials are appended to the same ledger with `status: "denied"` and a reason.
+
+## Critical Rules (for the agent)
+
+1. **Never skip preflight** — Any payment from any skill must go through `signet-preflight` first. No exceptions.
+2. **Respect DENY** — If preflight returns DENY, do not attempt the payment. Tell the user the reason.
+3. **CONFIRM_REQUIRED** — If preflight returns CONFIRM_REQUIRED, ask the user explicitly (“Allow this payment of £X to Y?”). Only proceed if they confirm, then call `signet-record`.
+4. **Always record success** — After a successful payment, call `signet-record` with the same amount, currency, payee, purpose, and idempotency key (if used).
+5. **Idempotency** — For critical flows, use a stable `--idempotency-key` (e.g. order ID or request ID) so retries do not double-count in the monthly total.
+6. **Default-deny** — If the policy file is missing or corrupt, the skill denies by default.
+7. **Record is authoritative for cap only** — The monthly cap is enforced when recording (under lock). If `signet-record` fails with a cap error, the payment already happened; do not retry without user confirmation. For cap-safe flows before payment, a future **authorize** (reservation under lock) then **settle** (convert reservation to completed) pattern can reserve budget before the payment is made.
+
+## First Run
+
+On first use, the user must have a valid `{baseDir}/references/policy.json`. Run `signet-policy --show` to see current policy; if missing, create it (e.g. via `signet-policy --edit`) with at least:
+
+- `paymentsEnabled`: true/false  
+- `maxPerTransaction`: number  
+- `maxPerMonth`: number  
+- `currency`: e.g. "GBP"  
+- `requireConfirmationAbove`: number (e.g. 5)
+
+Ledger lives at `{baseDir}/references/ledger.jsonl`; no extra setup required.

package/openclaw-extension/README.md

@@ -0,0 +1,37 @@
+# Signet Guardian — OpenClaw extension
+
+This folder registers the **Signet Guardian** policy in the OpenClaw config schema so the **Control UI (Dashboard)** can show editable settings instead of raw JSON.
+
+## What it provides
+
+- **Config schema** for `signet.policy` (paymentsEnabled, maxPerTransaction, maxPerMonth, currency, requireConfirmationAbove, blockedMerchants, allowedMerchants).
+- **UI hints** (labels, help text, order, group) so the dashboard renders friendly form fields in Settings.
+
+## Install into OpenClaw workspace
+
+Copy or link this folder into your OpenClaw workspace extensions:
+
+```bash
+# From the signet-guardian repo root
+OPENCLAW_EXT=~/.openclaw/workspace/.openclaw/extensions
+mkdir -p "$OPENCLAW_EXT"
+cp -r openclaw-extension/signet-guardian "$OPENCLAW_EXT/"
+# or: ln -s "$PWD/openclaw-extension/signet-guardian" "$OPENCLAW_EXT/signet-guardian"
+```
+
+Exact path may depend on your OpenClaw version; check Gateway docs for where it loads extensions.
+
+## Runtime behavior
+
+- **CLI** reads policy from OpenClaw config first (`signet.policy`), then falls back to `references/policy.json`.
+- **Dashboard** edits write to the OpenClaw config; the CLI will pick them up on the next run.
+- To migrate an existing file-based policy into config once:  
+  `signet-policy --migrate-file-to-config`
+
+## Verifying
+
+1. After installing the extension, open the Control UI Settings.
+2. Confirm a “Signet Guardian” or “signet.policy” section with toggles and number fields.
+3. Change a value (e.g. max per transaction) and save.
+4. Run: `npx tsx scripts/signet-cli.ts signet-policy --show`  
+   The printed policy should match what you set in the dashboard.

package/openclaw-extension/signet-guardian/index.ts

@@ -0,0 +1,138 @@
+/**
+ * OpenClaw extension: Signet Guardian policy config schema + UI hints.
+ * Register signet.policy in the Gateway config so the Control UI can render
+ * editable fields in Settings.
+ *
+ * Install: copy or link this folder into your OpenClaw workspace:
+ *   .openclaw/extensions/signet-guardian/
+ * (e.g. from this repo: openclaw-extension/signet-guardian/)
+ */
+
+export const version = 1;
+export const generatedAt = new Date().toISOString();
+
+/** Schema fragment for signet.policy. Merge into Gateway config.schema. */
+export const schema = {
+  signet: {
+    type: 'object',
+    description: 'Signet Guardian payment guard',
+    properties: {
+      policy: {
+        type: 'object',
+        description: 'Payment policy (limits, switch, merchants)',
+        properties: {
+          paymentsEnabled: {
+            type: 'boolean',
+            description: 'Master switch for payments',
+            default: false,
+          },
+          maxPerTransaction: {
+            type: 'number',
+            minimum: 0,
+            description: 'Max amount per single transaction',
+            default: 20,
+          },
+          maxPerMonth: {
+            type: 'number',
+            minimum: 0,
+            description: 'Max total spend in the current calendar month',
+            default: 500,
+          },
+          currency: {
+            type: 'string',
+            pattern: '^[A-Z]{3}$',
+            description: 'ISO 4217 currency code (e.g. GBP, USD)',
+            default: 'GBP',
+          },
+          requireConfirmationAbove: {
+            type: 'number',
+            minimum: 0,
+            description: 'Above this amount, require explicit user confirmation',
+            default: 5,
+          },
+          blockedMerchants: {
+            type: 'array',
+            items: { type: 'string' },
+            description: 'Payee substrings to block',
+            default: [],
+          },
+          allowedMerchants: {
+            type: 'array',
+            items: { type: 'string' },
+            description: 'If non-empty, only these payee substrings are allowed',
+            default: [],
+          },
+        },
+        default: {
+          paymentsEnabled: false,
+          maxPerTransaction: 20,
+          maxPerMonth: 500,
+          currency: 'GBP',
+          requireConfirmationAbove: 5,
+          blockedMerchants: [],
+          allowedMerchants: [],
+        },
+      },
+    },
+  },
+} as const;
+
+/** UI hints keyed by config path. Control UI uses these for labels and help. */
+export const uiHints: Record<string, { label?: string; help?: string; group?: string; order?: number; advanced?: boolean; sensitive?: boolean; placeholder?: string }> = {
+  'signet.policy': {
+    label: 'Signet Guardian — Payment policy',
+    help: 'Payment guard: master switch, per-transaction and monthly limits, currency, confirmation threshold, and merchant allow/block lists.',
+    group: 'Skills',
+    order: 100,
+  },
+  'signet.policy.paymentsEnabled': {
+    label: 'Enable payments',
+    help: 'Master switch. If off, all payments are denied.',
+    order: 1,
+  },
+  'signet.policy.maxPerTransaction': {
+    label: 'Max per transaction',
+    help: 'Maximum amount allowed for a single payment (e.g. 20).',
+    placeholder: '20',
+    order: 2,
+  },
+  'signet.policy.maxPerMonth': {
+    label: 'Max per month',
+    help: 'Maximum total spend in the current calendar month (e.g. 500).',
+    placeholder: '500',
+    order: 3,
+  },
+  'signet.policy.currency': {
+    label: 'Currency',
+    help: 'ISO 4217 code, 3 letters uppercase (e.g. GBP, USD).',
+    placeholder: 'GBP',
+    order: 4,
+  },
+  'signet.policy.requireConfirmationAbove': {
+    label: 'Require confirmation above',
+    help: 'Above this amount, the agent must ask for explicit user confirmation before paying.',
+    placeholder: '5',
+    order: 5,
+  },
+  'signet.policy.blockedMerchants': {
+    label: 'Blocked merchants',
+    help: 'Comma-separated or list of payee substrings to block (e.g. gambling, adult).',
+    order: 6,
+  },
+  'signet.policy.allowedMerchants': {
+    label: 'Allowed merchants',
+    help: 'If set, only payees matching one of these substrings are allowed. Leave empty to allow all (subject to blocked list).',
+    order: 7,
+    advanced: true,
+  },
+};
+
+/** Validation: requireConfirmationAbove <= maxPerTransaction (soft warning). */
+export function validateSignetPolicy(p: { requireConfirmationAbove?: number; maxPerTransaction?: number }): string | null {
+  const above = Number(p?.requireConfirmationAbove ?? 5);
+  const max = Number(p?.maxPerTransaction ?? 20);
+  if (above > max) return `Confirmation threshold (${above}) should not exceed max per transaction (${max}).`;
+  return null;
+}
+
+export default { schema, uiHints, version, generatedAt, validateSignetPolicy };

package/openclaw-extension/signet-guardian/openclaw.plugin.json

@@ -0,0 +1,88 @@
+{
+  "id": "signet-guardian",
+  "name": "Signet Guardian",
+  "description": "Payment guard middleware: policy (payments on/off, per-transaction and monthly limits) for AI agent payments.",
+  "version": "0.1.0",
+  "configSchema": {
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {
+      "paymentsEnabled": {
+        "type": "boolean",
+        "description": "Master switch for payments",
+        "default": false
+      },
+      "maxPerTransaction": {
+        "type": "number",
+        "minimum": 0,
+        "description": "Max amount per single transaction",
+        "default": 20
+      },
+      "maxPerMonth": {
+        "type": "number",
+        "minimum": 0,
+        "description": "Max total spend in the current calendar month",
+        "default": 500
+      },
+      "currency": {
+        "type": "string",
+        "pattern": "^[A-Z]{3}$",
+        "description": "ISO 4217 currency code (e.g. GBP, USD)",
+        "default": "GBP"
+      },
+      "requireConfirmationAbove": {
+        "type": "number",
+        "minimum": 0,
+        "description": "Above this amount, require explicit user confirmation",
+        "default": 5
+      },
+      "blockedMerchants": {
+        "type": "array",
+        "items": { "type": "string" },
+        "description": "Payee substrings to block",
+        "default": []
+      },
+      "allowedMerchants": {
+        "type": "array",
+        "items": { "type": "string" },
+        "description": "If non-empty, only these payee substrings are allowed",
+        "default": []
+      }
+    }
+  },
+  "uiHints": {
+    "paymentsEnabled": {
+      "label": "Enable payments",
+      "help": "Master switch. If off, all payments are denied."
+    },
+    "maxPerTransaction": {
+      "label": "Max per transaction",
+      "help": "Maximum amount allowed for a single payment (e.g. 20).",
+      "placeholder": "20"
+    },
+    "maxPerMonth": {
+      "label": "Max per month",
+      "help": "Maximum total spend in the current calendar month (e.g. 500).",
+      "placeholder": "500"
+    },
+    "currency": {
+      "label": "Currency",
+      "help": "ISO 4217 code, 3 letters uppercase (e.g. GBP, USD).",
+      "placeholder": "GBP"
+    },
+    "requireConfirmationAbove": {
+      "label": "Require confirmation above",
+      "help": "Above this amount, the agent must ask for explicit user confirmation before paying.",
+      "placeholder": "5"
+    },
+    "blockedMerchants": {
+      "label": "Blocked merchants",
+      "help": "Payee substrings to block (e.g. gambling, adult)."
+    },
+    "allowedMerchants": {
+      "label": "Allowed merchants",
+      "help": "If set, only payees matching one of these substrings are allowed. Leave empty to allow all.",
+      "advanced": true
+    }
+  }
+}

package/openclaw.plugin.json

@@ -0,0 +1,88 @@
+{
+  "id": "signet-guardian",
+  "name": "Signet Guardian",
+  "description": "Payment guard middleware: policy (payments on/off, per-transaction and monthly limits) for AI agent payments.",
+  "version": "0.1.0",
+  "configSchema": {
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {
+      "paymentsEnabled": {
+        "type": "boolean",
+        "description": "Master switch for payments",
+        "default": false
+      },
+      "maxPerTransaction": {
+        "type": "number",
+        "minimum": 0,
+        "description": "Max amount per single transaction",
+        "default": 20
+      },
+      "maxPerMonth": {
+        "type": "number",
+        "minimum": 0,
+        "description": "Max total spend in the current calendar month",
+        "default": 500
+      },
+      "currency": {
+        "type": "string",
+        "pattern": "^[A-Z]{3}$",
+        "description": "ISO 4217 currency code (e.g. GBP, USD)",
+        "default": "GBP"
+      },
+      "requireConfirmationAbove": {
+        "type": "number",
+        "minimum": 0,
+        "description": "Above this amount, require explicit user confirmation",
+        "default": 5
+      },
+      "blockedMerchants": {
+        "type": "array",
+        "items": { "type": "string" },
+        "description": "Payee substrings to block",
+        "default": []
+      },
+      "allowedMerchants": {
+        "type": "array",
+        "items": { "type": "string" },
+        "description": "If non-empty, only these payee substrings are allowed",
+        "default": []
+      }
+    }
+  },
+  "uiHints": {
+    "paymentsEnabled": {
+      "label": "Enable payments",
+      "help": "Master switch. If off, all payments are denied."
+    },
+    "maxPerTransaction": {
+      "label": "Max per transaction",
+      "help": "Maximum amount allowed for a single payment (e.g. 20).",
+      "placeholder": "20"
+    },
+    "maxPerMonth": {
+      "label": "Max per month",
+      "help": "Maximum total spend in the current calendar month (e.g. 500).",
+      "placeholder": "500"
+    },
+    "currency": {
+      "label": "Currency",
+      "help": "ISO 4217 code, 3 letters uppercase (e.g. GBP, USD).",
+      "placeholder": "GBP"
+    },
+    "requireConfirmationAbove": {
+      "label": "Require confirmation above",
+      "help": "Above this amount, the agent must ask for explicit user confirmation before paying.",
+      "placeholder": "5"
+    },
+    "blockedMerchants": {
+      "label": "Blocked merchants",
+      "help": "Payee substrings to block (e.g. gambling, adult)."
+    },
+    "allowedMerchants": {
+      "label": "Allowed merchants",
+      "help": "If set, only payees matching one of these substrings are allowed. Leave empty to allow all.",
+      "advanced": true
+    }
+  }
+}

package/package.json

@@ -0,0 +1,36 @@
+{
+  "name": "@signet-labs/signet-guardian",
+  "version": "0.1.0",
+  "description": "Payment guard middleware for OpenClaw: policy (payments on/off, per-transaction and monthly limits) for AI agent payments.",
+  "type": "module",
+  "main": "openclaw-extension/signet-guardian/index.ts",
+  "scripts": {
+    "build": "tsc scripts/signet-cli.ts --outDir dist --module esnext --target es2020 --moduleResolution node"
+  },
+  "openclaw": {
+    "extensions": ["./openclaw-extension/signet-guardian/index.ts"]
+  },
+  "files": [
+    "openclaw.plugin.json",
+    "openclaw-extension/",
+    "README.md",
+    "SKILL.md"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/signet-labs/signet-guardian"
+  },
+  "keywords": ["openclaw", "plugin", "signet", "payment", "guard", "policy"],
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "prompts": "^2.4.2"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "typescript": "^5.0.0",
+    "tsx": "^4.7.0"
+  }
+}