@upx-us/shield 0.5.38 → 0.6.0

package/dist/src/events/browser/enrich.js

@@ -10,6 +10,7 @@ function enrich(tool, ctx) {
         'openclaw.session_id': ctx.sessionId,
         'openclaw.agent_id': ctx.agentId,
         browser_action: args.action || null,
+        'openclaw.browser_action': args.action || null,
         url_domain: null,
         url_is_internal: false,
     };

package/dist/src/events/exec/enrich.d.ts

@@ -1,4 +1,5 @@
 import { RawToolCall, EnrichmentContext } from '../base';
 import { ExecEvent } from './event';
+export declare function detectSecretInCommand(cmd: string): boolean;
 export declare function splitChainedCommands(cmd: string): string[];
 export declare function enrich(tool: RawToolCall, ctx: EnrichmentContext): ExecEvent;

package/dist/src/events/exec/enrich.js

@@ -1,8 +1,28 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectSecretInCommand = detectSecretInCommand;
 exports.splitChainedCommands = splitChainedCommands;
 exports.enrich = enrich;
 const base_1 = require("../base");
+const SECRET_KEY_PREFIXES = ['sk-', 'pk_', 'key_', 'ghp_', 'ghs_', 'glpat-', 'xoxb-', 'xoxp-'];
+const SECRET_ENV_PATTERN = /\b[A-Z_]*(SECRET|TOKEN|KEY|PASSWORD|PASSWD|API_KEY|APIKEY)[A-Z_]*=/i;
+const LONG_HEX_BASE64 = /(?:[0-9a-fA-F]{41,}|[A-Za-z0-9+/=]{41,})/;
+const BEARER_PATTERN = /\bBearer\s+\S+/i;
+function detectSecretInCommand(cmd) {
+    if (!cmd)
+        return false;
+    for (const prefix of SECRET_KEY_PREFIXES) {
+        if (cmd.includes(prefix))
+            return true;
+    }
+    if (BEARER_PATTERN.test(cmd))
+        return true;
+    if (SECRET_ENV_PATTERN.test(cmd))
+        return true;
+    if (LONG_HEX_BASE64.test(cmd))
+        return true;
+    return false;
+}
 function splitChainedCommands(cmd) {
     const segments = [];
     let current = '';
@@ -74,6 +94,9 @@ function enrich(tool, ctx) {
         cmd_has_sudo: /\bsudo\b/.test(cmd),
         cmd_has_pipe: /\|/.test(cmd),
     };
+    if (detectSecretInCommand(cmd)) {
+        meta['openclaw.secret_in_command'] = 'true';
+    }
     for (const segRoot of allRootCommands) {
         if (/^(kill|pkill|killall)$/.test(segRoot)) {
             const pidMatch = cmd.match(/\bkill\s+(?:-\d+\s+)?(\d+)/);

package/dist/src/events/file/enrich.js

@@ -19,6 +19,10 @@ function enrich(tool, ctx) {
         file_is_system: isSystem,
         file_is_config: ext ? configExts.includes(ext) : false,
     };
+    const CONFIG_FILE_PATTERNS = /(?:\.env|config\.json|openclaw\.json|\.npmrc|\.yarnrc|\.gitconfig|settings\.json|docker-compose\.ya?ml|Dockerfile|\.bashrc|\.zshrc|\.profile)(?:$|\/)/;
+    if ((toolName === 'write' || toolName === 'edit') && (meta.file_is_config || CONFIG_FILE_PATTERNS.test(fp) || /\/\.env(?:\.|$)/.test(fp))) {
+        meta['openclaw.config_change'] = 'true';
+    }
     if ((toolName === 'write' || toolName === 'edit') && isMemoryFile) {
         meta.memory_auto_capture = 'true';
     }
@@ -29,6 +33,9 @@ function enrich(tool, ctx) {
         meta.edit_new_length = String(newText.length);
         meta.edit_size_delta = String(newText.length - oldText.length);
     }
+    if (toolName === 'write' && args.content) {
+        meta['openclaw.file_size_bytes'] = String(Buffer.byteLength(args.content, 'utf8'));
+    }
     const event = {
         timestamp: ctx.timestamp,
         event_type: 'TOOL_CALL',

package/dist/src/events/message/enrich.js

@@ -10,6 +10,32 @@ function enrich(tool, ctx) {
         'openclaw.agent_id': ctx.agentId,
         sub_action: args.action || null,
     };
+    if (args.channel)
+        meta['openclaw.channel'] = args.channel;
+    if (args.target) {
+        if (!args.channel) {
+            if (/^telegram/i.test(String(args.target)) || /^-?\d{10,}/.test(String(args.target))) {
+                meta['openclaw.channel'] = 'telegram';
+            }
+        }
+        const targetStr = String(args.target);
+        if (targetStr.startsWith('-100'))
+            meta['openclaw.chat_type'] = 'group';
+        else if (targetStr.startsWith('-'))
+            meta['openclaw.chat_type'] = 'group';
+        else if (/^\d+$/.test(targetStr))
+            meta['openclaw.chat_type'] = 'private';
+    }
+    if (args.groupId || args.guildId)
+        meta['openclaw.chat_type'] = 'group';
+    if (args.channelId && !meta['openclaw.chat_type'])
+        meta['openclaw.chat_type'] = 'channel';
+    if (args.action === 'send' || args.action === 'edit') {
+        const content = args.message || args.caption || '';
+        if (content) {
+            meta['openclaw.message_content'] = content.length > 500 ? content.slice(0, 500) : content;
+        }
+    }
     if (args.buffer) {
         meta.has_base64_payload = 'true';
         const raw = typeof args.buffer === 'string' ? args.buffer.replace(/^data:[^;]+;base64,/, '') : '';

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "shield",
   "name": "OpenClaw Shield",
   "description": "Real-time security monitoring — streams enriched, redacted security events to the Shield detection platform.",
-  "version": "0.5.38",
+  "version": "0.6.0",
   "skills": [
     "./skills"
   ],

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@upx-us/shield",
-  "version": "0.5.38",
+  "version": "0.6.0",
   "description": "Security monitoring plugin for OpenClaw agents — streams enriched security events to the Shield detection platform",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",