@upx-us/shield 0.8.0 → 0.8.2

package/CHANGELOG.md

@@ -4,6 +4,28 @@ All notable changes to this project will be documented in this file.
 
 ---
 
+## [0.8.2] — 2026-03-17
+
+### Fixed
+
+- **Log output handling rules are now explicit and non-negotiable** — the SKILL instruction for handling sensitive log content (file paths, commands, URLs) was advisory; it is now a strict rule set that the agent must follow regardless of context.
+
+---
+
+## [0.8.1] — 2026-03-17
+
+### Fixed
+
+- **Disconnected status after failed startup no longer wipes prior healthy activity** — when a new plugin runtime starts but fails before completing its first sync, Shield now preserves the last known-good state (poll time, sync time, session activity) instead of replacing it with a blank slate. Instances that appeared disconnected after a gateway reload now show accurate prior activity.
+- **Plugin no longer advances into startup with partially-formed credentials** — a change in v0.7.5 caused the canonical ingest URL to be treated as a valid credential even when instance ID and HMAC secret were missing, allowing startup to proceed further than it should before failing and writing zero-state. Credential validation now requires all three fields.
+- **Rapid version bumps no longer trigger multiple zero-state writes** — consecutive `openclaw.plugin.json` version changes (as seen in the v0.7.3→v0.7.6 series) could trigger multiple gateway hot-reload cycles, each writing a blank initial state before credential checks failed. The startup guard now prevents redundant state resets during re-registration.
+
+### Changed
+
+- **Status output shows last known-good activity when current runtime is disconnected** — if Shield is not running, the status command now surfaces when the last healthy poll and sync occurred, giving a clearer picture of what happened before the disconnect.
+
+---
+
 ## [0.8.0] — 2026-03-17
 
 ### Fixed

package/README.md

@@ -1,14 +1,31 @@
 # OpenClaw Shield
 
 > **OpenClaw Shield is a paid security service by UPX.**
-> Start your **free 30-day trial** at [upx.com/en/lp/openclaw-shield-upx](https://www.upx.com/en/lp/openclaw-shield-upx).
+> Start your **free 60-day trial (no credit card required)** at [upx.com/en/lp/openclaw-shield-upx](https://www.upx.com/en/lp/openclaw-shield-upx).
 
-Real-time security monitoring for your OpenClaw agents — powered by the UPX Shield detection platform.
+**OpenClaw Shield** is the first SIEM-powered security solution built for AI agents — not to control what they *can* do, but to detect what they *did*.
+
+While agent sandboxes block at the gate, Shield watches from inside: every tool call, file read, command execution, and outbound request is ingested, enriched, and matched against behavioral detection rules in real time. Anomalies become cases. Cases get playbooks.
+
+**What you get:**
+- 🔍 **90+ detection rules** tuned for OpenClaw agents — continuously curated and expanded by UPX security experts
+- 📋 Automated case generation with remediation playbooks
+- 🔒 Cryptographic event integrity (HMAC-SHA256, AES-256-GCM)
+- 🏷️ Full trigger attribution — who prompted what, when, and why
+- 🧹 Built-in data redaction before events leave the host
+- ☁️ **Powered by Google SecOps (Chronicle)** — the same enterprise SIEM trusted by security teams worldwide
+
+> Shield is designed to complement the security controls built into OpenClaw and any Claw-based solution — not replace them. Zero-trust policies, sandboxed execution, and private routing control what your agent *can* do. Shield adds what they can't: a continuous forensic record of what it *did*, with behavioral detection and automated case management on top.
+>
+> Works alongside any hardening strategy, out of the box.
+> *For example, solutions like NemoClaw control the perimeter. Shield owns the forensics.*
+
+---
 
 **Shield is a local collector.** It captures agent activity, redacts sensitive data, and forwards clean telemetry to the UPX platform at [uss.upx.com](https://uss.upx.com) — where security rules, correlation, alerting, playbooks, and case management give your team full visibility. The plugin itself stays lean and transparent; all the heavy lifting happens on the platform side.
 
 ```
-Your Agent → Shield (local: capture + redact) → UPX Platform (analysis, alerts, detections)
+Your Agent → Shield (local: capture + redact) → UPX Platform → Google SecOps (detection, cases, forensics)
 ```
 
 ---
@@ -176,6 +193,8 @@ openclaw gateway restart
 
 ## What to expect after activation
 
+Shield's agent skill communicates with you in your language. Alerts, case summaries, and recommendations are presented in whichever language you use — raw command output and technical identifiers (rule names, case IDs, field names) are always kept as-is.
+
 After restart, Shield exchanges your key for permanent credentials — this takes a few seconds. You should see your first events within the first poll cycle (~30 seconds). Within 1–2 minutes, those events will appear on the platform at [uss.upx.com](https://uss.upx.com).
 
 Run `openclaw shield status` to confirm:
@@ -183,41 +202,39 @@ Run `openclaw shield status` to confirm:
 **Just activated (first minute):**
 
 ```
-OpenClaw Shield — v0.3.x  (5s ago)
+OpenClaw Shield — v0.8.x  (5s ago)
 
-── Plugin Health ─────────────────────────────
-  Connection:   ✅ Connected
-  Version:      0.3.x
+── Status ────────────────────────────────────
+  ✅ Running · Connected
+  Version:      0.8.x
   Instance:     a1b2c3d4…
-  Last poll:    5s ago
-  Last capture: 5s ago
-  Events sent:  3  (all-time)
-  Quarantine:   0  (all-time)
-  Failures:     0  (consecutive)
-  Daemon PID:   12345
-  Session:      0m
+
+── Monitoring ────────────────────────────────
+  Events:       3 sent · 0 quarantined
+  Failures:     0 poll · 0 telemetry
+  Session:      0m active
+  Last data:    poll 5s ago · capture 5s ago
 ```
 
-A low event count and a recent `Last capture` time means Shield is working correctly. Events accumulate as your agent uses tools.
+A low event count and a recent `Last data` time means Shield is working correctly. Events accumulate as your agent uses tools.
 
 > **Note:** The Activity and Redactions sections appear after your first sync cycle (~30s). If your status looks shorter than the "extended use" example below, that's normal — they'll populate automatically.
 
 **After extended use:**
 
 ```
-OpenClaw Shield — v0.3.x  (5s ago)
+OpenClaw Shield — v0.8.x  (5s ago)
 
-── Plugin Health ─────────────────────────────
-  Connection:   ✅ Connected
-  Version:      0.3.x
+── Status ────────────────────────────────────
+  ✅ Running · Connected
+  Version:      0.8.x
   Instance:     a1b2c3d4…
-  Last poll:    5s ago
-  Last capture: 14s ago
-  Events sent:  1,842  (all-time)
-  Quarantine:   0  (all-time)
-  Failures:     0  (consecutive)
-  Daemon PID:   12345
-  Session:      4h 12m
+
+── Monitoring ────────────────────────────────
+  Events:       1,842 sent · 0 quarantined
+  Failures:     0 poll · 0 telemetry
+  Session:      4h 12m active
+  Last data:    poll 5s ago · capture 14s ago
 
 ── Activity ──────────────────────────────────
 
@@ -238,7 +255,7 @@ OpenClaw Shield — v0.3.x  (5s ago)
 **When not activated:**
 
 ```
-OpenClaw Shield — v0.3.x
+OpenClaw Shield — v0.8.x
 
   Status: Loaded (not activated)
 

package/dist/index.js

@@ -287,6 +287,27 @@ function hasMeaningfulRuntimeState(snapshot) {
         snapshot.lastStartupCheckpoint ||
         snapshot.instanceId);
 }
+function hasHealthyRuntimeState(snapshot) {
+    return Boolean(snapshot.lastSuccessfulPollAt || snapshot.lastSync?.at);
+}
+function buildLastKnownGoodSnapshot(updatedAt) {
+    return {
+        pid: process.pid,
+        startedAt: state.startedAt,
+        lastPollAt: state.lastPollAt,
+        lastSuccessfulPollAt: state.lastSuccessfulPollAt,
+        lastCaptureAt: state.lastCaptureAt,
+        lastSync: state.lastSync,
+        instanceId: state.instanceId,
+        eventsProcessed: state.eventsProcessed,
+        quarantineCount: state.quarantineCount,
+        updatedAt,
+        version: version_1.VERSION,
+        lastLifecyclePhase: state.lastLifecyclePhase,
+        lastStopReason: state.lastStopReason,
+        lastStartupCheckpoint: state.lastStartupCheckpoint,
+    };
+}
 function persistState(extra = {}) {
     flushAllTimeStats();
     if (!_stateDirty)
@@ -295,6 +316,7 @@ function persistState(extra = {}) {
         const dir = (0, path_1.join)((0, os_1.homedir)(), '.openclaw', 'shield', 'data');
         if (!(0, fs_1.existsSync)(dir))
             (0, fs_1.mkdirSync)(dir, { recursive: true });
+        const previous = (0, safe_io_1.readJsonSafe)(STATUS_FILE, {}, 'status-merge');
         let countersSnapshot = {};
         try {
             countersSnapshot = {
@@ -305,13 +327,22 @@ function persistState(extra = {}) {
             };
         }
         catch { }
-        (0, safe_io_1.writeJsonSafe)(STATUS_FILE, {
+        const updatedAt = Date.now();
+        const mergedCurrent = {
             ...state, ...extra,
             version: version_1.VERSION,
-            updatedAt: Date.now(),
+            updatedAt,
             pid: process.pid,
             counters: countersSnapshot,
             allTime: readAllTimeStats(),
+        };
+        const previousLastKnownGood = previous.lastKnownGood ?? null;
+        const nextLastKnownGood = hasHealthyRuntimeState(state)
+            ? buildLastKnownGoodSnapshot(updatedAt)
+            : previousLastKnownGood;
+        (0, safe_io_1.writeJsonSafe)(STATUS_FILE, {
+            ...mergedCurrent,
+            lastKnownGood: nextLastKnownGood,
         });
         _stateDirty = false;
     }
@@ -428,10 +459,10 @@ function printActivatedStatus() {
     if (!s) {
         console.log(`OpenClaw Shield — v${version_1.VERSION}`);
         console.log('');
-        console.log('── Plugin Health ─────────────────────────────');
-        console.log('  Connection:   ⚠️ Status unavailable');
+        console.log('── Status ────────────────────────────────────');
+        console.log('  ⚠️ Unknown · Status unavailable');
         console.log(`  Version:      ${version_1.VERSION}`);
-        console.log(`  Warning:      ${snapshot.message ?? 'Shield has not persisted runtime state yet.'}`);
+        console.log(`  Note:         ${snapshot.message ?? 'Shield has not persisted runtime state yet.'}`);
         console.log('               - This usually means the gateway has not started the plugin yet, or state persistence is unavailable.');
         console.log('               - If this persists, run: openclaw gateway restart');
         return;
@@ -445,46 +476,85 @@ function printActivatedStatus() {
     const shortId = instanceId ? `${instanceId.slice(0, 8)}…` : '';
     const lifecyclePhase = s.lastLifecyclePhase ?? 'unknown';
     const stopReason = s.lastStopReason ?? 'unknown';
+    const lastKnownGood = (s.lastKnownGood ?? null);
     console.log(`OpenClaw Shield — v${s.version ?? version_1.VERSION}${ageLabel ? `  (${ageLabel})` : ''}`);
+    const cachedUpdate = (0, updater_1.loadUpdateState)();
     console.log('');
-    console.log('── Plugin Health ─────────────────────────────');
-    console.log(`  Connection:   ${isRunning ? '✅ Connected' : snapshot.source === 'stale' ? '⚠️ Status stale' : '❌ Disconnected'}`);
-    console.log(`  Version:      ${s.version ?? version_1.VERSION}`);
-    if (shortId)
-        console.log(`  Instance:     ${shortId}`);
-    console.log(`  Last poll:    ${lastPollLabel}`);
     const lastCaptureMs = s.lastCaptureAt ? Date.now() - s.lastCaptureAt : null;
     const lastCaptureLabel = s.lastCaptureAt ? fmtTime(lastCaptureMs) : null;
-    if (lastCaptureLabel)
-        console.log(`  Last capture: ${lastCaptureLabel}`);
-    const updateState = (0, updater_1.loadUpdateState)();
+    const updateState = cachedUpdate;
     const allTime = (s.allTime ?? readAllTimeStats());
-    console.log(`  Events sent:  ${allTime.eventsProcessed.toLocaleString()}  (all-time)`);
-    console.log(`  Quarantine:   ${allTime.quarantineCount.toLocaleString()}  (all-time)`);
-    console.log(`  Failures:     ${s.consecutiveFailures ?? 0}  (poll)`);
-    if (s.telemetryConsecutiveFailures != null) {
-        console.log(`  Telemetry:    ${s.telemetryConsecutiveFailures ?? 0}  (consecutive failures)`);
-    }
-    console.log(`  Phase:        ${lifecyclePhase}`);
+    const phaseIcon = isRunning ? '✅' : (snapshot.source === 'stale' ? '⚠️' : '❌');
+    const phaseDisplay = lifecyclePhase.charAt(0).toUpperCase() + lifecyclePhase.slice(1);
+    const connectionDisplay = isRunning ? 'Connected' : snapshot.source === 'stale' ? 'Status stale' : 'Disconnected';
+    console.log('── Status ────────────────────────────────────');
+    console.log(`  ${phaseIcon} ${phaseDisplay} · ${connectionDisplay}`);
+    console.log(`  Version:      ${s.version ?? version_1.VERSION}`);
+    if (shortId)
+        console.log(`  Instance:     ${shortId}`);
+    if (snapshot.message)
+        console.log(`  Note:         ${snapshot.message}`);
     if (stopReason && stopReason !== 'none')
         console.log(`  Stop reason:  ${stopReason}`);
-    if (s.pid) {
-        let pidAlive = false;
-        try {
-            process.kill(s.pid, 0);
-            pidAlive = true;
-        }
-        catch { }
-        console.log(`  Daemon PID:   ${s.pid}${pidAlive ? '' : '  ⚠️ stale (process not running)'}`);
-    }
-    if (snapshot.message) {
-        console.log(`  Status note:  ${snapshot.message}`);
+    if (lastKnownGood && !isRunning) {
+        const lastGoodPoll = lastKnownGood.lastPollAt ? fmtTime(Date.now() - lastKnownGood.lastPollAt) : 'never';
+        const lastGoodCapture = lastKnownGood.lastCaptureAt ? fmtTime(Date.now() - lastKnownGood.lastCaptureAt) : null;
+        const lastGoodParts = [`poll ${lastGoodPoll}`];
+        if (lastGoodCapture)
+            lastGoodParts.push(`capture ${lastGoodCapture}`);
+        console.log(`  Last healthy: ${lastGoodParts.join(' · ')}`);
     }
-    if (s.lastStartupCheckpoint) {
-        console.log(`  Checkpoint:   ${s.lastStartupCheckpoint}`);
+    console.log('');
+    const telFailures = s.telemetryConsecutiveFailures ?? 0;
+    const pollFailures = s.consecutiveFailures ?? 0;
+    const sessionMs = s.startedAt ? Date.now() - s.startedAt : null;
+    const sessionLabel = sessionMs != null
+        ? sessionMs < 60_000 ? `${Math.round(sessionMs / 1000)}s`
+            : sessionMs < 3_600_000 ? `${Math.floor(sessionMs / 60_000)}m`
+                : `${(sessionMs / 3_600_000).toFixed(1)}h`
+        : null;
+    const lastDataParts = [];
+    if (lastPollLabel !== 'never')
+        lastDataParts.push(`poll ${lastPollLabel}`);
+    if (lastCaptureLabel)
+        lastDataParts.push(`capture ${lastCaptureLabel}`);
+    console.log('── Monitoring ────────────────────────────────');
+    console.log(`  Events:       ${allTime.eventsProcessed.toLocaleString()} sent · ${allTime.quarantineCount.toLocaleString()} quarantined`);
+    console.log(`  Failures:     ${pollFailures} poll · ${telFailures} telemetry`);
+    const checkpointHuman = (() => {
+        const cp = s.lastStartupCheckpoint ?? '';
+        if (cp.includes('not_activated'))
+            return 'Not activated';
+        if (cp.includes('activation_failed'))
+            return 'Activation failed';
+        if (cp.includes('update_restart'))
+            return 'Restarting for update';
+        if (cp === 'checkpoint:11' || cp === 'checkpoint:9' || cp === 'checkpoint:9a')
+            return 'Monitoring active';
+        if (cp === 'checkpoint:8')
+            return 'Starting up';
+        if (cp.includes('checkpoint:') || cp === 'SIGTERM')
+            return 'Starting up';
+        if (cp.includes('registration_invalid') || cp.includes('poll_registration_invalid'))
+            return 'Registration invalid';
+        return null;
+    })();
+    if (sessionLabel)
+        console.log(`  Session:      ${sessionLabel} active${checkpointHuman ? `  (${checkpointHuman})` : ''}`);
+    if (lastDataParts.length > 0)
+        console.log(`  Last data:    ${lastDataParts.join(' · ')}`);
+    if (lastKnownGood && !isRunning) {
+        const lastGoodSync = lastKnownGood.lastSync?.at ? fmtTime(Date.now() - lastKnownGood.lastSync.at) : null;
+        const lastGoodSession = lastKnownGood.startedAt ? fmtTime(Date.now() - lastKnownGood.startedAt) : null;
+        const lastGoodLabel = [
+            lastGoodSession ? `session ${lastGoodSession}` : null,
+            lastGoodSync ? `sync ${lastGoodSync}` : null,
+        ].filter(Boolean).join(' · ');
+        if (lastGoodLabel)
+            console.log(`  Last good:    ${lastGoodLabel}`);
     }
-    if (s.lastError) {
-        console.log(`  Last error:   ${s.lastError}`);
+    if (s.eventsRetainedForRetry && Number(s.eventsRetainedForRetry) > 0) {
+        console.log(`  Retry backlog:${String(s.eventsRetainedForRetry).padStart(3)} event(s) retained`);
     }
     if (updateState.pendingRestart || updateState.lastFailureStage || updateState.rollbackPending) {
         console.log(`  Update:       ${updateState.pendingRestart ? 'pending restart' : updateState.rollbackPending ? 'rollback needed' : 'attention required'}`);
@@ -493,11 +563,19 @@ function printActivatedStatus() {
         if (updateState.lastError)
             console.log(`  Update error: ${updateState.lastError}`);
     }
+    if (s.lastError) {
+        console.log(`  Last error:   ${s.lastError}`);
+    }
     if (s.lastDeliveryIssue) {
         console.log(`  Delivery:     ${s.lastDeliveryIssue}`);
     }
-    if (s.eventsRetainedForRetry && Number(s.eventsRetainedForRetry) > 0) {
-        console.log(`  Retry backlog:${String(s.eventsRetainedForRetry).padStart(3)}  event(s) retained for retry`);
+    if (cachedUpdate.updateAvailable && cachedUpdate.latestVersion) {
+        console.log('');
+        console.log(`⚡ Update available: v${cachedUpdate.latestVersion}`);
+        console.log(`   To update, run:`);
+        console.log(`     openclaw plugins update shield`);
+        console.log(`     openclaw gateway restart`);
+        console.log(`   Or tell your agent: "Update the OpenClaw Shield plugin to the latest version"`);
     }
     const statusWarnings = getStatusWarnings({
         running: isRunning,
@@ -525,14 +603,6 @@ function printActivatedStatus() {
         console.log('               - If this persists, run: openclaw gateway restart');
     }
     const startedAt = s.startedAt;
-    if (startedAt) {
-        const uptimeMs = Date.now() - startedAt;
-        const uptimeLabel = uptimeMs < 3_600_000
-            ? `${Math.floor(uptimeMs / 60_000)}m`
-            : `${(uptimeMs / 3_600_000).toFixed(1)}h`;
-        console.log(`  Session:      ${uptimeLabel}`);
-    }
-    console.log('');
     console.log('── Activity ──────────────────────────────────');
     const BAR_CHARS = '████████████████████';
     const BAR_MAX = 8;
@@ -554,7 +624,12 @@ function printActivatedStatus() {
     }
     else {
         console.log('📡 Last sync');
-        console.log(`  ${snapshot.source === 'stale' ? 'Last known sync is unavailable because persisted state is stale.' : 'No sync yet. Bridge will send on the next poll cycle.'}`);
+        if (lastKnownGood?.lastSync?.at && !isRunning) {
+            console.log(`  Current runtime has no sync yet. Last healthy sync was ${fmtTime(Date.now() - lastKnownGood.lastSync.at)}.`);
+        }
+        else {
+            console.log(`  ${snapshot.source === 'stale' ? 'Last known sync is unavailable because persisted state is stale.' : 'No sync yet. Bridge will send on the next poll cycle.'}`);
+        }
     }
     const counters = (s.counters ?? {});
     const sessionEvents = counters.totalEvents ?? 0;
@@ -562,10 +637,10 @@ function printActivatedStatus() {
     const sessionRows = Object.entries(sessionTypes).sort(([, a], [, b]) => b - a);
     const sessionMax = sessionRows[0]?.[1] ?? 0;
     console.log('');
-    const sessionLabel = startedAt
+    const sessionActivityLabel = startedAt
         ? `since restart ${fmtTime(Date.now() - startedAt)}`
         : 'this session';
-    console.log(`📊 This session  (${sessionLabel} — ${sessionEvents} event${sessionEvents !== 1 ? 's' : ''})`);
+    console.log(`📊 This session  (${sessionActivityLabel} — ${sessionEvents} event${sessionEvents !== 1 ? 's' : ''})`);
     if (sessionRows.length === 0) {
         console.log('  No events recorded yet.');
     }
@@ -704,11 +779,15 @@ exports.default = {
                 catch { }
             }
         };
-        if (teardownPreviousRuntime) {
-            pendingTeardown = teardownPreviousRuntime()
-                .catch((err) => log.warn('shield', `Runtime cleanup before re-register failed: ${err instanceof Error ? err.message : String(err)}`));
-        }
-        teardownPreviousRuntime = () => cleanupRuntime({ markStopped: true, resetGuard: true, flushRedactor: false });
+        const inheritedRuntimeTeardown = teardownPreviousRuntime;
+        let inheritedRuntimeHandedOff = false;
+        const currentRuntimeTeardown = () => cleanupRuntime({
+            markStopped: true,
+            resetGuard: true,
+            flushRedactor: false,
+            stopReason: 'runtime_replaced',
+        });
+        teardownPreviousRuntime = inheritedRuntimeTeardown;
         const deactivateForRegistrationInvalidation = async (checkpoint, message) => {
             setLifecyclePhase('deactivated', checkpoint);
             setStopReason('registration_invalidated');
@@ -922,8 +1001,23 @@ exports.default = {
                     log.info('shield', '[checkpoint:8] Dynamic imports loaded');
                     if (config.redactionEnabled)
                         initRedactor();
+                    if (inheritedRuntimeTeardown && !inheritedRuntimeHandedOff) {
+                        try {
+                            log.info('shield', '[checkpoint:8a] Taking over previous healthy runtime');
+                            pendingTeardown = inheritedRuntimeTeardown()
+                                .catch((err) => log.warn('shield', `Previous runtime teardown during takeover failed: ${err instanceof Error ? err.message : String(err)}`));
+                            await pendingTeardown.catch(() => { });
+                            pendingTeardown = null;
+                            inheritedRuntimeHandedOff = true;
+                        }
+                        catch (err) {
+                            log.warn('shield', `Takeover handoff failed: ${err instanceof Error ? err.message : String(err)}`);
+                            throw err;
+                        }
+                    }
                     state.running = true;
                     setLifecyclePhase('running', 'checkpoint:9');
+                    teardownPreviousRuntime = currentRuntimeTeardown;
                     persistState();
                     log.info('shield', '[checkpoint:9] state.running=true — entering poll loop');
                     const runTelemetry = async () => {

package/dist/src/case-monitor.d.ts

@@ -19,6 +19,11 @@ export declare function setDirectSendDispatcher(opts: {
     to: string;
     channel: string;
 }): void;
+declare const SEVERITY_ORDER: Record<string, number>;
+declare function formatCaseTimestamp(isoDate: string): string;
+declare function buildCaseUrl(c: CaseSummary | CaseDetail): string;
+declare function formatBatchCaseBlock(c: CaseSummary | CaseDetail): string;
+declare function dispatchCaseNotifications(cases: (CaseSummary | CaseDetail)[]): void;
 export interface CaseSummary {
     id: string;
     rule_id: string;
@@ -77,4 +82,8 @@ export declare function formatCaseNotification(c: CaseSummary | CaseDetail): str
 export declare function _resetForTesting(): void;
 export declare function _simulateFailuresForTesting(count: number, firstFailureAgeMs: number): void;
 export declare function _simulateSuccessForTesting(): void;
-export {};
+export { SEVERITY_ORDER as _SEVERITY_ORDER };
+export declare const _formatCaseTimestamp: typeof formatCaseTimestamp;
+export declare const _buildCaseUrl: typeof buildCaseUrl;
+export declare const _formatBatchCaseBlock: typeof formatBatchCaseBlock;
+export declare const _dispatchCaseNotifications: typeof dispatchCaseNotifications;

package/dist/src/case-monitor.js

@@ -33,6 +33,7 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
+exports._dispatchCaseNotifications = exports._formatBatchCaseBlock = exports._buildCaseUrl = exports._formatCaseTimestamp = exports._SEVERITY_ORDER = void 0;
 exports.setCaseNotificationDispatcher = setCaseNotificationDispatcher;
 exports.setDirectSendDispatcher = setDirectSendDispatcher;
 exports.initCaseMonitor = initCaseMonitor;
@@ -96,6 +97,42 @@ function setDirectSendDispatcher(opts) {
     _directSendChannel = opts.channel;
     log.info('case-monitor', `Direct send configured (channel: ${opts.channel}, to: ${opts.to})`);
 }
+const SEVERITY_ORDER = {
+    CRITICAL: 0, HIGH: 1, MEDIUM: 2, LOW: 3, INFO: 4,
+};
+exports._SEVERITY_ORDER = SEVERITY_ORDER;
+function formatCaseTimestamp(isoDate) {
+    const d = new Date(isoDate);
+    if (isNaN(d.getTime()))
+        return isoDate;
+    const pad = (n) => String(n).padStart(2, '0');
+    return `${d.getUTCFullYear()}-${pad(d.getUTCMonth() + 1)}-${pad(d.getUTCDate())} ${pad(d.getUTCHours())}:${pad(d.getUTCMinutes())} UTC`;
+}
+function buildCaseUrl(c) {
+    if (isCaseDetail(c) && c.url)
+        return c.url;
+    return `https://uss.upx.com/cases/${c.id}`;
+}
+function formatBatchCaseBlock(c) {
+    const severityEmoji = {
+        CRITICAL: '🔴', HIGH: '🟠', MEDIUM: '🟡', LOW: '🔵', INFO: 'ℹ️',
+    };
+    const emoji = severityEmoji[c.severity] || '⚠️';
+    const sev = c.severity || '';
+    const description = (isCaseDetail(c) && c.rule?.description)
+        ? c.rule.description
+        : (c.description || c.summary || '');
+    const ts = formatCaseTimestamp(c.created_at);
+    const url = buildCaseUrl(c);
+    const lines = [
+        `${emoji} ${c.rule_title} · ${sev}`,
+    ];
+    if (description)
+        lines.push(description);
+    lines.push(`🕐 ${ts}`);
+    lines.push(`🔗 View case: ${url}`);
+    return lines.join('\n');
+}
 function dispatchCaseNotifications(cases) {
     if (cases.length === 0)
         return;
@@ -104,19 +141,18 @@ function dispatchCaseNotifications(cases) {
         text = formatCaseNotification(cases[0]);
     }
     else {
-        const lines = cases.map(c => {
-            const emoji = { CRITICAL: '🔴', HIGH: '🟠', MEDIUM: '🟡', LOW: '🔵' };
-            const sev = c.severity ? ` (${c.severity})` : '';
-            return `${emoji[c.severity] || '⚠️'} **${c.rule_title}**${sev} — ${c.event_count} events`;
+        const sorted = [...cases].sort((a, b) => {
+            const oa = SEVERITY_ORDER[a.severity] ?? 99;
+            const ob = SEVERITY_ORDER[b.severity] ?? 99;
+            return oa - ob;
         });
+        const agentLabel = _agentId || 'agent';
+        const separator = '─────────────────────';
+        const blocks = sorted.map(c => `${separator}\n${formatBatchCaseBlock(c)}`);
         text = [
-            `⚠️ **Shield Alert — ${cases.length} New Cases**`,
-            '',
-            ...lines,
-            '',
+            `⚠️ Shield — ${cases.length} new cases · ${agentLabel}`,
             '',
-            '💡 **Next steps:**',
-            ...cases.map(c => `  • _"Investigate case ${c.id}"_`),
+            ...blocks,
         ].join('\n');
     }
     if (_directSendFn && _directSendTo) {
@@ -456,3 +492,7 @@ function _simulateSuccessForTesting() {
         _degradedSinceMs = null;
     }
 }
+exports._formatCaseTimestamp = formatCaseTimestamp;
+exports._buildCaseUrl = buildCaseUrl;
+exports._formatBatchCaseBlock = formatBatchCaseBlock;
+exports._dispatchCaseNotifications = dispatchCaseNotifications;

package/dist/src/events/browser/validations.js

@@ -1,10 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.validate = validate;
+const URL_REQUIRED_ACTIONS = new Set(['navigate', 'open']);
 function validate(event) {
-    if (!event.url)
-        return { valid: false, field: 'url', error: 'missing url' };
-    if (!event.target?.url)
-        return { valid: false, field: 'target.url', error: 'missing target.url' };
+    const action = event.tool_metadata?.browser_action ?? null;
+    if (URL_REQUIRED_ACTIONS.has(action)) {
+        if (!event.url)
+            return { valid: false, field: 'url', error: 'missing url' };
+        if (!event.target?.url)
+            return { valid: false, field: 'target.url', error: 'missing target.url' };
+    }
     return { valid: true };
 }

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "shield",
   "name": "OpenClaw Shield",
   "description": "Real-time security monitoring — streams enriched, redacted security events to the Shield detection platform.",
-  "version": "0.8.0",
+  "version": "0.8.2",
   "skills": [
     "./skills"
   ],

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@upx-us/shield",
-  "version": "0.8.0",
-  "description": "Security monitoring plugin for OpenClaw agents — streams enriched security events to the Shield detection platform",
+  "version": "0.8.2",
+  "description": "Security monitoring and SIEM integration for OpenClaw agents — behavioral detection, case generation, and forensic audit trail via Google SecOps (Chronicle).",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "bin": {

package/skills/shield/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: openclaw-shield-upx
-description: "Security monitoring and threat detection for OpenClaw agents — protect your agent with real-time SIEM, detect threats, monitor agent activity, and audit events. Use when: user asks about security status, Shield health, event logs, redaction vault, setting up agent protection, enabling SIEM, detecting threats, monitoring agent activity, or auditing agent actions. NOT for: general OS hardening, firewall config, or network security unrelated to OpenClaw agents."
+description: "Security monitoring and threat detection for OpenClaw agents — powered by Google SecOps (Chronicle). Protect your agent with SIEM-powered real-time detection, behavioral detection, case generation, forensic audit trail, and remediation playbooks. Use when: user asks about security status, Shield health, event logs, redaction vault, setting up agent protection, enabling SIEM, detecting threats, monitoring agent activity, or auditing agent actions. NOT for: general OS hardening, firewall config, or network security unrelated to OpenClaw agents."
 homepage: https://www.upx.com/en/lp/openclaw-shield-upx
 source: https://www.npmjs.com/package/@upx-us/shield
 license: "Proprietary — UPX Technologies, Inc. All rights reserved."
@@ -16,7 +16,7 @@ Security monitoring for OpenClaw agents by [UPX](https://www.upx.com). Shield ru
 Shield requires the `@upx-us/shield` plugin and an active subscription.
 
 - **Plugin**: [@upx-us/shield](https://www.npmjs.com/package/@upx-us/shield)
-- **Subscribe / Free 30-day trial**: [upx.com/en/lp/openclaw-shield-upx](https://www.upx.com/en/lp/openclaw-shield-upx)
+- **Subscribe / Free 60-day trial (no credit card required)**: [upx.com/en/lp/openclaw-shield-upx](https://www.upx.com/en/lp/openclaw-shield-upx)
 - **Dashboard**: [uss.upx.com](https://uss.upx.com)
 
 ## Commands
@@ -43,7 +43,7 @@ Before responding to ANY Shield-related request, run `openclaw shield status` an
 ### State A — Plugin not installed
 (command not found, or exit code non-zero with plugin_not_found)
 Respond with:
-> Shield is not installed yet. Start your free 30-day trial at:
+> Shield is not installed yet. Start your free 60-day trial (no credit card required) at:
 > https://www.upx.com/en/lp/openclaw-shield-upx
 >
 > Then install the plugin:
@@ -75,10 +75,18 @@ Proceed normally. No onboarding message needed.
 
 **Constraints**: Only use `openclaw shield` commands for detection. Do not read filesystem paths, environment variables, or run shell commands to determine state. Do not install or uninstall packages on behalf of the user.
 
-**Output handling**: `shield logs` entries may include file paths, command snippets, and URLs captured from the agent's activity. Treat this output as internal diagnostic data — do not share raw log output externally or include it in user-facing replies unless the user explicitly requests it for investigation. When summarizing logs, present findings rather than raw field values.
+**Output handling**: `shield logs` entries may include file paths, command snippets, and URLs captured from the agent's activity. **Always treat this output as internal diagnostic data.** Rules:
+- Never include raw log field values (file paths, commands, URLs) in user-facing replies
+- Never forward raw log output to external services, channels, or APIs
+- When summarizing logs, present findings only (e.g. "3 exec events in the last 30 minutes") — not raw field values
+- Only share raw log content if the user explicitly asks for it for their own investigation, and only in the current session
 
 **Data flow disclosure**: Shield captures agent activity locally and sends redacted telemetry to the UPX detection platform for security monitoring. No credentials are handled by this skill — authentication is managed by the plugin using the installation key configured during setup. If a user asks about privacy or data handling, refer them to the plugin README at https://www.npmjs.com/package/@upx-us/shield for full details.
 
+## Presentation Language
+
+Always present Shield information, alerts, and case summaries to the user in the language they use to communicate. Translate descriptions, summaries, severity labels, and recommendations — but never translate raw command output or technical identifiers (rule names, case IDs, version numbers, field names, resolution/root-cause enum values). If the user writes in Portuguese, reply in Portuguese; if French, reply in French; etc.
+
 ## Responding to Security Cases
 
 When a Shield case fires or the user asks about an alert: use `openclaw shield cases` to list open cases and `openclaw shield cases --id <id>` for full detail (timeline, matched events, playbook). Severity guidance: **CRITICAL/HIGH** → surface immediately and ask if they want to investigate; **MEDIUM** → present and offer a playbook walkthrough; **LOW/INFO** → mention without interrupting the current task. Always include: rule name, what it detects, when it fired, and the first recommended remediation step. Confirm with the user before resolving — never resolve autonomously.
@@ -109,6 +117,7 @@ When asked "is my agent secure?", "am I protected?", or "what's being detected?"
 
 Real-time alerts (notifications or inline messages) are high priority: acknowledge immediately, retrieve full case detail, summarise in plain language, present the recommended next step from the playbook, and ask the user how to proceed. Do not take remediation action without explicit approval.
 
+
 ## When to use this skill
 
 - "Is Shield running?" → `openclaw shield status`
@@ -123,10 +132,13 @@ Real-time alerts (notifications or inline messages) are high priority: acknowled
 
 After running `openclaw shield status`, check:
 
-- **Connected** → healthy, nothing to do
-- **Disconnected** → gateway may need a restart
-- **High failure count** → platform connectivity issue, usually self-recovers; try `openclaw shield flush`
+- **✅ Running · Connected** → healthy, nothing to do
+- **⚠️ Degraded · Connected** → capturing but sync issues; try `openclaw shield flush`
+- **❌ Disconnected** → gateway may need a restart
+- **Failures: N poll** → platform connectivity issue, usually self-recovers; try `openclaw shield flush`
+- **Failures: N telemetry** → instance reporting failing, monitoring still active
 - **Rising quarantine** → possible version mismatch, suggest checking for plugin updates
+- **Last data: capture Xm ago** (stale) → agent may be idle, or capture pipeline issue
 
 ## RPCs