@veritera.ai/forge-openclaw 1.1.2 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +2 -12
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +2 -2
  4. package/dist/index.d.ts +2 -2
  5. package/dist/index.js +1 -1
  6. package/dist/index.js.map +1 -1
  7. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -1,9 +1,7 @@
1
1
  "use strict";
2
- var __create = Object.create;
3
2
  var __defProp = Object.defineProperty;
4
3
  var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
4
  var __getOwnPropNames = Object.getOwnPropertyNames;
6
- var __getProtoOf = Object.getPrototypeOf;
7
5
  var __hasOwnProp = Object.prototype.hasOwnProperty;
8
6
  var __export = (target, all) => {
9
7
  for (var name in all)
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
17
15
  }
18
16
  return to;
19
17
  };
20
- var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
21
- // If the importer is in node compatibility mode or this is not an ESM
22
- // file that has been converted to a CommonJS file using a Babel-
23
- // compatible transform (i.e. "__esModule" has not been set), then set
24
- // "default" to the CommonJS "module.exports" for node compatibility.
25
- isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
26
- mod
27
- ));
28
18
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
29
19
 
30
20
  // src/index.ts
@@ -34,7 +24,7 @@ __export(index_exports, {
34
24
  default: () => index_default
35
25
  });
36
26
  module.exports = __toCommonJS(index_exports);
37
- var import_sdk = __toESM(require("@veritera.ai/sdk"), 1);
27
+ var import_sdk = require("@veritera.ai/sdk");
38
28
  var ForgeSkill = class {
39
29
  forge;
40
30
  policy;
@@ -51,7 +41,7 @@ var ForgeSkill = class {
51
41
  if (!config.apiKey) {
52
42
  throw new Error("Forge OpenClaw Skill: apiKey is required");
53
43
  }
54
- this.forge = new import_sdk.default({
44
+ this.forge = new import_sdk.Veritera({
55
45
  apiKey: config.apiKey,
56
46
  baseUrl: config.baseUrl
57
47
  });
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/**\n * Forge OpenClaw Skill\n * ===================\n * Verification skill for OpenClaw agents.\n * Intercepts every tool call and verifies it through Forge before execution.\n *\n * Usage:\n * import { ForgeSkill } from \"@veritera.ai/forge-openclaw\"\n *\n * const skill = new ForgeSkill({ apiKey: \"vt_live_...\" })\n * agent.addSkill(skill)\n *\n * Every action your agent takes is now verified before execution.\n * Blocked actions never reach your tools.\n */\n\nimport Forge from \"@veritera.ai/sdk\";\nimport type { VeriteraConfig, VerifyResponse } from \"@veritera.ai/sdk\";\n\n// ── Types ──\n\nexport interface ForgeSkillConfig {\n /** Forge API key (vt_live_... or vt_test_...) */\n apiKey: string;\n /** Base URL for Forge API (default: https://veritera.ai) */\n baseUrl?: string;\n /** Policy name to evaluate against (optional) */\n policy?: string;\n /** Agent ID override (default: auto-detected from OpenClaw context) */\n agentId?: string;\n /** Actions to skip verification for (e.g., [\"read_file\", \"list_dir\"]) */\n skipActions?: string[];\n /** Called when an action is blocked */\n onBlocked?: (action: string, reason: string | null, result: VerifyResponse) => void;\n /** Called when an action is verified */\n onVerified?: (action: string, result: VerifyResponse) => void;\n /** Enable debug logging */\n debug?: boolean;\n}\n\nexport interface ToolCall {\n name: string;\n arguments?: Record<string, unknown>;\n [key: string]: unknown;\n}\n\nexport interface SkillResult {\n verified: boolean;\n action: string;\n verificationId?: string;\n latencyMs?: number;\n reason?: string | null;\n}\n\n// ── Forge OpenClaw Skill ──\n\nexport class ForgeSkill {\n private forge: InstanceType<typeof Forge>;\n private policy: string | undefined;\n private agentId: string;\n private skipActions: Set<string>;\n private onBlocked?: ForgeSkillConfig[\"onBlocked\"];\n private onVerified?: ForgeSkillConfig[\"onVerified\"];\n private debug: boolean;\n\n /** Skill metadata for OpenClaw registration */\n static readonly skillName = \"forge-verify\";\n static readonly version = \"1.1.2\";\n static readonly description = \"Forge verification — verifies every action before execution\";\n\n constructor(config: ForgeSkillConfig) {\n if (!config.apiKey) {\n throw new Error(\"Forge OpenClaw Skill: apiKey is required\");\n }\n\n this.forge = new Forge({\n apiKey: config.apiKey,\n baseUrl: config.baseUrl,\n });\n this.policy = config.policy;\n this.agentId = config.agentId ?? \"openclaw-agent\";\n this.skipActions = new Set(config.skipActions ?? []);\n this.onBlocked = config.onBlocked;\n this.onVerified = config.onVerified;\n this.debug = config.debug ?? false;\n }\n\n /**\n * Verify a tool call before execution.\n * Returns the verification result. If not verified, the action should be blocked.\n *\n * @param toolCall - The OpenClaw tool call to verify\n * @returns SkillResult with verification status\n */\n async verify(toolCall: ToolCall): Promise<SkillResult> {\n const action = toolCall.name;\n\n // Skip verification for whitelisted actions\n if (this.skipActions.has(action)) {\n if (this.debug) console.log(`[Forge] Skipping verification for: ${action}`);\n return { verified: true, action };\n }\n\n try {\n const result = await this.forge.verifyDecision({\n agentId: this.agentId,\n action,\n params: (toolCall.arguments ?? {}) as Record<string, unknown>,\n policy: this.policy,\n });\n\n if (this.debug) {\n console.log(`[Forge] ${result.verified ? \"✔ VERIFIED\" : \"✗ BLOCKED\"}: ${action} (${result.latencyMs}ms)`);\n }\n\n if (result.verified) {\n this.onVerified?.(action, result);\n } else {\n this.onBlocked?.(action, result.reason, result);\n }\n\n return {\n verified: result.verified,\n action,\n verificationId: result.verificationId,\n latencyMs: result.latencyMs,\n reason: result.reason,\n };\n } catch (err) {\n // Fail-closed: if verification service is unreachable, block the action\n if (this.debug) {\n console.error(`[Forge] Verification failed for ${action}:`, err);\n }\n return {\n verified: false,\n action,\n reason: \"Verification service unreachable — action blocked (fail-closed)\",\n };\n }\n }\n\n /**\n * Pre-execution interceptor for OpenClaw.\n * Register this as a skill hook to verify every action automatically.\n *\n * @param toolCall - The tool call from OpenClaw\n * @returns The tool call if verified, null if blocked\n */\n async intercept(toolCall: ToolCall): Promise<ToolCall | null> {\n const result = await this.verify(toolCall);\n if (!result.verified) {\n return null; // Blocked — OpenClaw will not execute this tool call\n }\n return toolCall; // Verified — proceed with execution\n }\n\n /**\n * Express/Connect-style middleware for custom integrations.\n * Verifies the action in req.body and blocks if denied.\n */\n middleware() {\n return async (req: any, res: any, next: any) => {\n const toolCall: ToolCall = {\n name: req.body?.action ?? req.body?.name ?? \"unknown\",\n arguments: req.body?.params ?? req.body?.arguments ?? {},\n };\n\n const result = await this.verify(toolCall);\n\n if (!result.verified) {\n return res.status(403).json({\n blocked: true,\n action: toolCall.name,\n reason: result.reason,\n verificationId: result.verificationId,\n });\n }\n\n // Attach verification result to request for downstream use\n req.forgeVerification = result;\n next();\n };\n }\n\n /**\n * Get the Forge client instance for direct API access.\n */\n getClient(): InstanceType<typeof Forge> {\n return this.forge;\n }\n}\n\n// Default export for convenience\nexport default ForgeSkill;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAgBA,iBAAkB;AAwCX,IAAM,aAAN,MAAiB;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGR,OAAgB,YAAY;AAAA,EAC5B,OAAgB,UAAU;AAAA,EAC1B,OAAgB,cAAc;AAAA,EAE9B,YAAY,QAA0B;AACpC,QAAI,CAAC,OAAO,QAAQ;AAClB,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,SAAK,QAAQ,IAAI,WAAAA,QAAM;AAAA,MACrB,QAAQ,OAAO;AAAA,MACf,SAAS,OAAO;AAAA,IAClB,CAAC;AACD,SAAK,SAAS,OAAO;AACrB,SAAK,UAAU,OAAO,WAAW;AACjC,SAAK,cAAc,IAAI,IAAI,OAAO,eAAe,CAAC,CAAC;AACnD,SAAK,YAAY,OAAO;AACxB,SAAK,aAAa,OAAO;AACzB,SAAK,QAAQ,OAAO,SAAS;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,UAA0C;AACrD,UAAM,SAAS,SAAS;AAGxB,QAAI,KAAK,YAAY,IAAI,MAAM,GAAG;AAChC,UAAI,KAAK,MAAO,SAAQ,IAAI,sCAAsC,MAAM,EAAE;AAC1E,aAAO,EAAE,UAAU,MAAM,OAAO;AAAA,IAClC;AAEA,QAAI;AACF,YAAM,SAAS,MAAM,KAAK,MAAM,eAAe;AAAA,QAC7C,SAAS,KAAK;AAAA,QACd;AAAA,QACA,QAAS,SAAS,aAAa,CAAC;AAAA,QAChC,QAAQ,KAAK;AAAA,MACf,CAAC;AAED,UAAI,KAAK,OAAO;AACd,gBAAQ,IAAI,WAAW,OAAO,WAAW,oBAAe,gBAAW,KAAK,MAAM,KAAK,OAAO,SAAS,KAAK;AAAA,MAC1G;AAEA,UAAI,OAAO,UAAU;AACnB,aAAK,aAAa,QAAQ,MAAM;AAAA,MAClC,OAAO;AACL,aAAK,YAAY,QAAQ,OAAO,QAAQ,MAAM;AAAA,MAChD;AAEA,aAAO;AAAA,QACL,UAAU,OAAO;AAAA,QACjB;AAAA,QACA,gBAAgB,OAAO;AAAA,QACvB,WAAW,OAAO;AAAA,QAClB,QAAQ,OAAO;AAAA,MACjB;AAAA,IACF,SAAS,KAAK;AAEZ,UAAI,KAAK,OAAO;AACd,gBAAQ,MAAM,mCAAmC,MAAM,KAAK,GAAG;AAAA,MACjE;AACA,aAAO;AAAA,QACL,UAAU;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACV;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,UAAU,UAA8C;AAC5D,UAAM,SAAS,MAAM,KAAK,OAAO,QAAQ;AACzC,QAAI,CAAC,OAAO,UAAU;AACpB,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,aAAa;AACX,WAAO,OAAO,KAAU,KAAU,SAAc;AAC9C,YAAM,WAAqB;AAAA,QACzB,MAAM,IAAI,MAAM,UAAU,IAAI,MAAM,QAAQ;AAAA,QAC5C,WAAW,IAAI,MAAM,UAAU,IAAI,MAAM,aAAa,CAAC;AAAA,MACzD;AAEA,YAAM,SAAS,MAAM,KAAK,OAAO,QAAQ;AAEzC,UAAI,CAAC,OAAO,UAAU;AACpB,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UAC1B,SAAS;AAAA,UACT,QAAQ,SAAS;AAAA,UACjB,QAAQ,OAAO;AAAA,UACf,gBAAgB,OAAO;AAAA,QACzB,CAAC;AAAA,MACH;AAGA,UAAI,oBAAoB;AACxB,WAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,YAAwC;AACtC,WAAO,KAAK;AAAA,EACd;AACF;AAGA,IAAO,gBAAQ;","names":["Forge"]}
1
+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/**\n * Forge OpenClaw Skill\n * ===================\n * Verification skill for OpenClaw agents.\n * Intercepts every tool call and verifies it through Forge before execution.\n *\n * Usage:\n * import { ForgeSkill } from \"@veritera.ai/forge-openclaw\"\n *\n * const skill = new ForgeSkill({ apiKey: \"vt_live_...\" })\n * agent.addSkill(skill)\n *\n * Every action your agent takes is now verified before execution.\n * Blocked actions never reach your tools.\n */\n\nimport { Veritera as Forge } from \"@veritera.ai/sdk\";\nimport type { VerifyResponse } from \"@veritera.ai/sdk\";\n\n// ── Types ──\n\nexport interface ForgeSkillConfig {\n /** Forge API key (vt_live_... or vt_test_...) */\n apiKey: string;\n /** Base URL for Forge API (default: https://veritera.ai) */\n baseUrl?: string;\n /** Policy name to evaluate against (optional) */\n policy?: string;\n /** Agent ID override (default: auto-detected from OpenClaw context) */\n agentId?: string;\n /** Actions to skip verification for (e.g., [\"read_file\", \"list_dir\"]) */\n skipActions?: string[];\n /** Called when an action is blocked */\n onBlocked?: (action: string, reason: string | null, result: VerifyResponse) => void;\n /** Called when an action is verified */\n onVerified?: (action: string, result: VerifyResponse) => void;\n /** Enable debug logging */\n debug?: boolean;\n}\n\nexport interface ToolCall {\n name: string;\n arguments?: Record<string, unknown>;\n [key: string]: unknown;\n}\n\nexport interface SkillResult {\n verified: boolean;\n action: string;\n verificationId?: string;\n latencyMs?: number;\n reason?: string | null;\n}\n\n// ── Forge OpenClaw Skill ──\n\nexport class ForgeSkill {\n private forge: InstanceType<typeof Forge>;\n private policy: string | undefined;\n private agentId: string;\n private skipActions: Set<string>;\n private onBlocked?: ForgeSkillConfig[\"onBlocked\"];\n private onVerified?: ForgeSkillConfig[\"onVerified\"];\n private debug: boolean;\n\n /** Skill metadata for OpenClaw registration */\n static readonly skillName = \"forge-verify\";\n static readonly version = \"1.1.2\";\n static readonly description = \"Forge verification — verifies every action before execution\";\n\n constructor(config: ForgeSkillConfig) {\n if (!config.apiKey) {\n throw new Error(\"Forge OpenClaw Skill: apiKey is required\");\n }\n\n this.forge = new Forge({\n apiKey: config.apiKey,\n baseUrl: config.baseUrl,\n });\n this.policy = config.policy;\n this.agentId = config.agentId ?? \"openclaw-agent\";\n this.skipActions = new Set(config.skipActions ?? []);\n this.onBlocked = config.onBlocked;\n this.onVerified = config.onVerified;\n this.debug = config.debug ?? false;\n }\n\n /**\n * Verify a tool call before execution.\n * Returns the verification result. If not verified, the action should be blocked.\n *\n * @param toolCall - The OpenClaw tool call to verify\n * @returns SkillResult with verification status\n */\n async verify(toolCall: ToolCall): Promise<SkillResult> {\n const action = toolCall.name;\n\n // Skip verification for whitelisted actions\n if (this.skipActions.has(action)) {\n if (this.debug) console.log(`[Forge] Skipping verification for: ${action}`);\n return { verified: true, action };\n }\n\n try {\n const result = await this.forge.verifyDecision({\n agentId: this.agentId,\n action,\n params: (toolCall.arguments ?? {}) as Record<string, unknown>,\n policy: this.policy,\n });\n\n if (this.debug) {\n console.log(`[Forge] ${result.verified ? \"✔ VERIFIED\" : \"✗ BLOCKED\"}: ${action} (${result.latencyMs}ms)`);\n }\n\n if (result.verified) {\n this.onVerified?.(action, result);\n } else {\n this.onBlocked?.(action, result.reason, result);\n }\n\n return {\n verified: result.verified,\n action,\n verificationId: result.verificationId,\n latencyMs: result.latencyMs,\n reason: result.reason,\n };\n } catch (err) {\n // Fail-closed: if verification service is unreachable, block the action\n if (this.debug) {\n console.error(`[Forge] Verification failed for ${action}:`, err);\n }\n return {\n verified: false,\n action,\n reason: \"Verification service unreachable — action blocked (fail-closed)\",\n };\n }\n }\n\n /**\n * Pre-execution interceptor for OpenClaw.\n * Register this as a skill hook to verify every action automatically.\n *\n * @param toolCall - The tool call from OpenClaw\n * @returns The tool call if verified, null if blocked\n */\n async intercept(toolCall: ToolCall): Promise<ToolCall | null> {\n const result = await this.verify(toolCall);\n if (!result.verified) {\n return null; // Blocked — OpenClaw will not execute this tool call\n }\n return toolCall; // Verified — proceed with execution\n }\n\n /**\n * Express/Connect-style middleware for custom integrations.\n * Verifies the action in req.body and blocks if denied.\n */\n middleware() {\n return async (req: any, res: any, next: any) => {\n const toolCall: ToolCall = {\n name: req.body?.action ?? req.body?.name ?? \"unknown\",\n arguments: req.body?.params ?? req.body?.arguments ?? {},\n };\n\n const result = await this.verify(toolCall);\n\n if (!result.verified) {\n return res.status(403).json({\n blocked: true,\n action: toolCall.name,\n reason: result.reason,\n verificationId: result.verificationId,\n });\n }\n\n // Attach verification result to request for downstream use\n req.forgeVerification = result;\n next();\n };\n }\n\n /**\n * Get the Forge client instance for direct API access.\n */\n getClient(): InstanceType<typeof Forge> {\n return this.forge;\n }\n}\n\n// Default export for convenience\nexport default ForgeSkill;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAgBA,iBAAkC;AAwC3B,IAAM,aAAN,MAAiB;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGR,OAAgB,YAAY;AAAA,EAC5B,OAAgB,UAAU;AAAA,EAC1B,OAAgB,cAAc;AAAA,EAE9B,YAAY,QAA0B;AACpC,QAAI,CAAC,OAAO,QAAQ;AAClB,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,SAAK,QAAQ,IAAI,WAAAA,SAAM;AAAA,MACrB,QAAQ,OAAO;AAAA,MACf,SAAS,OAAO;AAAA,IAClB,CAAC;AACD,SAAK,SAAS,OAAO;AACrB,SAAK,UAAU,OAAO,WAAW;AACjC,SAAK,cAAc,IAAI,IAAI,OAAO,eAAe,CAAC,CAAC;AACnD,SAAK,YAAY,OAAO;AACxB,SAAK,aAAa,OAAO;AACzB,SAAK,QAAQ,OAAO,SAAS;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,UAA0C;AACrD,UAAM,SAAS,SAAS;AAGxB,QAAI,KAAK,YAAY,IAAI,MAAM,GAAG;AAChC,UAAI,KAAK,MAAO,SAAQ,IAAI,sCAAsC,MAAM,EAAE;AAC1E,aAAO,EAAE,UAAU,MAAM,OAAO;AAAA,IAClC;AAEA,QAAI;AACF,YAAM,SAAS,MAAM,KAAK,MAAM,eAAe;AAAA,QAC7C,SAAS,KAAK;AAAA,QACd;AAAA,QACA,QAAS,SAAS,aAAa,CAAC;AAAA,QAChC,QAAQ,KAAK;AAAA,MACf,CAAC;AAED,UAAI,KAAK,OAAO;AACd,gBAAQ,IAAI,WAAW,OAAO,WAAW,oBAAe,gBAAW,KAAK,MAAM,KAAK,OAAO,SAAS,KAAK;AAAA,MAC1G;AAEA,UAAI,OAAO,UAAU;AACnB,aAAK,aAAa,QAAQ,MAAM;AAAA,MAClC,OAAO;AACL,aAAK,YAAY,QAAQ,OAAO,QAAQ,MAAM;AAAA,MAChD;AAEA,aAAO;AAAA,QACL,UAAU,OAAO;AAAA,QACjB;AAAA,QACA,gBAAgB,OAAO;AAAA,QACvB,WAAW,OAAO;AAAA,QAClB,QAAQ,OAAO;AAAA,MACjB;AAAA,IACF,SAAS,KAAK;AAEZ,UAAI,KAAK,OAAO;AACd,gBAAQ,MAAM,mCAAmC,MAAM,KAAK,GAAG;AAAA,MACjE;AACA,aAAO;AAAA,QACL,UAAU;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACV;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,UAAU,UAA8C;AAC5D,UAAM,SAAS,MAAM,KAAK,OAAO,QAAQ;AACzC,QAAI,CAAC,OAAO,UAAU;AACpB,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,aAAa;AACX,WAAO,OAAO,KAAU,KAAU,SAAc;AAC9C,YAAM,WAAqB;AAAA,QACzB,MAAM,IAAI,MAAM,UAAU,IAAI,MAAM,QAAQ;AAAA,QAC5C,WAAW,IAAI,MAAM,UAAU,IAAI,MAAM,aAAa,CAAC;AAAA,MACzD;AAEA,YAAM,SAAS,MAAM,KAAK,OAAO,QAAQ;AAEzC,UAAI,CAAC,OAAO,UAAU;AACpB,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UAC1B,SAAS;AAAA,UACT,QAAQ,SAAS;AAAA,UACjB,QAAQ,OAAO;AAAA,UACf,gBAAgB,OAAO;AAAA,QACzB,CAAC;AAAA,MACH;AAGA,UAAI,oBAAoB;AACxB,WAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,YAAwC;AACtC,WAAO,KAAK;AAAA,EACd;AACF;AAGA,IAAO,gBAAQ;","names":["Forge"]}
package/dist/index.d.cts CHANGED
@@ -1,4 +1,4 @@
1
- import Forge, { VerifyResponse } from '@veritera.ai/sdk';
1
+ import { VerifyResponse, Veritera } from '@veritera.ai/sdk';
2
2
 
3
3
  /**
4
4
  * Forge OpenClaw Skill
@@ -83,7 +83,7 @@ declare class ForgeSkill {
83
83
  /**
84
84
  * Get the Forge client instance for direct API access.
85
85
  */
86
- getClient(): InstanceType<typeof Forge>;
86
+ getClient(): InstanceType<typeof Veritera>;
87
87
  }
88
88
 
89
89
  export { ForgeSkill, type ForgeSkillConfig, type SkillResult, type ToolCall, ForgeSkill as default };
package/dist/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import Forge, { VerifyResponse } from '@veritera.ai/sdk';
1
+ import { VerifyResponse, Veritera } from '@veritera.ai/sdk';
2
2
 
3
3
  /**
4
4
  * Forge OpenClaw Skill
@@ -83,7 +83,7 @@ declare class ForgeSkill {
83
83
  /**
84
84
  * Get the Forge client instance for direct API access.
85
85
  */
86
- getClient(): InstanceType<typeof Forge>;
86
+ getClient(): InstanceType<typeof Veritera>;
87
87
  }
88
88
 
89
89
  export { ForgeSkill, type ForgeSkillConfig, type SkillResult, type ToolCall, ForgeSkill as default };
package/dist/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  // src/index.ts
2
- import Forge from "@veritera.ai/sdk";
2
+ import { Veritera as Forge } from "@veritera.ai/sdk";
3
3
  var ForgeSkill = class {
4
4
  forge;
5
5
  policy;
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/**\n * Forge OpenClaw Skill\n * ===================\n * Verification skill for OpenClaw agents.\n * Intercepts every tool call and verifies it through Forge before execution.\n *\n * Usage:\n * import { ForgeSkill } from \"@veritera.ai/forge-openclaw\"\n *\n * const skill = new ForgeSkill({ apiKey: \"vt_live_...\" })\n * agent.addSkill(skill)\n *\n * Every action your agent takes is now verified before execution.\n * Blocked actions never reach your tools.\n */\n\nimport Forge from \"@veritera.ai/sdk\";\nimport type { VeriteraConfig, VerifyResponse } from \"@veritera.ai/sdk\";\n\n// ── Types ──\n\nexport interface ForgeSkillConfig {\n /** Forge API key (vt_live_... or vt_test_...) */\n apiKey: string;\n /** Base URL for Forge API (default: https://veritera.ai) */\n baseUrl?: string;\n /** Policy name to evaluate against (optional) */\n policy?: string;\n /** Agent ID override (default: auto-detected from OpenClaw context) */\n agentId?: string;\n /** Actions to skip verification for (e.g., [\"read_file\", \"list_dir\"]) */\n skipActions?: string[];\n /** Called when an action is blocked */\n onBlocked?: (action: string, reason: string | null, result: VerifyResponse) => void;\n /** Called when an action is verified */\n onVerified?: (action: string, result: VerifyResponse) => void;\n /** Enable debug logging */\n debug?: boolean;\n}\n\nexport interface ToolCall {\n name: string;\n arguments?: Record<string, unknown>;\n [key: string]: unknown;\n}\n\nexport interface SkillResult {\n verified: boolean;\n action: string;\n verificationId?: string;\n latencyMs?: number;\n reason?: string | null;\n}\n\n// ── Forge OpenClaw Skill ──\n\nexport class ForgeSkill {\n private forge: InstanceType<typeof Forge>;\n private policy: string | undefined;\n private agentId: string;\n private skipActions: Set<string>;\n private onBlocked?: ForgeSkillConfig[\"onBlocked\"];\n private onVerified?: ForgeSkillConfig[\"onVerified\"];\n private debug: boolean;\n\n /** Skill metadata for OpenClaw registration */\n static readonly skillName = \"forge-verify\";\n static readonly version = \"1.1.2\";\n static readonly description = \"Forge verification — verifies every action before execution\";\n\n constructor(config: ForgeSkillConfig) {\n if (!config.apiKey) {\n throw new Error(\"Forge OpenClaw Skill: apiKey is required\");\n }\n\n this.forge = new Forge({\n apiKey: config.apiKey,\n baseUrl: config.baseUrl,\n });\n this.policy = config.policy;\n this.agentId = config.agentId ?? \"openclaw-agent\";\n this.skipActions = new Set(config.skipActions ?? []);\n this.onBlocked = config.onBlocked;\n this.onVerified = config.onVerified;\n this.debug = config.debug ?? false;\n }\n\n /**\n * Verify a tool call before execution.\n * Returns the verification result. If not verified, the action should be blocked.\n *\n * @param toolCall - The OpenClaw tool call to verify\n * @returns SkillResult with verification status\n */\n async verify(toolCall: ToolCall): Promise<SkillResult> {\n const action = toolCall.name;\n\n // Skip verification for whitelisted actions\n if (this.skipActions.has(action)) {\n if (this.debug) console.log(`[Forge] Skipping verification for: ${action}`);\n return { verified: true, action };\n }\n\n try {\n const result = await this.forge.verifyDecision({\n agentId: this.agentId,\n action,\n params: (toolCall.arguments ?? {}) as Record<string, unknown>,\n policy: this.policy,\n });\n\n if (this.debug) {\n console.log(`[Forge] ${result.verified ? \"✔ VERIFIED\" : \"✗ BLOCKED\"}: ${action} (${result.latencyMs}ms)`);\n }\n\n if (result.verified) {\n this.onVerified?.(action, result);\n } else {\n this.onBlocked?.(action, result.reason, result);\n }\n\n return {\n verified: result.verified,\n action,\n verificationId: result.verificationId,\n latencyMs: result.latencyMs,\n reason: result.reason,\n };\n } catch (err) {\n // Fail-closed: if verification service is unreachable, block the action\n if (this.debug) {\n console.error(`[Forge] Verification failed for ${action}:`, err);\n }\n return {\n verified: false,\n action,\n reason: \"Verification service unreachable — action blocked (fail-closed)\",\n };\n }\n }\n\n /**\n * Pre-execution interceptor for OpenClaw.\n * Register this as a skill hook to verify every action automatically.\n *\n * @param toolCall - The tool call from OpenClaw\n * @returns The tool call if verified, null if blocked\n */\n async intercept(toolCall: ToolCall): Promise<ToolCall | null> {\n const result = await this.verify(toolCall);\n if (!result.verified) {\n return null; // Blocked — OpenClaw will not execute this tool call\n }\n return toolCall; // Verified — proceed with execution\n }\n\n /**\n * Express/Connect-style middleware for custom integrations.\n * Verifies the action in req.body and blocks if denied.\n */\n middleware() {\n return async (req: any, res: any, next: any) => {\n const toolCall: ToolCall = {\n name: req.body?.action ?? req.body?.name ?? \"unknown\",\n arguments: req.body?.params ?? req.body?.arguments ?? {},\n };\n\n const result = await this.verify(toolCall);\n\n if (!result.verified) {\n return res.status(403).json({\n blocked: true,\n action: toolCall.name,\n reason: result.reason,\n verificationId: result.verificationId,\n });\n }\n\n // Attach verification result to request for downstream use\n req.forgeVerification = result;\n next();\n };\n }\n\n /**\n * Get the Forge client instance for direct API access.\n */\n getClient(): InstanceType<typeof Forge> {\n return this.forge;\n }\n}\n\n// Default export for convenience\nexport default ForgeSkill;\n"],"mappings":";AAgBA,OAAO,WAAW;AAwCX,IAAM,aAAN,MAAiB;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGR,OAAgB,YAAY;AAAA,EAC5B,OAAgB,UAAU;AAAA,EAC1B,OAAgB,cAAc;AAAA,EAE9B,YAAY,QAA0B;AACpC,QAAI,CAAC,OAAO,QAAQ;AAClB,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,SAAK,QAAQ,IAAI,MAAM;AAAA,MACrB,QAAQ,OAAO;AAAA,MACf,SAAS,OAAO;AAAA,IAClB,CAAC;AACD,SAAK,SAAS,OAAO;AACrB,SAAK,UAAU,OAAO,WAAW;AACjC,SAAK,cAAc,IAAI,IAAI,OAAO,eAAe,CAAC,CAAC;AACnD,SAAK,YAAY,OAAO;AACxB,SAAK,aAAa,OAAO;AACzB,SAAK,QAAQ,OAAO,SAAS;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,UAA0C;AACrD,UAAM,SAAS,SAAS;AAGxB,QAAI,KAAK,YAAY,IAAI,MAAM,GAAG;AAChC,UAAI,KAAK,MAAO,SAAQ,IAAI,sCAAsC,MAAM,EAAE;AAC1E,aAAO,EAAE,UAAU,MAAM,OAAO;AAAA,IAClC;AAEA,QAAI;AACF,YAAM,SAAS,MAAM,KAAK,MAAM,eAAe;AAAA,QAC7C,SAAS,KAAK;AAAA,QACd;AAAA,QACA,QAAS,SAAS,aAAa,CAAC;AAAA,QAChC,QAAQ,KAAK;AAAA,MACf,CAAC;AAED,UAAI,KAAK,OAAO;AACd,gBAAQ,IAAI,WAAW,OAAO,WAAW,oBAAe,gBAAW,KAAK,MAAM,KAAK,OAAO,SAAS,KAAK;AAAA,MAC1G;AAEA,UAAI,OAAO,UAAU;AACnB,aAAK,aAAa,QAAQ,MAAM;AAAA,MAClC,OAAO;AACL,aAAK,YAAY,QAAQ,OAAO,QAAQ,MAAM;AAAA,MAChD;AAEA,aAAO;AAAA,QACL,UAAU,OAAO;AAAA,QACjB;AAAA,QACA,gBAAgB,OAAO;AAAA,QACvB,WAAW,OAAO;AAAA,QAClB,QAAQ,OAAO;AAAA,MACjB;AAAA,IACF,SAAS,KAAK;AAEZ,UAAI,KAAK,OAAO;AACd,gBAAQ,MAAM,mCAAmC,MAAM,KAAK,GAAG;AAAA,MACjE;AACA,aAAO;AAAA,QACL,UAAU;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACV;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,UAAU,UAA8C;AAC5D,UAAM,SAAS,MAAM,KAAK,OAAO,QAAQ;AACzC,QAAI,CAAC,OAAO,UAAU;AACpB,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,aAAa;AACX,WAAO,OAAO,KAAU,KAAU,SAAc;AAC9C,YAAM,WAAqB;AAAA,QACzB,MAAM,IAAI,MAAM,UAAU,IAAI,MAAM,QAAQ;AAAA,QAC5C,WAAW,IAAI,MAAM,UAAU,IAAI,MAAM,aAAa,CAAC;AAAA,MACzD;AAEA,YAAM,SAAS,MAAM,KAAK,OAAO,QAAQ;AAEzC,UAAI,CAAC,OAAO,UAAU;AACpB,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UAC1B,SAAS;AAAA,UACT,QAAQ,SAAS;AAAA,UACjB,QAAQ,OAAO;AAAA,UACf,gBAAgB,OAAO;AAAA,QACzB,CAAC;AAAA,MACH;AAGA,UAAI,oBAAoB;AACxB,WAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,YAAwC;AACtC,WAAO,KAAK;AAAA,EACd;AACF;AAGA,IAAO,gBAAQ;","names":[]}
1
+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/**\n * Forge OpenClaw Skill\n * ===================\n * Verification skill for OpenClaw agents.\n * Intercepts every tool call and verifies it through Forge before execution.\n *\n * Usage:\n * import { ForgeSkill } from \"@veritera.ai/forge-openclaw\"\n *\n * const skill = new ForgeSkill({ apiKey: \"vt_live_...\" })\n * agent.addSkill(skill)\n *\n * Every action your agent takes is now verified before execution.\n * Blocked actions never reach your tools.\n */\n\nimport { Veritera as Forge } from \"@veritera.ai/sdk\";\nimport type { VerifyResponse } from \"@veritera.ai/sdk\";\n\n// ── Types ──\n\nexport interface ForgeSkillConfig {\n /** Forge API key (vt_live_... or vt_test_...) */\n apiKey: string;\n /** Base URL for Forge API (default: https://veritera.ai) */\n baseUrl?: string;\n /** Policy name to evaluate against (optional) */\n policy?: string;\n /** Agent ID override (default: auto-detected from OpenClaw context) */\n agentId?: string;\n /** Actions to skip verification for (e.g., [\"read_file\", \"list_dir\"]) */\n skipActions?: string[];\n /** Called when an action is blocked */\n onBlocked?: (action: string, reason: string | null, result: VerifyResponse) => void;\n /** Called when an action is verified */\n onVerified?: (action: string, result: VerifyResponse) => void;\n /** Enable debug logging */\n debug?: boolean;\n}\n\nexport interface ToolCall {\n name: string;\n arguments?: Record<string, unknown>;\n [key: string]: unknown;\n}\n\nexport interface SkillResult {\n verified: boolean;\n action: string;\n verificationId?: string;\n latencyMs?: number;\n reason?: string | null;\n}\n\n// ── Forge OpenClaw Skill ──\n\nexport class ForgeSkill {\n private forge: InstanceType<typeof Forge>;\n private policy: string | undefined;\n private agentId: string;\n private skipActions: Set<string>;\n private onBlocked?: ForgeSkillConfig[\"onBlocked\"];\n private onVerified?: ForgeSkillConfig[\"onVerified\"];\n private debug: boolean;\n\n /** Skill metadata for OpenClaw registration */\n static readonly skillName = \"forge-verify\";\n static readonly version = \"1.1.2\";\n static readonly description = \"Forge verification — verifies every action before execution\";\n\n constructor(config: ForgeSkillConfig) {\n if (!config.apiKey) {\n throw new Error(\"Forge OpenClaw Skill: apiKey is required\");\n }\n\n this.forge = new Forge({\n apiKey: config.apiKey,\n baseUrl: config.baseUrl,\n });\n this.policy = config.policy;\n this.agentId = config.agentId ?? \"openclaw-agent\";\n this.skipActions = new Set(config.skipActions ?? []);\n this.onBlocked = config.onBlocked;\n this.onVerified = config.onVerified;\n this.debug = config.debug ?? false;\n }\n\n /**\n * Verify a tool call before execution.\n * Returns the verification result. If not verified, the action should be blocked.\n *\n * @param toolCall - The OpenClaw tool call to verify\n * @returns SkillResult with verification status\n */\n async verify(toolCall: ToolCall): Promise<SkillResult> {\n const action = toolCall.name;\n\n // Skip verification for whitelisted actions\n if (this.skipActions.has(action)) {\n if (this.debug) console.log(`[Forge] Skipping verification for: ${action}`);\n return { verified: true, action };\n }\n\n try {\n const result = await this.forge.verifyDecision({\n agentId: this.agentId,\n action,\n params: (toolCall.arguments ?? {}) as Record<string, unknown>,\n policy: this.policy,\n });\n\n if (this.debug) {\n console.log(`[Forge] ${result.verified ? \"✔ VERIFIED\" : \"✗ BLOCKED\"}: ${action} (${result.latencyMs}ms)`);\n }\n\n if (result.verified) {\n this.onVerified?.(action, result);\n } else {\n this.onBlocked?.(action, result.reason, result);\n }\n\n return {\n verified: result.verified,\n action,\n verificationId: result.verificationId,\n latencyMs: result.latencyMs,\n reason: result.reason,\n };\n } catch (err) {\n // Fail-closed: if verification service is unreachable, block the action\n if (this.debug) {\n console.error(`[Forge] Verification failed for ${action}:`, err);\n }\n return {\n verified: false,\n action,\n reason: \"Verification service unreachable — action blocked (fail-closed)\",\n };\n }\n }\n\n /**\n * Pre-execution interceptor for OpenClaw.\n * Register this as a skill hook to verify every action automatically.\n *\n * @param toolCall - The tool call from OpenClaw\n * @returns The tool call if verified, null if blocked\n */\n async intercept(toolCall: ToolCall): Promise<ToolCall | null> {\n const result = await this.verify(toolCall);\n if (!result.verified) {\n return null; // Blocked — OpenClaw will not execute this tool call\n }\n return toolCall; // Verified — proceed with execution\n }\n\n /**\n * Express/Connect-style middleware for custom integrations.\n * Verifies the action in req.body and blocks if denied.\n */\n middleware() {\n return async (req: any, res: any, next: any) => {\n const toolCall: ToolCall = {\n name: req.body?.action ?? req.body?.name ?? \"unknown\",\n arguments: req.body?.params ?? req.body?.arguments ?? {},\n };\n\n const result = await this.verify(toolCall);\n\n if (!result.verified) {\n return res.status(403).json({\n blocked: true,\n action: toolCall.name,\n reason: result.reason,\n verificationId: result.verificationId,\n });\n }\n\n // Attach verification result to request for downstream use\n req.forgeVerification = result;\n next();\n };\n }\n\n /**\n * Get the Forge client instance for direct API access.\n */\n getClient(): InstanceType<typeof Forge> {\n return this.forge;\n }\n}\n\n// Default export for convenience\nexport default ForgeSkill;\n"],"mappings":";AAgBA,SAAS,YAAY,aAAa;AAwC3B,IAAM,aAAN,MAAiB;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGR,OAAgB,YAAY;AAAA,EAC5B,OAAgB,UAAU;AAAA,EAC1B,OAAgB,cAAc;AAAA,EAE9B,YAAY,QAA0B;AACpC,QAAI,CAAC,OAAO,QAAQ;AAClB,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,SAAK,QAAQ,IAAI,MAAM;AAAA,MACrB,QAAQ,OAAO;AAAA,MACf,SAAS,OAAO;AAAA,IAClB,CAAC;AACD,SAAK,SAAS,OAAO;AACrB,SAAK,UAAU,OAAO,WAAW;AACjC,SAAK,cAAc,IAAI,IAAI,OAAO,eAAe,CAAC,CAAC;AACnD,SAAK,YAAY,OAAO;AACxB,SAAK,aAAa,OAAO;AACzB,SAAK,QAAQ,OAAO,SAAS;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,UAA0C;AACrD,UAAM,SAAS,SAAS;AAGxB,QAAI,KAAK,YAAY,IAAI,MAAM,GAAG;AAChC,UAAI,KAAK,MAAO,SAAQ,IAAI,sCAAsC,MAAM,EAAE;AAC1E,aAAO,EAAE,UAAU,MAAM,OAAO;AAAA,IAClC;AAEA,QAAI;AACF,YAAM,SAAS,MAAM,KAAK,MAAM,eAAe;AAAA,QAC7C,SAAS,KAAK;AAAA,QACd;AAAA,QACA,QAAS,SAAS,aAAa,CAAC;AAAA,QAChC,QAAQ,KAAK;AAAA,MACf,CAAC;AAED,UAAI,KAAK,OAAO;AACd,gBAAQ,IAAI,WAAW,OAAO,WAAW,oBAAe,gBAAW,KAAK,MAAM,KAAK,OAAO,SAAS,KAAK;AAAA,MAC1G;AAEA,UAAI,OAAO,UAAU;AACnB,aAAK,aAAa,QAAQ,MAAM;AAAA,MAClC,OAAO;AACL,aAAK,YAAY,QAAQ,OAAO,QAAQ,MAAM;AAAA,MAChD;AAEA,aAAO;AAAA,QACL,UAAU,OAAO;AAAA,QACjB;AAAA,QACA,gBAAgB,OAAO;AAAA,QACvB,WAAW,OAAO;AAAA,QAClB,QAAQ,OAAO;AAAA,MACjB;AAAA,IACF,SAAS,KAAK;AAEZ,UAAI,KAAK,OAAO;AACd,gBAAQ,MAAM,mCAAmC,MAAM,KAAK,GAAG;AAAA,MACjE;AACA,aAAO;AAAA,QACL,UAAU;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACV;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,UAAU,UAA8C;AAC5D,UAAM,SAAS,MAAM,KAAK,OAAO,QAAQ;AACzC,QAAI,CAAC,OAAO,UAAU;AACpB,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,aAAa;AACX,WAAO,OAAO,KAAU,KAAU,SAAc;AAC9C,YAAM,WAAqB;AAAA,QACzB,MAAM,IAAI,MAAM,UAAU,IAAI,MAAM,QAAQ;AAAA,QAC5C,WAAW,IAAI,MAAM,UAAU,IAAI,MAAM,aAAa,CAAC;AAAA,MACzD;AAEA,YAAM,SAAS,MAAM,KAAK,OAAO,QAAQ;AAEzC,UAAI,CAAC,OAAO,UAAU;AACpB,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UAC1B,SAAS;AAAA,UACT,QAAQ,SAAS;AAAA,UACjB,QAAQ,OAAO;AAAA,UACf,gBAAgB,OAAO;AAAA,QACzB,CAAC;AAAA,MACH;AAGA,UAAI,oBAAoB;AACxB,WAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,YAAwC;AACtC,WAAO,KAAK;AAAA,EACd;AACF;AAGA,IAAO,gBAAQ;","names":[]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@veritera.ai/forge-openclaw",
3
- "version": "1.1.2",
3
+ "version": "1.1.3",
4
4
  "description": "Forge verification skill for OpenClaw agents — verify every action before execution",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",