npm - aquaman-plugin - Versions diffs - 0.5.0 → 0.5.1 - Mend

aquaman-plugin 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +36 -68
package/package.json +2 -2

package/README.md CHANGED Viewed

@@ -2,40 +2,48 @@
 OpenClaw Gateway plugin for [aquaman](https://github.com/tech4242/aquaman) credential isolation.
-## What This Is
+## How It Works
+```
+Agent / OpenClaw Gateway              Aquaman Proxy
+┌──────────────────────┐              ┌──────────────────────┐
+│                      │              │                      │
+│  ANTHROPIC_BASE_URL  │──request────>│  Keychain / 1Pass /  │
+│  = localhost:8081    │              │  Vault / Encrypted   │
+│                      │<─response────│                      │
+│  fetch() interceptor │──channel────>│  + Auth injected:    │
+│  redirects channel   │   traffic    │    header / url-path │
+│  API traffic         │              │    basic / oauth     │
+│                      │              │                      │
+│  No credentials.     │              │                      │
+│  Nothing to steal.   │              │                      │
+└──────────────────────┘              └───┬──────────┬───────┘
+                                         │          │
+                                         │          ▼
+                                         │  ~/.aquaman/audit/
+                                         │  (hash-chained log)
+                                         ▼
+                               api.anthropic.com
+                               api.telegram.org
+                               slack.com/api  ...
+```
-`aquaman-plugin` integrates aquaman's credential isolation proxy with the OpenClaw Gateway. When loaded, it routes all LLM and channel API traffic through the aquaman proxy so credentials never enter the Gateway process.
+This plugin makes the left side work. It routes all LLM and channel API traffic through the aquaman proxy so credentials never enter the Gateway process.
-## Installation
+## Quick Start
 ```bash
-openclaw plugins install aquaman-plugin
-npm install -g aquaman-proxy
+npm install -g aquaman-proxy              # 1. Install the proxy CLI
+aquaman setup                             # 2. Store keys, install plugin, configure OpenClaw
+aquaman migrate openclaw --auto           # 3. Move existing channel creds to secure store
+openclaw                                  # 4. Proxy starts automatically
 ```
-## Configuration
-Add to `~/.openclaw/openclaw.json`:
+Troubleshooting: `aquaman doctor`
-```json
-{
-  "plugins": {
-    "entries": {
-      "aquaman-plugin": {
-        "enabled": true,
-        "config": {
-          "mode": "proxy",
-          "backend": "keychain",
-          "services": ["anthropic", "openai"],
-          "proxyPort": 8081
-        }
-      }
-    }
-  }
-}
-```
+## Config Options
-### Config Options
+`aquaman setup` writes these to `~/.openclaw/openclaw.json` automatically:
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
@@ -44,51 +52,11 @@ Add to `~/.openclaw/openclaw.json`:
 | `services` | `string[]` | `["anthropic", "openai"]` | Services to proxy |
 | `proxyPort` | `number` | `8081` | Proxy listen port |
-> Advanced settings (TLS, audit, vault) are configured in `~/.aquaman/config.yaml`.
-## Setup
-**1. Add credentials:**
-```bash
-aquaman credentials add anthropic api_key
-```
-**2. Register a placeholder key with OpenClaw:**
-```bash
-mkdir -p ~/.openclaw/agents/main/agent
-cat > ~/.openclaw/agents/main/agent/auth-profiles.json << 'EOF'
-{
-  "version": 1,
-  "profiles": {
-    "anthropic:default": {
-      "type": "api_key",
-      "provider": "anthropic",
-      "key": "aquaman-proxy-managed"
-    }
-  },
-  "order": { "anthropic": ["anthropic:default"] }
-}
-EOF
-```
-**3. Launch OpenClaw:**
-```bash
-openclaw
-```
-The plugin auto-starts the proxy, sets `ANTHROPIC_BASE_URL` to route through it, and intercepts channel API traffic via `globalThis.fetch`.
-## How It Works
-- **Proxy mode** — Spawns aquaman as a child process. Credentials live in a separate OS process. Even if the agent is compromised, it cannot access keys.
-- **Embedded mode** — Credentials loaded in-process. Simpler setup, less isolation. Good for local development.
+> Advanced settings (TLS, audit, vault) go in `~/.aquaman/config.yaml`.
 ## Documentation
-See the [main README](https://github.com/tech4242/aquaman#readme) for full documentation, architecture details, and manual testing steps.
+See the [main README](https://github.com/tech4242/aquaman#readme) for architecture, Docker deployment, and manual testing.
 ## License

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "aquaman-plugin",
-  "version": "0.5.0",
+  "version": "0.5.1",
   "description": "Credential isolation plugin for OpenClaw",
   "type": "module",
   "scripts": {
@@ -24,7 +24,7 @@
   "dependencies": {},
   "peerDependencies": {
     "openclaw": ">=2026.1.0",
-    "aquaman-proxy": ">=0.5.0"
+    "aquaman-proxy": "0.5.1"
   },
   "peerDependenciesMeta": {
     "aquaman-proxy": {