clawarmor 1.1.0 → 1.2.0

package/cli.js

@@ -1,9 +1,9 @@
 #!/usr/bin/env node
-// ClawArmor v1.1.0 — Security armor for OpenClaw agents
+// ClawArmor v1.2.0 — Security armor for OpenClaw agents
 
 import { paint } from './lib/output/colors.js';
 
-const VERSION = '1.1.0';
+const VERSION = '1.2.0';
 const GATEWAY_PORT_DEFAULT = 18789;
 
 function isLocalhost(host) {
@@ -50,7 +50,8 @@ function usage() {
   console.log(`    ${paint.dim('--url <host:port>')}   Probe a specific host:port instead of 127.0.0.1`);
   console.log(`    ${paint.dim('--config <path>')}     Use a specific config file instead of ~/.openclaw/openclaw.json`);
   console.log(`    ${paint.dim('--json')}              Machine-readable JSON output (audit only)`);
-  console.log(`    ${paint.dim('--explain-reads')}     Print every file read and network call before executing`);
+  console.log(`    ${paint.dim('--explain-reads')}     Print every file read and network call before executing
+    ${paint.dim('--accept-changes')}    Update config baseline after reviewing detected changes`);
   console.log('');
   console.log(`  ${paint.dim('Examples:')}`);
   console.log(`    ${paint.dim('clawarmor audit')}                         ${paint.dim('# local, default')}`);
@@ -79,6 +80,7 @@ const flags = {
   targetHost: parsedUrl?.host || null,
   targetPort: parsedUrl?.port || null,
   configPath: configPathArg || null,
+  acceptChanges: args.includes('--accept-changes'),
 };
 
 if (!cmd || cmd === '--help' || cmd === '-h' || cmd === 'help') { usage(); process.exit(0); }

package/lib/audit.js

@@ -14,11 +14,12 @@ import allowFromChecks from './checks/allowfrom.js';
 import { writeFileSync, mkdirSync, existsSync, readFileSync, renameSync } from 'fs';
 import { join } from 'path';
 import { homedir } from 'os';
+import { checkIntegrity, updateBaseline } from './integrity.js';
 
 const W = { CRITICAL: 25, HIGH: 15, MEDIUM: 8, LOW: 3, INFO: 0 };
 const SEP = paint.dim('─'.repeat(52));
 const W52 = 52;
-const VERSION = '1.1.0';
+const VERSION = '1.2.0';
 
 const HISTORY_DIR = join(homedir(), '.clawarmor');
 const HISTORY_FILE = join(HISTORY_DIR, 'history.json');
@@ -242,7 +243,25 @@ export async function runAudit(flags = {}) {
   console.log(`  ${paint.dim('Continuous monitoring:')} ${paint.cyan('github.com/pinzasai/clawarmor')}`);
   console.log('');
 
-  // Persist history (atomic)
+  // ── CONFIG INTEGRITY CHECK ─────────────────────────────────────────────
+  if (!isRemote && configPath) {
+    const integ = checkIntegrity(configPath, score);
+    if (integ.status === 'baseline') {
+      console.log(`  ${paint.dim('ℹ')}  ${paint.dim('Config baseline established — future changes will be flagged.')}`);
+    } else if (integ.status === 'changed') {
+      console.log('');
+      console.log(`  ${paint.yellow('!')}  ${paint.bold('Config changed since last clean audit')}`);
+      for (const c of integ.changes) console.log(`     ${paint.dim(c)}`);
+      console.log(`     ${paint.dim('Baseline set: ' + integ.baselineAt?.slice(0,10))}`);
+      console.log(`     ${paint.dim('Run clawarmor audit --accept-changes to update baseline')}`);
+    }
+  }
+  if (flags.acceptChanges && configPath) {
+    updateBaseline(configPath, score);
+    console.log(`  ${paint.green('✓')}  Config baseline updated.`);
+  }
+
+    // Persist history (atomic)
   appendHistory({
     timestamp: new Date().toISOString(),
     score,

package/lib/integrity.js

@@ -0,0 +1,102 @@
+// integrity.js — Config integrity hashing (P2-3)
+// On first clean audit: hashes the config and saves the baseline.
+// On subsequent runs: detects changes and surfaces them.
+// Zero external deps — uses Node.js built-in crypto.
+
+import { createHash } from 'crypto';
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+
+const INTEGRITY_FILE = join(homedir(), '.clawarmor', 'integrity.json');
+
+function hashFile(filePath) {
+  try {
+    const content = readFileSync(filePath, 'utf8');
+    return {
+      hash: createHash('sha256').update(content).digest('hex').slice(0, 16),
+      size: content.length,
+      lines: content.split('\n').length,
+    };
+  } catch {
+    return null;
+  }
+}
+
+function loadIntegrity() {
+  if (!existsSync(INTEGRITY_FILE)) return null;
+  try { return JSON.parse(readFileSync(INTEGRITY_FILE, 'utf8')); }
+  catch { return null; }
+}
+
+function saveIntegrity(data) {
+  try {
+    mkdirSync(join(homedir(), '.clawarmor'), { recursive: true });
+    writeFileSync(INTEGRITY_FILE, JSON.stringify(data, null, 2), 'utf8');
+  } catch { /* non-fatal */ }
+}
+
+/**
+ * Check config integrity. Call this after a successful (score > 0) audit.
+ * Returns { status, changes } where status is 'baseline'|'ok'|'changed'.
+ */
+export function checkIntegrity(configPath, score) {
+  const current = hashFile(configPath);
+  if (!current) return { status: 'unreadable', changes: [] };
+
+  const stored = loadIntegrity();
+
+  if (!stored) {
+    // First run — establish baseline (only if clean or near-clean)
+    if (score >= 80) {
+      saveIntegrity({
+        configPath,
+        hash: current.hash,
+        size: current.size,
+        lines: current.lines,
+        baselineAt: new Date().toISOString(),
+        baselineScore: score,
+      });
+      return { status: 'baseline', changes: [] };
+    }
+    return { status: 'no-baseline', changes: [] };
+  }
+
+  // Check for changes
+  if (stored.hash === current.hash) {
+    return { status: 'ok', changes: [] };
+  }
+
+  const changes = [];
+  if (stored.size !== current.size) {
+    const delta = current.size - stored.size;
+    changes.push(`Size: ${stored.size} → ${current.size} bytes (${delta > 0 ? '+' : ''}${delta})`);
+  }
+  if (stored.lines !== current.lines) {
+    const delta = current.lines - stored.lines;
+    changes.push(`Lines: ${stored.lines} → ${current.lines} (${delta > 0 ? '+' : ''}${delta})`);
+  }
+  changes.push(`Hash: ${stored.hash} → ${current.hash}`);
+
+  return {
+    status: 'changed',
+    changes,
+    baselineAt: stored.baselineAt,
+    baselineScore: stored.baselineScore,
+  };
+}
+
+/** Update baseline after a clean audit (call when user explicitly passes --accept-changes). */
+export function updateBaseline(configPath, score) {
+  const current = hashFile(configPath);
+  if (!current) return false;
+  saveIntegrity({
+    configPath,
+    hash: current.hash,
+    size: current.size,
+    lines: current.lines,
+    baselineAt: new Date().toISOString(),
+    baselineScore: score,
+  });
+  return true;
+}

package/lib/scanner/file-scanner.js

@@ -1,7 +1,8 @@
 import { readFileSync } from 'fs';
-import { extname, basename } from 'path';
+import { extname } from 'path';
 import { CRITICAL_PATTERNS, HIGH_PATTERNS, MEDIUM_PATTERNS,
   SCANNABLE_EXTENSIONS, SKIP_EXTENSIONS, isSpawnInBinaryWrapper } from './patterns.js';
+import { scanForObfuscation } from './obfuscation.js';
 
 function getExt(p) { return extname(p).replace('.','').toLowerCase(); }
 
@@ -65,5 +66,10 @@ export function scanFile(filePath, isBuiltin = false) {
     findings.push({ patternId: pattern.id, severity, title: pattern.title,
       description: pattern.description, file: filePath, matches, note });
   }
+
+  // Obfuscation analysis (catches what naive grep misses)
+  const obfusFindings = scanForObfuscation(filePath, content, isBuiltin);
+  findings.push(...obfusFindings);
+
   return findings;
 }

package/lib/scanner/obfuscation.js

@@ -0,0 +1,130 @@
+// obfuscation.js — v1.2.0
+// Detects obfuscated code patterns that bypass naive string-grep analysis.
+// Zero external dependencies. Pure regex, adversarially reviewed.
+//
+// Targets:
+//   - String concatenation reassembly: 'ev'+'al', 'ex'+'ec'
+//   - Bracket property access with concat: obj['ex'+'ec']
+//   - Buffer.from(base64).toString() decode chains
+//   - eval(atob(...)) decode+exec
+//   - globalThis/global bracket access to dangerous names
+//   - ['constructor'] escape pattern
+//   - Unicode/hex escape sequences for dangerous keywords
+
+export const OBFUSCATION_PATTERNS = [
+  {
+    id: 'obfus-str-concat-eval',
+    severity: 'CRITICAL',
+    title: "String-concat 'eval' reassembly",
+    description: "Obfuscated eval via string concat: 'ev'+'al'. Bypasses naive keyword grep.",
+    note: 'Legitimate code rarely splits the word eval across string literals.',
+    regex: /'ev'\s*\+\s*'al'|"ev"\s*\+\s*"al"|'e'\s*\+\s*'val'|"e"\s*\+\s*"val"/,
+  },
+  {
+    id: 'obfus-str-concat-exec',
+    severity: 'HIGH',
+    title: "String-concat 'exec' reassembly",
+    description: "Obfuscated exec via string concat: 'ex'+'ec'. Common shell command injection prep.",
+    note: 'Legitimate code rarely splits exec across string literals.',
+    regex: /'ex'\s*\+\s*'ec'|"ex"\s*\+\s*"ec"|'e'\s*\+\s*'xec'|"e"\s*\+\s*"xec"/,
+  },
+  {
+    id: 'obfus-bracket-concat',
+    severity: 'HIGH',
+    title: 'Bracket property access via string concat',
+    description: "obj['ex'+'ec'] bypasses static method-name analysis. Common obfuscation technique.",
+    note: 'Legitimate code almost never accesses properties via concatenated string literals.',
+    regex: /\[\s*'[a-zA-Z]{1,5}'\s*\+\s*'[a-zA-Z]{1,5}'\s*\]|\[\s*"[a-zA-Z]{1,5}"\s*\+\s*"[a-zA-Z]{1,5}"\s*\]/,
+  },
+  {
+    id: 'obfus-buffer-base64',
+    severity: 'HIGH',
+    title: 'Buffer.from(base64).toString() decode chain',
+    description: "Decodes a base64 payload at runtime — common technique for hiding malicious code strings.",
+    note: 'May be legitimate for binary data handling, but unusual in skill files.',
+    regex: /Buffer\.from\((?:'[A-Za-z0-9+\/=]{20,}'|"[A-Za-z0-9+\/=]{20,}")\s*,\s*(?:'base64'|"base64")\)/,
+  },
+  {
+    id: 'obfus-atob-exec',
+    severity: 'CRITICAL',
+    title: 'eval(atob(...)) decode+execute',
+    description: "Decodes and executes a base64 string. Textbook obfuscation for hiding eval payloads.",
+    regex: /(?:eval|Function)\s*\(\s*atob\s*\(/,
+  },
+  {
+    id: 'obfus-globalthis-bracket',
+    severity: 'HIGH',
+    title: 'globalThis[...] bracket access',
+    description: "Accesses global scope via bracket notation — hides dangerous function names from static analysis.",
+    note: 'globalThis["eval"] is equivalent to eval but bypasses keyword scanners.',
+    regex: /globalThis\s*\[\s*['"][^'"]{1,30}['"]\s*\]|global\s*\[\s*['"][^'"]{1,30}['"]\s*\]/,
+  },
+  {
+    id: 'obfus-constructor-escape',
+    severity: 'CRITICAL',
+    title: "['constructor'] Function escape",
+    description: "Accesses Function constructor via bracket notation to execute arbitrary code strings.",
+    note: "Pattern: obj['constructor']('return process')(). Classic prototype escape.",
+    regex: /\[\s*['"]constructor['"]\s*\]/,
+  },
+  {
+    id: 'obfus-unicode-escape',
+    severity: 'HIGH',
+    title: 'Unicode escape for dangerous keyword',
+    description: "Uses \\u escapes to spell dangerous keywords: \\u0065val = eval. Bypasses string matching.",
+    regex: /\\u00(?:65|45)\\u00(?:76|56)\\u00(?:61|41)\\u00(?:6c|4c)|\\u0065\\u0076\\u0061\\u006c/i,
+  },
+  {
+    id: 'obfus-encoded-require',
+    severity: 'HIGH',
+    title: 'Encoded require() or import()',
+    description: "Calls require() or import() with a runtime-decoded string argument (atob, fromCharCode, etc.).",
+    regex: /(?:require|import)\s*\(\s*(?:atob|String\.fromCharCode|Buffer\.from)\s*\(/,
+  },
+];
+
+/**
+ * Scan file content for obfuscation patterns.
+ * Returns findings array (same shape as file-scanner.js output).
+ */
+export function scanForObfuscation(filePath, content, isBuiltin = false) {
+  const findings = [];
+  const lines = content.split('\n');
+
+  for (const pattern of OBFUSCATION_PATTERNS) {
+    const regex = new RegExp(pattern.regex.source, 'gi');
+    const matches = [];
+    let m;
+
+    while ((m = regex.exec(content)) !== null) {
+      const lineNum = content.substring(0, m.index).split('\n').length;
+      const line = lines[lineNum - 1]?.trim() || '';
+
+      // Skip comment lines
+      if (/^\s*(\/\/|#|\*|<!--)/.test(line)) continue;
+
+      matches.push({ line: lineNum, snippet: line.substring(0, 120) });
+      if (matches.length >= 3) break;
+    }
+
+    if (!matches.length) continue;
+
+    // Built-in skills: downgrade severity (still worth reporting but lower urgency)
+    let severity = pattern.severity;
+    if (isBuiltin) {
+      severity = severity === 'CRITICAL' ? 'MEDIUM' : 'LOW';
+    }
+
+    findings.push({
+      patternId: pattern.id,
+      severity,
+      title: pattern.title,
+      description: pattern.description,
+      note: pattern.note || null,
+      file: filePath,
+      matches,
+    });
+  }
+
+  return findings;
+}

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "clawarmor",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "Security armor for OpenClaw agents — audit, scan, monitor",
   "bin": {
-    "clawarmor": "./cli.js"
+    "clawarmor": "cli.js"
   },
   "type": "module",
   "engines": {
@@ -23,7 +23,7 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://github.com/pinzasai/clawarmor"
+    "url": "git+https://github.com/pinzasai/clawarmor.git"
   },
   "homepage": "https://clawarmor.dev"
 }