npm - clawarmor - Versions diffs - 2.0.0-alpha.3 → 2.0.0 - Mend

clawarmor 2.0.0-alpha.3 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -1,163 +1,67 @@
-<div align="center">
+# ClawArmor
-# 🛡 ClawArmor
-**The security auditor for OpenClaw agents.**
-Checks your config. Probes your live gateway. Scans your skills.
-Runs in 30 seconds. Finds what config-only tools miss. Free forever.
+Security armor for OpenClaw agents — audit, scan, monitor.
 [![npm version](https://img.shields.io/npm/v/clawarmor?color=3fb950&label=npm&style=flat-square)](https://www.npmjs.com/package/clawarmor)
 [![license](https://img.shields.io/badge/license-MIT-blue?style=flat-square)](LICENSE)
-[![node](https://img.shields.io/badge/node-%3E%3D18-green?style=flat-square)](package.json)
-```bash
-npm install -g clawarmor && clawarmor audit
-```
-</div>
----
-```
-  ℹ  Reads: ~/.openclaw/openclaw.json + file permissions only
-     Network: registry.npmjs.org (version check) + 127.0.0.1:18789 (live probes)
-     Sends nothing. Source: github.com/pinzasai/clawarmor
-  ── LIVE GATEWAY PROBES  (connecting to 127.0.0.1) ──
-  ✓ Gateway running on port 18789
-  ✓ Not reachable on network interfaces (probed live)
-  ✓ Authentication required (WebSocket probe confirmed)
-  ✓ /health endpoint does not leak sensitive data
-  ✓ CORS not open to arbitrary origins
-  Security Score: 100/100  ┃  Grade: A
-  ████████████████████  100%
-  Verdict: Your instance is secure. No issues found.
-  ── PASSED (30 checks) ──────────────────────────────
-  ✓ Gateway bound to loopback only
-  ✓ Auth token is strong
-  ✓ Agent sandbox mode: "non-main" (sessions isolated)
-  ✓ Browser SSRF to private networks blocked
-  ✓ All channel allowFrom settings are restricted
-  ... 25 more
-```
----
+[![zero deps](https://img.shields.io/badge/deps-zero-green?style=flat-square)](package.json)
-## Why ClawArmor
+## What it does
-Every other OpenClaw security tool reads your config file and tells you if things look right on paper.
+- Audits your OpenClaw config and live gateway with 30+ checks — scored 0–100
+- Scans every installed skill file for malicious code and prompt injection patterns
+- Guards every install: intercepts `openclaw clawhub install`, pre-scans before activation
-**ClawArmor also connects locally to your running gateway and verifies live behavior.**
-Config says `bind: loopback`. Is your gateway *actually* unreachable on LAN? Config says auth is enabled. Does the live WebSocket endpoint *actually* reject unauthenticated connections? A misconfigured nginx in front can make your config lie. Live probes can't be faked.
-> All probes connect from your machine to `127.0.0.1` (and your local network interfaces). Nothing leaves your machine.
----
-## Five commands
+## Quick start
 ```bash
-clawarmor audit     # 30 checks + 5 live gateway probes. Score 0-100. Plain-English verdict.
-clawarmor scan      # Scan every skill file (.js .sh .py .ts SKILL.md) for malicious code.
-clawarmor fix       # Auto-apply safe fixes. --dry-run to preview, --apply to execute.
-clawarmor verify    # Re-run only previously-failed checks. Exit 0 if all fixed (CI-friendly).
-clawarmor trend     # ASCII chart of your security score over time.
+npm install -g clawarmor
+clawarmor protect --install
+clawarmor audit
 ```
----
-## What it checks
-### Live gateway probes (behavioral — not just config reads)
+## Commands
-| Probe | What it checks |
+| Command | Description |
 |---|---|
-| Port reachability | TCP-connects to gateway on every non-loopback interface |
-| Auth enforcement | WebSocket handshake without token — does server reject it? |
-| Health endpoint | GET /health — does response contain config data or secrets? |
-| CORS headers | OPTIONS with `Origin: https://evil.example.com` |
-These probes are **read-only and non-destructive**. They observe — they don't modify anything.
-### Config audit (30 checks)
-Gateway bind · auth mode · token strength · dangerous flags · mDNS exposure · real-IP fallback · trusted proxy config · file permissions (`~/.openclaw/`, `openclaw.json`, `agent-accounts.json`, `credentials/`) · channel allowFrom policies · wildcard detection · group policies · elevated tools · exec sandbox · tool restrictions (filesystem scope, apply_patch scope) · browser SSRF policy · plugin allowlist · log redaction · version currency · webhook security · multi-user trust model
-### Skill supply chain scan
-Scans **all files** in every installed skill — `.js`, `.ts`, `.sh`, `.py`, `.rb` and `SKILL.md`. Not just markdown.
-**Code patterns:** `eval()`, `new Function()`, `child_process`, credential file reads, pipe-to-shell, known exfil domains, large base64 blobs, dynamic `require()`
-**SKILL.md instruction patterns:** credential read instructions, system prompt overrides, exfiltration instructions, deception instructions, hardcoded IP fetches
-> **Honest limitation:** The scanner catches unsophisticated threats and common patterns. Obfuscated code (string concatenation, encoded payloads) can bypass static analysis. Treat a clean scan as a good signal, not a guarantee.
----
-## What it protects against
-| Threat | Covered | Notes |
+| `audit` | Score your OpenClaw config (0–100), live gateway probes, plain-English verdict |
+| `scan` | Scan all installed skill files for malicious code and SKILL.md instructions |
+| `prescan <skill>` | Pre-scan a skill before installing — blocks on CRITICAL findings |
+| `protect --install` | Install guard hook, shell intercept (zsh/bash/fish), and watch daemon |
+| `protect --uninstall` | Remove all ClawArmor protection components |
+| `protect --status` | Show current protection state |
+| `watch` | Monitor config and skill changes in real time |
+| `watch --daemon` | Start the watcher as a background daemon |
+| `harden` | Interactive hardening wizard (--dry-run, --auto) |
+| `status` | One-screen security posture dashboard |
+| `log` | View the audit event log |
+| `digest` | Show weekly security digest |
+| `verify` | Re-run only previously-failed checks (CI-friendly, exit 0 = all fixed) |
+| `trend` | ASCII chart of your security score over time |
+| `compare` | Compare coverage vs openclaw security audit |
+| `fix` | Auto-apply safe fixes (--dry-run to preview, --apply to run) |
+## What it catches
+| Threat | Description | Coverage |
 |---|---|---|
-| T-ACCESS-003: Token/config exposure | ✅ | File permission checks + config hardening |
-| T-PERSIST-001: Malicious skill supply chain | ✅ | All skill files scanned, not just SKILL.md |
-| T-EXEC-001/002: Prompt injection | ❌ | Runtime policy layer — use [SupraWall](https://suprawall.io) |
-| T-EXFIL-001: Data exfiltration | ❌ | Runtime policy layer — use SupraWall |
-ClawArmor hardens your configuration and detects supply chain threats. It does not provide runtime policy enforcement — that's a different layer.
----
-## Auto-fix
-```bash
-clawarmor fix --dry-run   # preview what would change
-clawarmor fix --apply     # apply safe one-liner fixes + gateway restart instructions
-```
-Sandbox isolation is enabled safely: if Docker is installed, `fix --apply` sets `sandbox.mode=non-main` + `workspaceAccess=rw` so your Telegram/group sessions keep workspace access.
----
-## CI integration
-```bash
-# Fail CI if security score drops
-clawarmor verify   # exit 0 = all previously-failed checks now pass
-                   # exit 1 = still failing
-```
-Score history persists in `~/.clawarmor/history.json`.
----
-## Privacy & security
-- `audit`, `scan`, `fix`, `verify`, `trend` run **entirely locally**
-- One optional network call: `registry.npmjs.org` for version check (skippable with `--offline`)
-- Every run prints exactly what files it reads and what network calls it makes before executing
-- Nothing is sent anywhere
-**Found a vulnerability in ClawArmor itself?** Please email `pinzasrojas@proton.me` before public disclosure.
----
-## Installation
-```bash
-npm install -g clawarmor   # requires Node.js 18+
-clawarmor audit
-```
-Zero runtime npm dependencies. Node.js built-ins only (`net`, `http`, `os`, `fs`, `crypto`).
----
+| Token/config exposure | File permission checks, config hardening | Full |
+| Malicious skill supply chain | All skill files scanned — not just SKILL.md | Full |
+| Credential hygiene | Token age, rotation reminders, access scope | Full |
+| Config drift | Baseline hashing, change detection on every startup | Full |
+| Obfuscation | Base64 blobs, dynamic eval, encoded payloads | Partial |
+| Prompt injection via SKILL.md | Instruction patterns, exfil, deception, system overrides | Full |
+| Live gateway auth | WebSocket probe — does server actually reject unauthenticated connections? | Full |
+| CORS misconfiguration | OPTIONS probe with arbitrary origin | Full |
+| Gateway exposure | TCP-connects to every non-loopback interface | Full |
+| Runtime policy enforcement | Requires a runtime layer (SupraWall) | None |
+## Philosophy
+ClawArmor runs entirely on your machine — no telemetry, no cloud, no accounts.
+It has zero npm runtime dependencies, using only Node.js built-ins.
+Every run prints exactly what files it reads and what network calls it makes before executing anything.
 ## License
-MIT — see [LICENSE](LICENSE)
+MIT

package/cli.js CHANGED Viewed

@@ -3,7 +3,7 @@
 import { paint } from './lib/output/colors.js';
-const VERSION = '2.0.0-alpha.3';
+const VERSION = '2.0.0';
 const GATEWAY_PORT_DEFAULT = 18789;
 function isLocalhost(host) {

package/lib/prescan.js CHANGED Viewed

@@ -1,16 +1,17 @@
 // ClawArmor v2.0 — Pre-scan a skill before installing
-// Downloads the npm package to a temp dir, scans it with the full
-// ClawArmor scanner, and exits 1 (blocks install) only on CRITICAL findings.
+// Supports both npm packages and ClawHub skills.
+// ClawHub skills are checked locally first; npm is used as fallback.
-import { mkdirSync, rmSync, readdirSync } from 'fs';
+import { mkdirSync, rmSync, readdirSync, existsSync } from 'fs';
 import { join } from 'path';
-import { tmpdir } from 'os';
+import { tmpdir, homedir } from 'os';
 import { execSync } from 'child_process';
 import { scanFile } from './scanner/file-scanner.js';
 import { scanSkillMdFiles } from './scanner/skill-md-scanner.js';
 import { paint, severityColor } from './output/colors.js';
 import { append } from './audit-log.js';
+const HOME = homedir();
 const SEP = paint.dim('─'.repeat(52));
 function getAllFiles(dir, files = []) {
@@ -29,91 +30,83 @@ function cleanupTmp(dir) {
   try { rmSync(dir, { recursive: true, force: true }); } catch { /* non-fatal */ }
 }
-export async function runPrescan(skillName) {
-  console.log('');
-  console.log(`  ${paint.bold('ClawArmor Prescan')} — ${paint.cyan(skillName)}`);
-  console.log(`  ${paint.dim('Fetching package from npm registry...')}`);
-  console.log('');
+// ── ClawHub skill detection ──────────────────────────────────────────────────
-  const tmpDir = join(tmpdir(), `clawarmor-prescan-${Date.now()}`);
-  mkdirSync(tmpDir, { recursive: true });
+function isNpmScoped(name) {
+  // Scoped npm package: @org/pkg
+  return name.startsWith('@') && name.includes('/');
+}
-  // ── Step 1: Download via npm pack ─────────────────────────────────────────
-  let tarball;
+function looksLikeClawHubSkill(name) {
+  // Plain name, no scope, no slash — could be a ClawHub skill; try local first
+  return !name.startsWith('@') && !name.includes('/');
+}
+// Returns the local install path for a ClawHub skill, or null if not found.
+function findLocalClawHubSkill(name) {
+  // Path 1: ~/.openclaw/skills/<name>/
+  const userSkillsPath = join(HOME, '.openclaw', 'skills', name);
+  if (existsSync(userSkillsPath)) return userSkillsPath;
+  // Path 2: openclaw npm module's skills directory
+  // Try common global npm locations
+  const candidates = [
+    join(HOME, '.npm-global', 'lib', 'node_modules', 'openclaw', 'skills', name),
+    '/usr/local/lib/node_modules/openclaw/skills/' + name,
+    '/usr/lib/node_modules/openclaw/skills/' + name,
+    join(HOME, '.nvm', 'versions', 'node'),  // nvm — we check dirs below
+  ];
+  // Try to resolve openclaw via node resolution from this file's location
   try {
-    execSync(`npm pack ${skillName}`, {
-      cwd: tmpDir,
-      timeout: 30000,
+    const result = execSync('node -e "console.log(require.resolve(\'openclaw/package.json\'))"', {
+      encoding: 'utf8',
+      timeout: 5000,
       stdio: ['ignore', 'pipe', 'ignore'],
-    });
-    const tarballs = readdirSync(tmpDir).filter(f => f.endsWith('.tgz'));
-    if (!tarballs.length) throw new Error('npm pack produced no tarball');
-    tarball = join(tmpDir, tarballs[0]);
-  } catch {
-    cleanupTmp(tmpDir);
-    console.log(`  ${paint.dim('ℹ')}  Could not fetch skill for scanning`);
-    console.log(`     ${paint.dim('(package not found or network error — install not blocked)')}`);
-    console.log('');
-    return 0;
-  }
+    }).trim();
+    if (result) {
+      // result is like /path/to/node_modules/openclaw/package.json
+      const ocDir = result.replace(/[\\/]package\.json$/, '');
+      const skillPath = join(ocDir, 'skills', name);
+      if (existsSync(skillPath)) return skillPath;
+    }
+  } catch { /* openclaw may not be installed */ }
-  // ── Step 2: Extract tarball ────────────────────────────────────────────────
-  const extractDir = join(tmpDir, 'extracted');
-  mkdirSync(extractDir, { recursive: true });
-  try {
-    execSync(`tar -xzf "${tarball}" -C "${extractDir}"`, {
-      timeout: 15000,
-      stdio: ['ignore', 'ignore', 'ignore'],
-    });
-  } catch {
-    cleanupTmp(tmpDir);
-    console.log(`  ${paint.dim('ℹ')}  Could not extract skill package — install not blocked`);
-    console.log('');
-    return 0;
+  for (const candidate of candidates) {
+    if (existsSync(candidate)) return candidate;
   }
-  // ── Step 3: Collect all files ──────────────────────────────────────────────
-  const allFiles = getAllFiles(extractDir);
-  console.log(`  ${paint.dim('Scanning')} ${allFiles.length} file${allFiles.length !== 1 ? 's' : ''}...`);
-  console.log('');
+  return null;
+}
+// ── Scan a directory of files ────────────────────────────────────────────────
-  // ── Step 4: Run ClawArmor scanners ────────────────────────────────────────
-  // Not a built-in — treat as third-party (isBuiltin = false)
+function scanDirectory(dir) {
+  const allFiles = getAllFiles(dir);
   const codeFindings = allFiles.flatMap(f => scanFile(f, false));
   const mdResults = scanSkillMdFiles(allFiles, false);
   const mdFindings = mdResults.flatMap(r => r.findings);
-  const allFindings = [...codeFindings, ...mdFindings];
+  return { allFiles, allFindings: [...codeFindings, ...mdFindings] };
+}
+// ── Result printer ───────────────────────────────────────────────────────────
+function printResult(skillName, allFiles, allFindings) {
   const criticals = allFindings.filter(f => f.severity === 'CRITICAL');
   const highs = allFindings.filter(f => f.severity === 'HIGH');
   const mediums = allFindings.filter(f => f.severity === 'MEDIUM');
   const lows = allFindings.filter(f => f.severity === 'LOW' || f.severity === 'INFO');
+  const fileCount = allFiles.length;
-  // ── Cleanup (always) ──────────────────────────────────────────────────────
-  cleanupTmp(tmpDir);
-  // ── Audit log ─────────────────────────────────────────────────────────────
-  append({
-    cmd: 'prescan',
-    trigger: 'prescan',
-    score: null,
-    delta: null,
-    findings: allFindings.map(f => ({ id: f.patternId || f.id || '?', severity: f.severity })),
-    blocked: criticals.length > 0,
-    skill: skillName,
-  });
-  // ── Output ────────────────────────────────────────────────────────────────
   if (!allFindings.length) {
-    console.log(`  ${paint.green('✓')} ClawArmor prescan: clean — 0 findings`);
+    console.log(`  ${paint.green('✓')} ${paint.bold(skillName)} ${paint.dim('—')} clean ${paint.dim('(' + fileCount + ' file' + (fileCount !== 1 ? 's' : '') + ' scanned, 0 findings)')}`);
     console.log('');
     return 0;
   }
-  // CRITICAL → print details, block install (exit 1)
   if (criticals.length) {
-    console.log(SEP);
-    console.log(`  ${paint.red('✗')} ${paint.bold(`CRITICAL (${criticals.length}) — install blocked`)}`);
+    console.log(`  ${paint.red('✗')} ${paint.bold(skillName)} ${paint.dim('—')} ${paint.red('BLOCKED')} ${paint.dim('(' + criticals.length + ' critical finding' + (criticals.length !== 1 ? 's' : '') + ')')}`);
+    console.log('');
     console.log(SEP);
     for (const f of criticals) {
       console.log('');
@@ -138,10 +131,10 @@ export async function runPrescan(skillName) {
     return 1;
   }
-  // HIGH → warn, allow install
+  // HIGH → warn, allow
   if (highs.length) {
-    console.log(SEP);
-    console.log(`  ${paint.yellow('⚠')} ${paint.bold(`HIGH (${highs.length}) — review before using`)}`);
+    console.log(`  ${paint.yellow('⚠')} ${paint.bold(skillName)} ${paint.dim('—')} ${paint.yellow('review recommended')} ${paint.dim('(' + highs.length + ' high finding' + (highs.length !== 1 ? 's' : '') + ', ' + fileCount + ' files)')}`);
+    console.log('');
     console.log(SEP);
     for (const f of highs) {
       console.log('');
@@ -152,9 +145,10 @@ export async function runPrescan(skillName) {
       }
     }
     console.log('');
+  } else {
+    console.log(`  ${paint.yellow('!')} ${paint.bold(skillName)} ${paint.dim('—')} ${paint.dim(fileCount + ' files scanned, ' + (mediums.length + lows.length) + ' low/medium findings')}`);
   }
-  // MEDIUM/LOW → summary line only
   if (mediums.length || lows.length) {
     const parts = [];
     if (mediums.length) parts.push(`${mediums.length} medium`);
@@ -165,3 +159,105 @@ export async function runPrescan(skillName) {
   return 0;
 }
+// ── Download via npm pack ────────────────────────────────────────────────────
+async function scanViaNpm(skillName, tmpDir) {
+  let tarball;
+  try {
+    execSync(`npm pack ${skillName}`, {
+      cwd: tmpDir,
+      timeout: 30000,
+      stdio: ['ignore', 'pipe', 'ignore'],
+    });
+    const tarballs = readdirSync(tmpDir).filter(f => f.endsWith('.tgz'));
+    if (!tarballs.length) throw new Error('npm pack produced no tarball');
+    tarball = join(tmpDir, tarballs[0]);
+  } catch {
+    return null; // not found or network error
+  }
+  const extractDir = join(tmpDir, 'extracted');
+  mkdirSync(extractDir, { recursive: true });
+  try {
+    execSync(`tar -xzf "${tarball}" -C "${extractDir}"`, {
+      timeout: 15000,
+      stdio: ['ignore', 'ignore', 'ignore'],
+    });
+  } catch {
+    return null;
+  }
+  return extractDir;
+}
+// ── Main export ───────────────────────────────────────────────────────────────
+export async function runPrescan(skillName) {
+  console.log('');
+  console.log(`  ${paint.bold('ClawArmor Prescan')} — ${paint.cyan(skillName)}`);
+  console.log('');
+  let scanDir = null;
+  let usedTmp = null;
+  let source = 'npm';
+  // ── Step 1: Check local ClawHub install (for plain skill names) ───────────
+  if (looksLikeClawHubSkill(skillName)) {
+    const localPath = findLocalClawHubSkill(skillName);
+    if (localPath) {
+      console.log(`  ${paint.dim('Found locally:')} ${paint.dim(localPath)}`);
+      console.log(`  ${paint.dim('Scanning local files...')}`);
+      console.log('');
+      scanDir = localPath;
+      source = 'local';
+    } else {
+      console.log(`  ${paint.dim('Not found locally — fetching from npm registry...')}`);
+      console.log('');
+    }
+  } else {
+    console.log(`  ${paint.dim('Fetching package from npm registry...')}`);
+    console.log('');
+  }
+  // ── Step 2: Fallback to npm pack if not local ─────────────────────────────
+  if (!scanDir) {
+    const tmpDir = join(tmpdir(), `clawarmor-prescan-${Date.now()}`);
+    mkdirSync(tmpDir, { recursive: true });
+    usedTmp = tmpDir;
+    const extractDir = await scanViaNpm(skillName, tmpDir);
+    if (!extractDir) {
+      cleanupTmp(tmpDir);
+      console.log(`  ${paint.dim('ℹ')}  Could not fetch skill for scanning`);
+      console.log(`     ${paint.dim('(package not found or network error — install not blocked)')}`);
+      console.log('');
+      return 0;
+    }
+    scanDir = extractDir;
+  }
+  // ── Step 3: Scan ──────────────────────────────────────────────────────────
+  const { allFiles, allFindings } = scanDirectory(scanDir);
+  console.log(`  ${paint.dim('Scanning')} ${allFiles.length} file${allFiles.length !== 1 ? 's' : ''}...`);
+  console.log('');
+  // ── Cleanup tmp (always, only if we created one) ──────────────────────────
+  if (usedTmp) cleanupTmp(usedTmp);
+  // ── Audit log ─────────────────────────────────────────────────────────────
+  const criticals = allFindings.filter(f => f.severity === 'CRITICAL');
+  append({
+    cmd: 'prescan',
+    trigger: 'prescan',
+    score: null,
+    delta: null,
+    findings: allFindings.map(f => ({ id: f.patternId || f.id || '?', severity: f.severity })),
+    blocked: criticals.length > 0,
+    skill: skillName,
+    source,
+  });
+  // ── Output ────────────────────────────────────────────────────────────────
+  return printResult(skillName, allFiles, allFindings);
+}

package/lib/protect.js CHANGED Viewed

@@ -18,6 +18,9 @@ const HOOKS_DIR = join(OC_DIR, 'hooks');
 const GUARD_HOOK_DIR = join(HOOKS_DIR, 'clawarmor-guard');
 const CLI_PATH = new URL('../cli.js', import.meta.url).pathname;
+const FISH_FUNCTIONS_DIR = join(HOME, '.config', 'fish', 'functions');
+const FISH_FUNCTION_FILE = join(FISH_FUNCTIONS_DIR, 'openclaw.fish');
 const SHELL_FUNCTION = `
 # ClawArmor intercept — added by: clawarmor protect --install
 # Wraps 'openclaw clawhub install' to scan skills before activation.
@@ -34,6 +37,17 @@ openclaw() {
 const SHELL_MARKER_START = '# ClawArmor intercept — added by: clawarmor protect --install';
 const SHELL_MARKER_END = '# End ClawArmor intercept';
+const FISH_FUNCTION = `# ClawArmor intercept — added by: clawarmor protect --install
+function openclaw
+    if test (count $argv) -ge 3 -a "$argv[1]" = clawhub -a "$argv[2]" = install
+        echo "🛡 ClawArmor: scanning $argv[3] before install..."
+        clawarmor prescan $argv[3]; or begin; echo "❌ Blocked."; return 1; end
+    end
+    command openclaw $argv
+end
+`;
+const FISH_MARKER = '# ClawArmor intercept — added by: clawarmor protect --install';
 const HOOK_MD = `---
 name: clawarmor-guard
 description: Runs a silent security audit on gateway startup and alerts on regressions
@@ -148,6 +162,39 @@ export default async function handler(event) {
 }
 `;
+// ── Fish shell ────────────────────────────────────────────────────────────────
+function fishConfigExists() {
+  return existsSync(join(HOME, '.config', 'fish', 'config.fish'));
+}
+function fishFunctionPresent() {
+  if (!existsSync(FISH_FUNCTION_FILE)) return false;
+  try {
+    return readFileSync(FISH_FUNCTION_FILE, 'utf8').includes(FISH_MARKER);
+  } catch { return false; }
+}
+function injectFishFunction() {
+  if (!fishConfigExists()) return false;
+  if (fishFunctionPresent()) return true;
+  try {
+    mkdirSync(FISH_FUNCTIONS_DIR, { recursive: true });
+    writeFileSync(FISH_FUNCTION_FILE, FISH_FUNCTION, 'utf8');
+    return true;
+  } catch { return false; }
+}
+function removeFishFunction() {
+  if (!existsSync(FISH_FUNCTION_FILE)) return false;
+  try {
+    const content = readFileSync(FISH_FUNCTION_FILE, 'utf8');
+    if (!content.includes(FISH_MARKER)) return false;
+    rmSync(FISH_FUNCTION_FILE, { force: true });
+    return true;
+  } catch { return false; }
+}
 // ── Install ──────────────────────────────────────────────────────────────────
 function writeHookFiles() {
@@ -251,10 +298,14 @@ export async function runProtect(flags = {}) {
       shellPath = shellPath ? shellPath + ', ~/.bashrc' : '~/.bashrc';
       shellInstalled = true;
     }
+    if (injectFishFunction()) {
+      shellPath = shellPath ? shellPath + ', ~/.config/fish' : '~/.config/fish';
+      shellInstalled = true;
+    }
     if (shellInstalled) {
       console.log(`  ✓ Shell intercept added (${shellPath})`);
     } else {
-      console.log(`  !  No ~/.zshrc or ~/.bashrc found — shell intercept skipped`);
+      console.log(`  !  No ~/.zshrc, ~/.bashrc, or fish config found — shell intercept skipped`);
     }
     // 4. Weekly digest cron
@@ -296,6 +347,10 @@ export async function runProtect(flags = {}) {
       console.log(`  ✓  Shell intercept removed from ~/.bashrc`);
       shellRemoved = true;
     }
+    if (removeFishFunction()) {
+      console.log(`  ✓  Shell intercept removed from ~/.config/fish/functions/openclaw.fish`);
+      shellRemoved = true;
+    }
     if (!shellRemoved) {
       console.log(`  -  No shell intercept found to remove`);
     }
@@ -322,14 +377,15 @@ export async function runProtect(flags = {}) {
     // Shell function
     const inZsh = shellFunctionPresent(zshrc);
     const inBash = shellFunctionPresent(bashrc);
-    if (inZsh || inBash) {
-      const where = [inZsh && '~/.zshrc', inBash && '~/.bashrc'].filter(Boolean).join(', ');
+    const inFish = fishFunctionPresent();
+    if (inZsh || inBash || inFish) {
+      const where = [inZsh && '~/.zshrc', inBash && '~/.bashrc', inFish && '~/.config/fish'].filter(Boolean).join(', ');
       console.log(`  Shell intercept          ✓ active  (${where})`);
     } else {
       console.log(`  Shell intercept          ✗ not installed`);
     }
-    const allActive = hookOk && daemon.running && (inZsh || inBash);
+    const allActive = hookOk && daemon.running && (inZsh || inBash || inFish);
     console.log('');
     if (allActive) {
       console.log(`  Full protection active.`);

package/lib/status.js CHANGED Viewed

@@ -16,9 +16,11 @@ const HISTORY_FILE = join(CLAWARMOR_DIR, 'history.json');
 const AUDIT_LOG = join(CLAWARMOR_DIR, 'audit.log');
 const ZSHRC = join(HOME, '.zshrc');
 const BASHRC = join(HOME, '.bashrc');
+const FISH_FUNCTION_FILE = join(HOME, '.config', 'fish', 'functions', 'openclaw.fish');
 const SHELL_MARKER = '# ClawArmor intercept — added by: clawarmor protect --install';
 const CRON_JOBS_FILE = join(OC_DIR, 'cron', 'jobs.json');
-const VERSION = '2.0.0-alpha.3';
+const HOOKS_DIR = join(OC_DIR, 'hooks', 'clawarmor-guard');
+const VERSION = '2.0.0';
 const SEP = paint.dim('─'.repeat(52));
@@ -54,13 +56,19 @@ function trendArrow(delta) {
 function intercept() {
   const inZsh = existsSync(ZSHRC) && readFileSync(ZSHRC, 'utf8').includes(SHELL_MARKER);
   const inBash = existsSync(BASHRC) && readFileSync(BASHRC, 'utf8').includes(SHELL_MARKER);
-  if (inZsh || inBash) {
-    const where = [inZsh && '~/.zshrc', inBash && '~/.bashrc'].filter(Boolean).join(', ');
+  const inFish = existsSync(FISH_FUNCTION_FILE) && readFileSync(FISH_FUNCTION_FILE, 'utf8').includes(SHELL_MARKER);
+  if (inZsh || inBash || inFish) {
+    const where = [inZsh && '~/.zshrc', inBash && '~/.bashrc', inFish && '~/.config/fish'].filter(Boolean).join(', ');
     return { active: true, where };
   }
   return { active: false, where: null };
 }
+function hookFilesExist() {
+  return existsSync(join(HOOKS_DIR, 'HOOK.md')) &&
+         existsSync(join(HOOKS_DIR, 'handler.js'));
+}
 function parseAuditLog() {
   if (!existsSync(AUDIT_LOG)) return { count: 0, lastEntry: null };
   try {
@@ -91,7 +99,6 @@ function credentialSummary() {
   if (!existsSync(credFile)) return { count: 0, oldestDays: null };
   try {
     const data = JSON.parse(readFileSync(credFile, 'utf8'));
-    // Count token entries — format varies; try common patterns
     let tokens = [];
     if (Array.isArray(data)) tokens = data;
     else if (data.accounts) tokens = Object.values(data.accounts);
@@ -99,7 +106,6 @@ function credentialSummary() {
     const count = tokens.length;
-    // Try to find oldest by looking for date fields
     let oldest = null;
     for (const tok of tokens) {
       if (tok && typeof tok === 'object') {
@@ -120,15 +126,13 @@ function configBaselineStatus() {
   if (!existsSync(baselineFile)) return { status: 'unknown' };
   try {
     const baseline = JSON.parse(readFileSync(baselineFile, 'utf8'));
-    // Simple presence check — full integrity is handled by lib/integrity.js
     return { status: 'baseline', at: baseline.at || null };
   } catch { return { status: 'unknown' }; }
 }
 function nextDigestDate() {
-  // Next Sunday at 9am
   const now = new Date();
-  const dayOfWeek = now.getDay(); // 0=Sun
+  const dayOfWeek = now.getDay();
   const daysUntilSunday = dayOfWeek === 0 ? 7 : 7 - dayOfWeek;
   const next = new Date(now);
   next.setDate(now.getDate() + daysUntilSunday);
@@ -146,6 +150,15 @@ function digestInstalled() {
   return jobs.some(j => j.id === 'clawarmor-weekly-digest');
 }
+// ── Grade color (A+/A=green, B=yellow, C=orange/yellow, D/F=red) ─────────────
+function gradeStatusColor(grade) {
+  if (grade === 'A+' || grade === 'A') return paint.green;
+  if (grade === 'B') return paint.yellow;
+  if (grade === 'C') return paint.yellow; // no orange in ANSI; yellow is closest
+  return paint.red; // D, F
+}
 // ── Main export ───────────────────────────────────────────────────────────────
 export async function runStatus() {
@@ -158,12 +171,10 @@ export async function runStatus() {
   const history = readJson(HISTORY_FILE) || [];
   const latestHistoryForPosture = history.length ? history[history.length - 1] : null;
-  // Prefer last-score.json (written by watch/guard hook), fall back to history.json
   let score = lastScore?.score ?? latestHistoryForPosture?.score ?? null;
   let grade = lastScore?.grade ?? latestHistoryForPosture?.grade ?? null;
   let scoreTs = lastScore?.timestamp ?? latestHistoryForPosture?.timestamp ?? null;
-  // Trend: compare to ~7 days ago from history
   let weekDelta = null;
   if (history.length >= 2) {
     const weekAgo = Date.now() - 7 * 86_400_000;
@@ -173,13 +184,13 @@ export async function runStatus() {
     }
   }
-  // Score line
   if (score != null) {
     const grade2 = grade || scoreToGrade(score);
     const colorFn = scoreColor(score);
+    const gradeFn = gradeStatusColor(grade2);
     const arrow = trendArrow(weekDelta);
     const weekNote = weekDelta != null ? paint.dim(' vs last week') : '';
-    console.log(`  ${paint.dim('Posture')}       ${gradeColor(grade2)} ${colorFn(score + '/100')}   ${arrow}${weekNote}`);
+    console.log(`  ${paint.dim('Posture')}       ${gradeFn(grade2)} ${colorFn(score + '/100')}   ${arrow}${weekNote}`);
   } else {
     console.log(`  ${paint.dim('Posture')}       ${paint.dim('No audit data — run: clawarmor audit')}`);
   }
@@ -193,9 +204,12 @@ export async function runStatus() {
   // ── Watcher ───────────────────────────────────────────────────────────────
   const daemon = watchDaemonStatus();
-  const watchStr = daemon.running
-    ? `${paint.green('●')} ${paint.bold('running')} ${paint.dim('(PID ' + daemon.pid + ')')}`
-    : `${paint.dim('○')} ${paint.dim('stopped')}`;
+  let watchStr;
+  if (daemon.running) {
+    watchStr = `${paint.green('●')} ${paint.bold('running')} ${paint.dim('(PID ' + daemon.pid + ')')}`;
+  } else {
+    watchStr = `${paint.red('○')} ${paint.red('stopped')}  ${paint.dim('→ run: clawarmor watch --daemon')}`;
+  }
   console.log(`  ${paint.dim('Watcher')}       ${watchStr}`);
   // ── Shell intercept ───────────────────────────────────────────────────────
@@ -245,6 +259,15 @@ export async function runStatus() {
     console.log(`  ${paint.dim('Next digest')}   ${paint.dim('not scheduled')}  ${paint.dim('(run: clawarmor protect --install)')}`);
   }
+  // ── Full protection footer ────────────────────────────────────────────────
+  const hookOk = hookFilesExist();
+  const fullProtection = hookOk && daemon.running && icp.active;
+  console.log('');
+  if (fullProtection) {
+    console.log(`  Full protection: ${paint.green('[✓ YES]')}`);
+  } else {
+    console.log(`  Full protection: ${paint.red('[✗ NO')} ${paint.dim('— run clawarmor protect --install]')}`);
+  }
   console.log('');
   return 0;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "clawarmor",
-  "version": "2.0.0-alpha.3",
+  "version": "2.0.0",
   "description": "Security armor for OpenClaw agents — audit, scan, monitor",
   "bin": {
     "clawarmor": "cli.js"