clawarmor 2.0.0-alpha.3 → 2.1.0

package/lib/fix.js

@@ -1,4 +1,5 @@
 // clawarmor fix — auto-apply safe one-liner fixes
+// Now with impact classification: safe / caution / breaking
 import { readFileSync } from 'fs';
 import { homedir } from 'os';
 import { join } from 'path';
@@ -9,57 +10,90 @@ import { loadConfig, get } from './config.js';
 const HISTORY_PATH = join(homedir(), '.clawarmor', 'history.json');
 const SEP = paint.dim('─'.repeat(52));
 
+// Impact levels
+const IMPACT = { SAFE: 'safe', CAUTION: 'caution', BREAKING: 'breaking' };
+
+const IMPACT_BADGE = {
+  [IMPACT.SAFE]:     () => paint.green('🟢 Safe'),
+  [IMPACT.CAUTION]:  () => paint.yellow('🟡 Caution'),
+  [IMPACT.BREAKING]: () => paint.red('🔴 Breaking'),
+};
+
 // Fixes that are safe to auto-apply (single config set command, no restart risk)
 const AUTO_FIXABLE = {
   'browser.ssrf': {
     cmd: 'openclaw config set browser.ssrfPolicy.dangerouslyAllowPrivateNetwork false',
     desc: 'Block browser SSRF to private networks',
     needsRestart: true,
+    impact: IMPACT.CAUTION,
+    impactDetail: 'Browser tool will no longer be able to access local/private network URLs.\n' +
+      '      If your agent browses internal dashboards or local services, those will be blocked.',
   },
   'discovery.mdns': {
     cmd: 'openclaw config set discovery.mdns.mode minimal',
     desc: 'Set mDNS to minimal mode',
     needsRestart: true,
+    impact: IMPACT.SAFE,
+    impactDetail: 'Only reduces network advertisement. No functionality change.',
   },
   'logging.redact': {
     cmd: 'openclaw config set logging.redactSensitive tools',
     desc: 'Enable log redaction',
     needsRestart: false,
+    impact: IMPACT.SAFE,
+    impactDetail: 'Redacts sensitive data from logs. No functionality change.',
   },
   'tools.fs.workspaceOnly': {
     cmd: 'openclaw config set tools.fs.workspaceOnly true',
     desc: 'Restrict filesystem to workspace',
     needsRestart: true,
+    impact: IMPACT.BREAKING,
+    impactDetail: 'Agent will ONLY be able to read/write files inside the workspace directory.\n' +
+      '      Access to home directory, system files, and other paths will be blocked.\n' +
+      '      Skills or workflows that read files outside workspace will break.',
   },
   'tools.applyPatch.workspaceOnly': {
     cmd: 'openclaw config set tools.exec.applyPatch.workspaceOnly true',
     desc: 'Restrict apply_patch to workspace',
     needsRestart: true,
+    impact: IMPACT.CAUTION,
+    impactDetail: 'Patches can only be applied to files in the workspace. Usually fine unless\n' +
+      '      your agent patches system files or configs outside the workspace.',
   },
   'fs.config.perms': {
     cmd: 'chmod 600 ~/.openclaw/openclaw.json',
     desc: 'Lock down config file permissions',
     needsRestart: false,
     shell: true,
+    impact: IMPACT.SAFE,
+    impactDetail: 'Only restricts other system users. Your agent runs as you.',
   },
   'fs.accounts.perms': {
     cmd: 'chmod 600 ~/.openclaw/agent-accounts.json',
     desc: 'Lock down credentials file permissions',
     needsRestart: false,
     shell: true,
+    impact: IMPACT.SAFE,
+    impactDetail: 'Only restricts other system users. Your agent runs as you.',
   },
   'agents.sandbox': {
-    // Multi-step fix: enables sandbox WITH workspace access so Telegram sessions don't lose memory files
     cmd: "openclaw config set agents.defaults.sandbox.mode non-main && openclaw config set agents.defaults.sandbox.workspaceAccess rw && openclaw config set agents.defaults.sandbox.scope session",
     desc: 'Enable sandbox isolation (with workspace access preserved for Telegram/group sessions)',
     needsRestart: true,
     requiresDocker: true,
+    impact: IMPACT.BREAKING,
+    impactDetail: 'Non-main sessions will run inside Docker containers.\n' +
+      '      Requires Docker Desktop to be installed and running.\n' +
+      '      Telegram/group sessions will lose direct host access (shell commands,\n' +
+      '      file reads outside workspace). Workspace files remain accessible.',
   },
   'fs.dir.perms': {
     cmd: 'chmod 700 ~/.openclaw',
     desc: 'Lock down ~/.openclaw directory',
     needsRestart: false,
     shell: true,
+    impact: IMPACT.SAFE,
+    impactDetail: 'Only restricts other system users from listing the directory.',
   },
 };
 
@@ -71,7 +105,7 @@ function box(title) {
 }
 
 export async function runFix(flags = {}) {
-  console.log(''); console.log(box('ClawArmor Fix  v1.1.0')); console.log('');
+  console.log(''); console.log(box('ClawArmor Fix  v2.1')); console.log('');
 
   // Load last audit failures
   let lastFailed = [];
@@ -89,8 +123,13 @@ export async function runFix(flags = {}) {
   const fixable = lastFailed.filter(id => AUTO_FIXABLE[id]);
   const manual = lastFailed.filter(id => !AUTO_FIXABLE[id]);
 
+  const safeFixes = fixable.filter(id => AUTO_FIXABLE[id].impact === IMPACT.SAFE);
+  const cautionFixes = fixable.filter(id => AUTO_FIXABLE[id].impact === IMPACT.CAUTION);
+  const breakingFixes = fixable.filter(id => AUTO_FIXABLE[id].impact === IMPACT.BREAKING);
+
   console.log(`  ${paint.dim('Last audit had')} ${paint.bold(String(lastFailed.length))} ${paint.dim('failing checks.')}`);
-  console.log(`  ${paint.bold(String(fixable.length))} ${paint.dim('can be auto-fixed.')} ${paint.dim(String(manual.length))} ${paint.dim('require manual steps.')}`);
+  console.log(`  ${paint.bold(String(fixable.length))} ${paint.dim('can be auto-fixed:')} ${paint.green(String(safeFixes.length) + ' safe')} ${paint.dim('·')} ${paint.yellow(String(cautionFixes.length) + ' caution')} ${paint.dim('·')} ${paint.red(String(breakingFixes.length) + ' breaking')}`);
+  console.log(`  ${paint.dim(String(manual.length))} ${paint.dim('require manual steps.')}`);
 
   if (!fixable.length) {
     console.log('');
@@ -99,40 +138,60 @@ export async function runFix(flags = {}) {
     console.log(''); return 0;
   }
 
-  // Load config for mainKey check (needed by both dry-run and apply paths)
+  // Load config for mainKey check
   const { config: cfg } = loadConfig();
   const mainKey = get(cfg, 'agents.mainKey', 'main');
 
   console.log('');
   if (flags.dryRun) {
     console.log(`  ${paint.cyan('Dry run — would apply:')}`);
+    console.log('');
     for (const id of fixable) {
       const f = AUTO_FIXABLE[id];
+      const badge = IMPACT_BADGE[f.impact]();
       if (id === 'agents.sandbox' && mainKey !== 'main') {
         console.log(`  ${paint.yellow('⚠')} ${paint.bold('Custom mainKey detected:')} agents.mainKey="${mainKey}"`);
         console.log(`     ${paint.dim('Verify that sandbox.mode=non-main won\'t affect your main session.')}`);
       }
-      console.log(`  ${paint.dim('→')} ${f.desc}`);
-      console.log(`    ${paint.dim(f.cmd)}`);
-      if (f.requiresDocker) console.log(`    ${paint.yellow('⚠')} ${paint.dim('Requires Docker Desktop to be installed and running')}`);
-      if (f.needsRestart) console.log(`    ${paint.dim('↻ gateway restart required after applying')}`);
+      console.log(`  ${badge}  ${paint.dim('→')} ${f.desc}`);
+      console.log(`      ${paint.dim('Impact:')} ${f.impactDetail}`);
+      console.log(`      ${paint.dim(f.cmd)}`);
+      if (f.requiresDocker) console.log(`      ${paint.yellow('⚠')} ${paint.dim('Requires Docker Desktop to be installed and running')}`);
+      if (f.needsRestart) console.log(`      ${paint.dim('↻ gateway restart required after applying')}`);
+      console.log('');
+    }
+    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor fix --apply')} ${paint.dim('to apply safe + caution fixes.')}`);
+    if (breakingFixes.length) {
+      console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor fix --apply --force')} ${paint.dim('to apply ALL fixes (including breaking).')}`);
     }
-    console.log('');
-    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor fix --apply')} ${paint.dim('to apply these fixes.')}`);
     console.log(''); return 0;
   }
 
   if (!flags.apply) {
-    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor fix --dry-run')} ${paint.dim('to preview fixes.')}`);
-    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor fix --apply')} ${paint.dim('to apply them.')}`);
+    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor fix --dry-run')} ${paint.dim('to preview fixes with impact analysis.')}`);
+    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor fix --apply')} ${paint.dim('to apply safe + caution fixes.')}`);
+    if (breakingFixes.length) {
+      console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor fix --apply --force')} ${paint.dim('to apply ALL fixes (including breaking).')}`);
+    }
     console.log(''); return 0;
   }
 
   // Apply fixes
-  let applied = 0, failed = 0, needsRestart = false;
+  let applied = 0, failed = 0, skippedBreaking = 0, needsRestart = false;
   console.log(SEP);
   for (const id of fixable) {
     const f = AUTO_FIXABLE[id];
+    const badge = IMPACT_BADGE[f.impact]();
+
+    // Skip breaking unless --force
+    if (f.impact === IMPACT.BREAKING && !flags.force) {
+      console.log(`  ${badge}  ${f.desc}`);
+      console.log(`      ${paint.dim('Impact:')} ${f.impactDetail}`);
+      console.log(`      ${paint.red('⊘ Skipped')} ${paint.dim('(breaking — use --apply --force to include)')}`);
+      console.log('');
+      skippedBreaking++;
+      continue;
+    }
 
     // Warn about custom mainKey before sandbox fix
     if (id === 'agents.sandbox' && mainKey !== 'main') {
@@ -140,7 +199,7 @@ export async function runFix(flags = {}) {
       console.log(`     ${paint.dim('Verify that sandbox.mode=non-main won\'t affect your main session.')}`);
     }
 
-    process.stdout.write(`  ${paint.dim('→')} ${f.desc}...`);
+    process.stdout.write(`  ${badge}  ${f.desc}...`);
     // Check Docker requirement
     if (f.requiresDocker) {
       const dockerCheck = spawnSync('docker', ['info'], { stdio: 'ignore' });
@@ -162,6 +221,9 @@ export async function runFix(flags = {}) {
   }
 
   console.log('');
+  if (skippedBreaking > 0) {
+    console.log(`  ${paint.dim(`${skippedBreaking} breaking fix${skippedBreaking !== 1 ? 'es' : ''} skipped — use --apply --force to include`)}`);
+  }
   if (needsRestart) {
     console.log(`  ${paint.yellow('!')} ${paint.bold('Restart required:')} ${paint.dim('openclaw gateway restart')}`);
   }

package/lib/harden.js

@@ -2,7 +2,8 @@
 // Modes:
 //   default:    show each fix, prompt y/N before applying
 //   --dry-run:  show what WOULD be fixed, no writes
-//   --auto:     apply all safe fixes without confirmation (CI mode)
+//   --auto:     apply all safe + caution fixes without confirmation (skips breaking)
+//   --auto --force: apply ALL fixes including breaking ones
 
 import { existsSync, readdirSync, statSync, readFileSync } from 'fs';
 import { join } from 'path';
@@ -20,6 +21,29 @@ const HISTORY_FILE = join(CLAWARMOR_DIR, 'history.json');
 const CLI_PATH = new URL('../cli.js', import.meta.url).pathname;
 const SEP = paint.dim('─'.repeat(52));
 
+// ── Impact levels ─────────────────────────────────────────────────────────────
+// SAFE:     No functionality impact. Pure security improvement.
+// CAUTION:  May change agent behavior. User should be aware.
+// BREAKING: Will disable or restrict features currently in use.
+
+const IMPACT = {
+  SAFE: 'safe',
+  CAUTION: 'caution',
+  BREAKING: 'breaking',
+};
+
+const IMPACT_BADGE = {
+  [IMPACT.SAFE]:     (s) => paint.green(`🟢 Safe`),
+  [IMPACT.CAUTION]:  (s) => paint.yellow(`🟡 Caution`),
+  [IMPACT.BREAKING]: (s) => paint.red(`🔴 Breaking`),
+};
+
+const IMPACT_LABEL = {
+  [IMPACT.SAFE]:     'No functionality impact',
+  [IMPACT.CAUTION]:  'May change agent behavior',
+  [IMPACT.BREAKING]: 'Will disable or restrict features you\'re actively using',
+};
+
 function box(title) {
   const W = 52, pad = W - 2 - title.length, l = Math.floor(pad / 2), r = pad - l;
   return [
@@ -56,12 +80,23 @@ function buildFixes(config) {
   // Fix 1: world/group-readable credential files — chmod 600
   const badFiles = findWorldReadableCredFiles();
   for (const f of badFiles) {
+    // Classify: credential files (tokens, keys) are safe to lock down.
+    // Config files that other tools might read need caution.
+    const isSensitive = /\.(env|json|key|pem|token|secret)$/i.test(f.name) ||
+                        f.name === 'agent-accounts.json' ||
+                        f.name === 'openclaw.json';
+    const isScript = /\.(py|sh|js|ts)$/i.test(f.name);
+
     fixes.push({
       id: `cred.perms.${f.name}`,
       problem: `${f.name} is readable by other users (permissions: ${f.mode})`,
       action: `chmod 600 ${f.path}`,
       description: `Set permissions to 600 (owner-only) on ${f.path}`,
       type: 'shell',
+      impact: IMPACT.SAFE,
+      impactDetail: isScript
+        ? 'Only restricts other system users. Scripts will still run as you.'
+        : 'Only restricts other system users from reading this file. Your agent is unaffected.',
       manualNote: null,
     });
   }
@@ -75,6 +110,11 @@ function buildFixes(config) {
       action: 'openclaw config set gateway.host 127.0.0.1',
       description: 'Change gateway.host to 127.0.0.1 (loopback only)',
       type: 'openclaw',
+      impact: IMPACT.BREAKING,
+      impactDetail: 'Remote connections to the gateway will stop working.\n' +
+        '     If you access OpenClaw from other devices on your network (e.g. phone,\n' +
+        '     tablet, or another computer), those connections will be blocked.\n' +
+        '     Only localhost access will work after this change.',
       manualNote: 'Restart gateway after applying: openclaw gateway restart',
     });
   }
@@ -85,9 +125,14 @@ function buildFixes(config) {
     fixes.push({
       id: 'exec.ask.off',
       problem: 'exec.ask is off — shell commands run without user confirmation',
-      action: 'openclaw config set exec.ask always',
-      description: 'Enable exec.ask so shell commands require confirmation',
+      action: 'openclaw config set tools.exec.ask on-miss',
+      description: 'Enable exec approval for unrecognized commands',
       type: 'openclaw',
+      impact: IMPACT.BREAKING,
+      impactDetail: 'Your agent will need approval for shell commands not in the allowlist.\n' +
+        '     Autonomous workflows (cron jobs, background tasks, sub-agents) that run\n' +
+        '     shell commands may pause waiting for approval.\n' +
+        '     You\'ll need to approve commands via the web UI or CLI.',
       manualNote: 'Restart gateway after applying: openclaw gateway restart',
     });
   }
@@ -157,10 +202,24 @@ function getManualItems() {
   ];
 }
 
+// ── Print impact summary ──────────────────────────────────────────────────────
+
+function printImpactSummary(fixes) {
+  const counts = { [IMPACT.SAFE]: 0, [IMPACT.CAUTION]: 0, [IMPACT.BREAKING]: 0 };
+  for (const fix of fixes) counts[fix.impact]++;
+  
+  const parts = [];
+  if (counts[IMPACT.SAFE]) parts.push(paint.green(`${counts[IMPACT.SAFE]} safe`));
+  if (counts[IMPACT.CAUTION]) parts.push(paint.yellow(`${counts[IMPACT.CAUTION]} caution`));
+  if (counts[IMPACT.BREAKING]) parts.push(paint.red(`${counts[IMPACT.BREAKING]} breaking`));
+  
+  return parts.join(paint.dim(' · '));
+}
+
 // ── Main export ───────────────────────────────────────────────────────────────
 
 export async function runHarden(flags = {}) {
-  console.log(''); console.log(box('ClawArmor Harden  v2.0')); console.log('');
+  console.log(''); console.log(box('ClawArmor Harden  v2.1')); console.log('');
 
   const { config } = loadConfig();
   const fixes = buildFixes(config);
@@ -170,6 +229,11 @@ export async function runHarden(flags = {}) {
   const beforeScore = before?.score ?? null;
   const beforeGrade = before?.grade ?? null;
 
+  // Count by impact
+  const safeFixes = fixes.filter(f => f.impact === IMPACT.SAFE);
+  const cautionFixes = fixes.filter(f => f.impact === IMPACT.CAUTION);
+  const breakingFixes = fixes.filter(f => f.impact === IMPACT.BREAKING);
+
   // ── DRY RUN ────────────────────────────────────────────────────────────────
   if (flags.dryRun) {
     console.log(`  ${paint.cyan('Dry run — showing what would be fixed (no changes applied):')}`);
@@ -183,17 +247,23 @@ export async function runHarden(flags = {}) {
     }
 
     for (const fix of fixes) {
+      const badge = IMPACT_BADGE[fix.impact]();
       console.log(`  ${paint.yellow('!')}  ${paint.bold(fix.problem)}`);
       console.log(`     ${paint.dim('Fix:')} ${fix.description}`);
       console.log(`     ${paint.dim('Cmd:')} ${fix.action}`);
+      console.log(`     ${badge}${paint.dim(':')} ${fix.impactDetail}`);
       if (fix.manualNote) console.log(`     ${paint.dim('Note:')} ${fix.manualNote}`);
       console.log('');
     }
 
     console.log(SEP);
-    console.log(`  ${fixes.length} fix${fixes.length !== 1 ? 'es' : ''} available.`);
+    console.log(`  ${fixes.length} fix${fixes.length !== 1 ? 'es' : ''} available: ${printImpactSummary(fixes)}`);
+    console.log('');
     console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor harden')} ${paint.dim('to apply interactively.')}`);
-    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor harden --auto')} ${paint.dim('to apply all without prompts.')}`);
+    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor harden --auto')} ${paint.dim('to apply safe + caution fixes.')}`);
+    if (breakingFixes.length) {
+      console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor harden --auto --force')} ${paint.dim('to apply ALL fixes (including breaking).')}`);
+    }
     console.log('');
 
     const manualItems = getManualItems();
@@ -223,25 +293,52 @@ export async function runHarden(flags = {}) {
     return 0;
   }
 
-  const modeLabel = flags.auto
-    ? paint.cyan('Auto mode — applying all safe fixes without confirmation')
-    : paint.cyan('Interactive mode — review and apply fixes one by one');
-  console.log(`  ${modeLabel}`);
+  if (flags.auto) {
+    // --auto mode: apply safe + caution, SKIP breaking unless --force
+    const autoLabel = flags.force
+      ? paint.cyan('Auto mode (--force) — applying ALL fixes including breaking')
+      : paint.cyan('Auto mode — applying safe + caution fixes (skipping breaking)');
+    console.log(`  ${autoLabel}`);
+    console.log(`  ${paint.dim('Fixes found:')} ${printImpactSummary(fixes)}`);
+  } else {
+    console.log(`  ${paint.cyan('Interactive mode — review and apply fixes one by one')}`);
+    console.log(`  ${paint.dim('Fixes found:')} ${printImpactSummary(fixes)}`);
+  }
   console.log('');
 
-  let applied = 0, skipped = 0, failed = 0;
+  let applied = 0, skipped = 0, failed = 0, skippedBreaking = 0;
   const restartNotes = [];
 
   for (const fix of fixes) {
+    const badge = IMPACT_BADGE[fix.impact]();
+
     console.log(SEP);
+    console.log(`  ${badge}`);
     console.log(`  ${paint.bold('Problem:')}  ${fix.problem}`);
     console.log(`  ${paint.dim('Fix:')}      ${fix.description}`);
+    console.log(`  ${paint.dim('Impact:')}   ${fix.impactDetail}`);
     console.log(`  ${paint.dim('Command:')} ${paint.dim(fix.action)}`);
     console.log('');
 
-    let doApply = flags.auto;
+    let doApply;
 
-    if (!flags.auto) {
+    if (flags.auto) {
+      // In auto mode: apply safe + caution, skip breaking unless --force
+      if (fix.impact === IMPACT.BREAKING && !flags.force) {
+        console.log(`  ${paint.red('⊘ Skipped')} ${paint.dim('(breaking — use --auto --force to include)')}`);
+        skippedBreaking++;
+        skipped++;
+        console.log('');
+        continue;
+      }
+      doApply = true;
+    } else {
+      // Interactive mode: always ask, but warn about breaking
+      if (fix.impact === IMPACT.BREAKING) {
+        console.log(`  ${paint.red('⚠  This fix will change how your agent works.')}`);
+        console.log(`  ${paint.red('   Read the impact above carefully before applying.')}`);
+        console.log('');
+      }
       doApply = await askYN(`  Apply this fix? [y/N] `);
     }
 
@@ -268,6 +365,10 @@ export async function runHarden(flags = {}) {
   console.log('');
   console.log(`  Applied: ${paint.green(String(applied))}  Skipped: ${paint.dim(String(skipped))}  Failed: ${failed > 0 ? paint.red(String(failed)) : paint.dim('0')}`);
 
+  if (skippedBreaking > 0) {
+    console.log(`  ${paint.dim(`(${skippedBreaking} breaking fix${skippedBreaking !== 1 ? 'es' : ''} skipped — use --auto --force to include)`)}`);
+  }
+
   // Restart notes
   if (restartNotes.length) {
     console.log('');