npm - clawarmor - Versions diffs - 2.2.1 → 3.0.1 - Mend

clawarmor 2.2.1 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +59 -22
package/cli.js +8 -1
package/lib/stack/index.js +91 -0
package/lib/stack/invariant.js +224 -0
package/lib/stack/ironcurtain.js +195 -0
package/lib/stack.js +410 -0
package/lib/status.js +23 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # ClawArmor
-Security armor for OpenClaw agents — audit, scan, monitor.
+The security control plane for OpenClaw agents — audit, harden, and orchestrate your full protection stack.
 [![npm version](https://img.shields.io/npm/v/clawarmor?color=3fb950&label=npm&style=flat-square)](https://www.npmjs.com/package/clawarmor)
 [![license](https://img.shields.io/badge/license-MIT-blue?style=flat-square)](LICENSE)
@@ -8,43 +8,77 @@ Security armor for OpenClaw agents — audit, scan, monitor.
 ## What it does
-- Audits your OpenClaw config and live gateway with 30+ checks — scored 0–100
-- Scans every installed skill file for malicious code and prompt injection patterns
-- Guards every install: intercepts `openclaw clawhub install`, pre-scans before activation
+AI agent security isn't one tool — it's a stack. ClawArmor is the foundation and control plane:
+1. **Audits** your OpenClaw config and live gateway — 30+ checks, scored 0–100
+2. **Hardens** your setup — auto-applies safe fixes, snapshots before every change
+3. **Orchestrates** the full security stack — deploys and configures [Invariant Guardrails](https://github.com/invariantlabs-ai/invariant) and [IronCurtain](https://github.com/provos/ironcurtain) based on your audit results
+```
+clawarmor audit          → understand your risk (0–100 score)
+clawarmor stack plan     → see what protection stack your risk profile needs
+clawarmor stack deploy   → deploy it in one command
+clawarmor stack sync     → keep everything aligned after changes
+```
 ## Quick start
 ```bash
 npm install -g clawarmor
-clawarmor protect --install
-clawarmor audit
+clawarmor protect --install   # install guard hooks
+clawarmor audit               # score your setup
+clawarmor stack deploy --all  # deploy full protection stack
 ```
+## The Stack
+ClawArmor sits at the foundation and orchestrates the layers above it:
+| Layer | Tool | What it does | ClawArmor role |
+|---|---|---|---|
+| **Foundation** | ClawArmor | Config hygiene, credential checks, skill supply chain | Audits + hardens |
+| **Flow guardrails** | [Invariant](https://github.com/invariantlabs-ai/invariant) | Detects multi-step attack chains at runtime | Generates rules from audit findings |
+| **Runtime sandbox** | [IronCurtain](https://github.com/provos/ironcurtain) | Policy-enforced tool call interception, V8 isolate | Generates constitution from audit findings |
+| **Action gating** | [Latch](https://github.com/latchagent/latch) | Human approval for risky actions via Telegram | Coming in v3.2 |
+`clawarmor stack deploy` reads your audit score, generates the right config for each tool, and deploys them. `clawarmor stack sync` keeps everything updated as your setup changes.
 ## Commands
+### Core
 | Command | Description |
 |---|---|
 | `audit` | Score your OpenClaw config (0–100), live gateway probes, plain-English verdict |
 | `scan` | Scan all installed skill files for malicious code and SKILL.md instructions |
 | `prescan <skill>` | Pre-scan a skill before installing — blocks on CRITICAL findings |
-| `protect --install` | Install guard hook, shell intercept (zsh/bash/fish), and watch daemon |
-| `protect --uninstall` | Remove all ClawArmor protection components |
-| `protect --status` | Show current protection state |
-| `watch` | Monitor config and skill changes in real time |
-| `watch --daemon` | Start the watcher as a background daemon |
-| `harden` | Interactive hardening wizard (--dry-run, --auto) |
+| `fix` | Auto-apply safe fixes (--dry-run to preview, --apply to run) |
+| `harden` | Interactive hardening wizard (--dry-run, --auto, --monitor) |
 | `status` | One-screen security posture dashboard |
-| `log` | View the audit event log |
-| `digest` | Show weekly security digest |
 | `verify` | Re-run only previously-failed checks (CI-friendly, exit 0 = all fixed) |
+### Stack Orchestration
+| Command | Description |
+|---|---|
+| `stack status` | Show all stack components, install state, config state |
+| `stack plan` | Preview what would be deployed based on current audit (no changes) |
+| `stack deploy` | Deploy stack components (--invariant, --ironcurtain, --all) |
+| `stack sync` | Regenerate stack configs from latest audit — run after harden/fix |
+| `stack teardown` | Remove deployed stack components |
+### History & Monitoring
+| Command | Description |
+|---|---|
 | `trend` | ASCII chart of your security score over time |
 | `compare` | Compare coverage vs openclaw security audit |
-| `fix` | Auto-apply safe fixes (--dry-run to preview, --apply to run) |
+| `log` | View the audit event log |
+| `digest` | Show weekly security digest |
+| `watch` | Monitor config and skill changes in real time |
+| `protect --install` | Install guard hook, shell intercept (zsh/bash/fish), and watch daemon |
 | `snapshot` | Save a config snapshot manually (auto-saved before every harden/fix) |
 | `rollback` | Restore config from auto-snapshot (--list, --id <id>) |
-| `harden --monitor` | Enable monitor mode — observe before enforcing |
-| `harden --monitor-report` | Show what monitor mode has observed |
-| `harden --monitor-off` | Disable monitor mode |
 ## What it catches
@@ -59,13 +93,14 @@ clawarmor audit
 | Live gateway auth | WebSocket probe — does server actually reject unauthenticated connections? | Full |
 | CORS misconfiguration | OPTIONS probe with arbitrary origin | Full |
 | Gateway exposure | TCP-connects to every non-loopback interface | Full |
-| Runtime policy enforcement | Requires a runtime layer (SupraWall) | None |
+| Multi-step attack chains | read→exfil, inject→execute flows (via Invariant) | Full (with stack) |
+| Runtime tool call interception | Policy-enforced sandboxing (via IronCurtain) | Full (with stack) |
 ## Safety features
-**Impact classification** — Every fix is tagged 🟢 Safe, 🟡 Caution, or 🔴 Breaking. `--auto` mode skips breaking changes unless you pass `--force`.
+**Impact classification** — Every fix is tagged 🟢 Safe, 🟡 Caution, or 🔴 Breaking. `--auto` skips breaking changes unless you pass `--force`.
-**Config snapshots** — ClawArmor auto-saves your config before every `harden` or `fix` run. If something breaks, roll back instantly:
+**Config snapshots** — Auto-saves before every `harden` or `fix` run:
 ```bash
 clawarmor rollback --list    # see all snapshots
@@ -73,7 +108,7 @@ clawarmor rollback           # restore the latest
 clawarmor rollback --id <n>  # restore a specific one
 ```
-**Monitor mode** — Observe what `harden` would do before enforcing:
+**Monitor mode** — Observe what `harden` would change before enforcing:
 ```bash
 clawarmor harden --monitor        # start monitoring
@@ -87,6 +122,8 @@ ClawArmor runs entirely on your machine — no telemetry, no cloud, no accounts.
 It has zero npm runtime dependencies, using only Node.js built-ins.
 Every run prints exactly what files it reads and what network calls it makes before executing anything.
+The full security stack for AI agents doesn't exist as one product. ClawArmor is the foundation that ties it together.
 ## License
 MIT

package/cli.js CHANGED Viewed

@@ -3,7 +3,7 @@
 import { paint } from './lib/output/colors.js';
-const VERSION = '2.2.0';
+const VERSION = '3.0.0';
 const GATEWAY_PORT_DEFAULT = 18789;
 function isLocalhost(host) {
@@ -51,6 +51,7 @@ function usage() {
   console.log(`    ${paint.cyan('watch')}    Monitor config and skill changes in real time`);
   console.log(`    ${paint.cyan('protect')}  Install/uninstall/status the full guard system`);
   console.log(`    ${paint.cyan('prescan')}  Pre-scan a skill before installing it`);
+  console.log(`    ${paint.cyan('stack')}    Security orchestrator — deploy Invariant + IronCurtain from audit data`);
   console.log(`    ${paint.cyan('log')}      View the audit event log`);
   console.log(`    ${paint.cyan('digest')}   Show weekly security digest`);
   console.log('');
@@ -232,5 +233,11 @@ if (cmd === 'digest') {
   process.exit(await runDigest());
 }
+if (cmd === 'stack') {
+  const { runStack } = await import('./lib/stack.js');
+  const stackArgs = args.slice(1);
+  process.exit(await runStack(stackArgs));
+}
 console.log(`  ${paint.red('✗')} Unknown command: ${paint.bold(cmd)}`);
 usage(); process.exit(1);

package/lib/stack/index.js ADDED Viewed

@@ -0,0 +1,91 @@
+// lib/stack/index.js — Stack orchestrator
+// Reads latest audit result from ~/.clawarmor/audit.log (JSONL),
+// maps score + findings to a risk profile, and determines deployment plan.
+import { existsSync, readFileSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+const HOME = homedir();
+const AUDIT_LOG = join(HOME, '.clawarmor', 'audit.log');
+/**
+ * Read the latest scored audit entry from ~/.clawarmor/audit.log (JSONL).
+ * Prefers entries where score !== null (cmd==='audit'), skips scan entries.
+ * Falls back to last-score.json combined with history.json if no scored entry found.
+ */
+function readLatestAudit() {
+  if (existsSync(AUDIT_LOG)) {
+    try {
+      const lines = readFileSync(AUDIT_LOG, 'utf8').split('\n').filter(Boolean);
+      for (let i = lines.length - 1; i >= 0; i--) {
+        try {
+          const entry = JSON.parse(lines[i]);
+          if (entry && entry.score != null) return entry;
+        } catch { /* skip bad lines */ }
+      }
+    } catch { /* non-fatal */ }
+  }
+  // Fallback: last-score.json (minimal — no findings detail)
+  const lastScoreFile = join(HOME, '.clawarmor', 'last-score.json');
+  if (existsSync(lastScoreFile)) {
+    try {
+      const s = JSON.parse(readFileSync(lastScoreFile, 'utf8'));
+      if (s && s.score != null) return { score: s.score, grade: s.grade, findings: [] };
+    } catch { /* non-fatal */ }
+  }
+  return null;
+}
+/**
+ * Map audit score + findings to a risk profile.
+ * @param {Object|null} audit
+ * @returns {{ level: string, label: string, score: number|null, findings: Array }}
+ */
+export function getRiskProfile(audit) {
+  if (!audit) return { level: 'unknown', label: 'No audit data', score: null, findings: [] };
+  const score = audit.score ?? null;
+  const findings = audit.findings ?? [];
+  let level, label;
+  if (score == null)    { level = 'unknown';  label = 'Unknown risk'; }
+  else if (score < 50)  { level = 'critical'; label = 'Critical / High risk'; }
+  else if (score < 75)  { level = 'medium';   label = 'Medium risk'; }
+  else                  { level = 'low';       label = 'Low risk'; }
+  return { level, label, score, findings };
+}
+/**
+ * Read latest audit + derive risk profile.
+ * @returns {Promise<{ audit: Object|null, profile: Object }>}
+ */
+export async function getStackStatus() {
+  const audit = readLatestAudit();
+  const profile = getRiskProfile(audit);
+  return { audit, profile };
+}
+/**
+ * Get recommended deployment plan based on risk profile.
+ * @param {Object} profile - from getRiskProfile()
+ * @returns {{ invariant: boolean, ironcurtain: boolean, reason: string }}
+ */
+export function getPlan(profile) {
+  const { level } = profile;
+  if (level === 'critical') return {
+    invariant: true, ironcurtain: true,
+    reason: 'Critical risk: deploy Invariant flow guardrails + generate IronCurtain constitution',
+  };
+  if (level === 'medium') return {
+    invariant: true, ironcurtain: true,
+    reason: 'Medium risk: deploy Invariant flow guardrails + generate IronCurtain constitution',
+  };
+  if (level === 'low') return {
+    invariant: false, ironcurtain: true,
+    reason: 'Low risk: generate IronCurtain constitution as reference hardening',
+  };
+  // unknown — no audit yet
+  return {
+    invariant: true, ironcurtain: true,
+    reason: 'No audit data: run clawarmor audit first for precise recommendations',
+  };
+}

package/lib/stack/invariant.js ADDED Viewed

@@ -0,0 +1,224 @@
+// lib/stack/invariant.js — Invariant Guardrails integration
+// Invariant is a Python guardrailing library (invariantlabs-ai/invariant).
+// Rules are plain Invariant DSL strings generated from audit findings.
+import { existsSync, readFileSync, writeFileSync, mkdirSync, statSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { execSync, spawnSync } from 'child_process';
+const HOME = homedir();
+const CLAWARMOR_DIR = join(HOME, '.clawarmor');
+const RULES_PATH = join(CLAWARMOR_DIR, 'invariant-rules.inv');
+/** Check if invariant-ai Python package is installed. */
+export function checkInstalled() {
+  try {
+    const r = spawnSync('pip3', ['show', 'invariant-ai'], { encoding: 'utf8', timeout: 10000 });
+    return r.status === 0 && !!(r.stdout && r.stdout.includes('Name:'));
+  } catch { return false; }
+}
+/**
+ * Install invariant-ai via pip3.
+ * @returns {{ ok: boolean, err?: string }}
+ */
+export function install() {
+  try {
+    execSync('pip3 install invariant-ai', { stdio: 'pipe', timeout: 120000 });
+    return { ok: true };
+  } catch (e) {
+    return { ok: false, err: e.message?.split('\n')[0] || 'pip3 install failed' };
+  }
+}
+/**
+ * Generate Invariant DSL rules from audit findings.
+ *
+ * Key mappings (from research):
+ *   exec.security=full + exec.ask=off  → flag unrestricted exec tool calls
+ *   channels with no allowFrom         → flag ungated message sends
+ *   credential files world-readable    → block reads on sensitive paths
+ *   skill supply chain findings        → block tool calls from unverified skill sources
+ *   elevated.allowFrom empty           → flag escalated calls from non-allowlisted sources
+ *
+ * @param {Array} findings - array of { id, severity, title, detail }
+ * @returns {string} Invariant policy (.inv) text
+ */
+export function generateRules(findings) {
+  const now = new Date().toISOString().slice(0, 10);
+  const lines = [
+    `# ClawArmor-Generated Invariant Policy`,
+    `# Generated: ${now} by clawarmor stack`,
+    `# Source: clawarmor stack deploy --invariant`,
+    '',
+  ];
+  if (!findings || !findings.length) {
+    lines.push('# No findings from latest audit — no findings-specific rules generated.');
+    lines.push('# Run: clawarmor audit, then: clawarmor stack sync');
+    lines.push('');
+    lines.push('# Generic fallback: prompt injection via web tool → send_message');
+    lines.push('raise "Possible prompt injection via tool output" if:');
+    lines.push('    (output: ToolOutput) -> (call2: ToolCall)');
+    lines.push('    output is tool:get_website');
+    lines.push('    prompt_injection(output.content, threshold=0.7)');
+    lines.push('    call2 is tool:send_message');
+    lines.push('');
+    return lines.join('\n');
+  }
+  const generated = new Set();
+  for (const finding of findings) {
+    const id = (finding.id || '').toLowerCase();
+    const detail = (finding.detail || '').toLowerCase();
+    const title = (finding.title || '').toLowerCase();
+    // label shown in rule comment — id is always present; title/severity optional
+    const label = finding.title || finding.severity || finding.id;
+    // exec.ask=off / exec unrestricted → flag bare exec tool calls
+    // Matches: exec.approval, exec.ask, tools.exec.*
+    if (
+      !generated.has('exec.unrestricted') &&
+      (id.includes('exec') || title.includes('exec')) &&
+      (id.includes('ask') || id.includes('approval') || id.includes('exec') ||
+       detail.includes('ask') || title.includes('approval') || title.includes('unrestricted') ||
+       detail.includes('unrestricted'))
+    ) {
+      generated.add('exec.unrestricted');
+      lines.push(`# Finding: ${finding.id} — ${label}`);
+      lines.push(`raise "Unrestricted exec tool call detected (no approval gate)" if:`);
+      lines.push(`    (call: ToolCall)`);
+      lines.push(`    call is tool:exec`);
+      lines.push('');
+    }
+    // channels with no allowFrom / open group policy → ungated message sends
+    // Matches: channel.groupPolicy, channel.allowFrom, channels.*
+    if (
+      !generated.has('channel.ungated') &&
+      (id.includes('channel') || title.includes('channel')) &&
+      (id.includes('allow') || id.includes('group') || id.includes('policy') ||
+       detail.includes('allowfrom') || title.includes('restriction') ||
+       title.includes('gate') || title.includes('group') || detail.includes('open'))
+    ) {
+      generated.add('channel.ungated');
+      lines.push(`# Finding: ${finding.id} — ${label}`);
+      lines.push(`raise "Message sent via ungated channel (no allowFrom restriction)" if:`);
+      lines.push(`    (call: ToolCall) -> (call2: ToolCall)`);
+      lines.push(`    call is tool:read_file`);
+      lines.push(`    call2 is tool:send_message({channel: ".*"})`);
+      lines.push('');
+    }
+    // credential files / secret exposure → block reads on sensitive paths
+    // Matches: cred.*, credential-file, cred.json_secrets, filesystem.perms
+    if (
+      !generated.has('cred.worldread') &&
+      (id.includes('cred') || id.includes('credential') || id.includes('filesystem') ||
+       id.includes('secret')) &&
+      (id.includes('perm') || id.includes('secret') || id.includes('file') ||
+       detail.includes('world') || detail.includes('readable') || detail.includes('permission') ||
+       title.includes('world') || title.includes('permission') || title.includes('secret'))
+    ) {
+      generated.add('cred.worldread');
+      lines.push(`# Finding: ${finding.id} — ${label}`);
+      lines.push(`raise "File read on sensitive credential path" if:`);
+      lines.push(`    (call: ToolCall)`);
+      lines.push(`    call is tool:read_file`);
+      lines.push(`    any(s in str(call.args.get("path", "")) for s in [".ssh", ".aws", "agent-accounts", ".openclaw"])`);
+      lines.push('');
+    }
+    // skill supply chain — block tool calls from unverified sources
+    // Matches: skill.pinning, skill.supplychain, skills.*
+    if (
+      !generated.has('skill.supplychain') &&
+      id.includes('skill') &&
+      (id.includes('pin') || id.includes('supply') || id.includes('md') ||
+       detail.includes('supply') || detail.includes('unverified') ||
+       title.includes('pin') || title.includes('supply'))
+    ) {
+      generated.add('skill.supplychain');
+      lines.push(`# Finding: ${finding.id} — ${label}`);
+      lines.push(`raise "Tool call from unverified skill source (no version pin)" if:`);
+      lines.push(`    (call: ToolCall)`);
+      lines.push(`    not call.metadata.get("skill_verified", False)`);
+      lines.push('');
+    }
+    // elevated permissions with no allowFrom restriction
+    // Matches: elevated.allowFrom, tools.elevated.*, allowFrom.*
+    if (
+      !generated.has('elevated.ungated') &&
+      (id.includes('elevated') || id.includes('allowfrom') || title.includes('elevated'))
+    ) {
+      generated.add('elevated.ungated');
+      lines.push(`# Finding: ${finding.id} — ${label}`);
+      lines.push(`raise "Elevated tool call from ungated source" if:`);
+      lines.push(`    (call: ToolCall)`);
+      lines.push(`    call.metadata.get("elevated", False)`);
+      lines.push(`    not call.metadata.get("allowFrom_restricted", False)`);
+      lines.push('');
+    }
+  }
+  if (!generated.size) {
+    lines.push('# No specific rule mappings matched. Generic fallback:');
+    lines.push('');
+    lines.push('raise "Possible prompt injection via tool output" if:');
+    lines.push('    (output: ToolOutput) -> (call2: ToolCall)');
+    lines.push('    output is tool:get_website');
+    lines.push('    prompt_injection(output.content, threshold=0.7)');
+    lines.push('    call2 is tool:send_message');
+    lines.push('');
+  }
+  return lines.join('\n');
+}
+/**
+ * Write rules to ~/.clawarmor/invariant-rules.inv and validate syntax if invariant-ai is installed.
+ * @param {string} rulesContent
+ * @returns {{ ok: boolean, err?: string, rulesPath: string }}
+ */
+export function deploy(rulesContent) {
+  try {
+    if (!existsSync(CLAWARMOR_DIR)) mkdirSync(CLAWARMOR_DIR, { recursive: true });
+    writeFileSync(RULES_PATH, rulesContent, 'utf8');
+    // Validate syntax if invariant-ai is available (non-fatal if not)
+    if (checkInstalled()) {
+      const v = spawnSync('python3', [
+        '-c',
+        `from invariant.analyzer import LocalPolicy; LocalPolicy.from_file('${RULES_PATH}'); print('ok')`,
+      ], { encoding: 'utf8', timeout: 30000 });
+      if (v.status !== 0) {
+        const msg = (v.stderr || '').split('\n')[0];
+        return { ok: false, err: `Syntax validation failed: ${msg}`, rulesPath: RULES_PATH };
+      }
+    }
+    return { ok: true, rulesPath: RULES_PATH };
+  } catch (e) {
+    return { ok: false, err: e.message?.split('\n')[0] || 'deploy failed', rulesPath: RULES_PATH };
+  }
+}
+/**
+ * Get current status of Invariant integration.
+ * @returns {{ installed: boolean, rulesExist: boolean, rulesPath: string, ruleCount: number, lastDeployed: string|null }}
+ */
+export function getStatus() {
+  const installed = checkInstalled();
+  const rulesExist = existsSync(RULES_PATH);
+  let ruleCount = 0, lastDeployed = null;
+  if (rulesExist) {
+    try {
+      const content = readFileSync(RULES_PATH, 'utf8');
+      ruleCount = (content.match(/^raise /gm) || []).length;
+      lastDeployed = statSync(RULES_PATH).mtime.toISOString();
+    } catch { /* non-fatal */ }
+  }
+  return { installed, rulesExist, rulesPath: RULES_PATH, ruleCount, lastDeployed };
+}

package/lib/stack/ironcurtain.js ADDED Viewed

@@ -0,0 +1,195 @@
+// lib/stack/ironcurtain.js — IronCurtain integration
+// IronCurtain: English constitution → LLM compiles to deterministic rules → runtime enforcement.
+// We generate the Markdown constitution from audit findings. User runs compile-policy themselves.
+import { existsSync, writeFileSync, mkdirSync, statSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { spawnSync } from 'child_process';
+const HOME = homedir();
+const IRONCURTAIN_DIR = join(HOME, '.ironcurtain');
+const CONSTITUTION_PATH = join(IRONCURTAIN_DIR, 'constitution-clawarmor.md');
+/** Check if ironcurtain CLI is available (npm -g). */
+export function checkInstalled() {
+  try {
+    const r = spawnSync('ironcurtain', ['--version'], { encoding: 'utf8', timeout: 5000 });
+    return r.status === 0;
+  } catch { return false; }
+}
+/**
+ * Generate an IronCurtain constitution Markdown from audit findings.
+ *
+ * Key mappings (from research):
+ *   exec.ask=off                      → Escalate: All exec tool calls require human approval
+ *   elevated.allowFrom empty          → Forbidden: Elevated operations without allowFrom restrictions
+ *   channels.groupPolicy=open         → Escalate: Messages to external groups require approval
+ *   credential world-readable         → Forbidden: Reading lax-permission credential files
+ *   skill supply chain                → Forbidden: Loading unverified/unpinned skills
+ *
+ * @param {Array} findings - array of { id, severity, title, detail }
+ * @returns {string} Markdown constitution text
+ */
+export function generateConstitution(findings) {
+  const now = new Date().toISOString().slice(0, 10);
+  const lines = [
+    `# ClawArmor-Generated Constitution`,
+    `_Generated: ${now} by clawarmor stack deploy --ironcurtain_`,
+    '',
+  ];
+  const allowed = [
+    'Read and write files only within the project workspace directory',
+    'Search the web for public information',
+    'View git status and git log',
+  ];
+  const escalate = [];
+  const forbidden = [
+    'Accessing ~/.ssh, ~/.aws, ~/.openclaw, or other credential files outside the workspace',
+    'Deleting files outside the project workspace directory',
+  ];
+  if (!findings || !findings.length) {
+    // Conservative defaults when no audit data
+    escalate.push('All exec tool calls (no audit data — applying conservative defaults)');
+    escalate.push('Any network request to external URLs');
+  } else {
+    const added = new Set();
+    for (const finding of findings) {
+      const id = (finding.id || '').toLowerCase();
+      const detail = (finding.detail || '').toLowerCase();
+      const title = (finding.title || '').toLowerCase();
+      const ref = `(audit: ${finding.id})`; // eslint-disable-line no-unused-vars
+      // exec.ask=off → escalate exec
+      if (
+        !added.has('exec') &&
+        (id.includes('exec') || title.includes('exec')) &&
+        (id.includes('ask') || id.includes('approval') || detail.includes('ask') ||
+         title.includes('approval') || title.includes('unrestricted') || detail.includes('unrestricted'))
+      ) {
+        added.add('exec');
+        escalate.push(`All exec tool calls require human approval ${ref}`);
+      }
+      // elevated.allowFrom empty → forbidden elevated ops
+      // Matches: elevated.*, tools.elevated.*, allowfrom.*
+      if (
+        !added.has('elevated') &&
+        (id.includes('elevated') || id.includes('allowfrom') || title.includes('elevated'))
+      ) {
+        added.add('elevated');
+        forbidden.push(`Elevated operations without explicit allowFrom restrictions ${ref}`);
+      }
+      // channels with no allowFrom / group policy open → escalate external messages
+      // Matches: channel.groupPolicy, channel.allowFrom, channels.*
+      if (
+        !added.has('channel') &&
+        (id.includes('channel') || title.includes('channel')) &&
+        (id.includes('allow') || id.includes('group') || id.includes('policy') ||
+         detail.includes('allowfrom') || detail.includes('open') ||
+         title.includes('restriction') || title.includes('gate') || title.includes('group'))
+      ) {
+        added.add('channel');
+        escalate.push(`Messages sent to external groups or channels require approval ${ref}`);
+      }
+      // gateway.host=0.0.0.0 → forbidden external gateway exposure
+      if (
+        !added.has('gateway') &&
+        id.includes('gateway') && (id.includes('host') || detail.includes('0.0.0.0'))
+      ) {
+        added.add('gateway');
+        forbidden.push(`Exposing the gateway to all network interfaces ${ref}`);
+      }
+      // credential files world-readable / secret exposure
+      // Matches: cred.*, credential-file, cred.json_secrets, filesystem.perms
+      if (
+        !added.has('cred.perm') &&
+        (id.includes('cred') || id.includes('credential') || id.includes('filesystem') ||
+         id.includes('secret')) &&
+        (id.includes('perm') || id.includes('secret') || id.includes('file') ||
+         detail.includes('world') || detail.includes('readable') || detail.includes('permission') ||
+         title.includes('permission') || title.includes('world') || title.includes('secret'))
+      ) {
+        added.add('cred.perm');
+        forbidden.push(`Reading credential files with overly permissive file modes ${ref}`);
+      }
+      // skill supply chain
+      if (
+        !added.has('skill') &&
+        id.includes('skill') &&
+        (id.includes('pin') || id.includes('supply') || detail.includes('supply') ||
+         detail.includes('unverified') || title.includes('pin') || title.includes('supply'))
+      ) {
+        added.add('skill');
+        forbidden.push(`Loading unverified skills or skills without pinned versions ${ref}`);
+      }
+    }
+    if (!escalate.length) {
+      escalate.push('Any shell command execution');
+      escalate.push('Any network request to external URLs not required by the task');
+    }
+  }
+  lines.push('## Allowed');
+  for (const item of allowed) lines.push(`- ${item}`);
+  lines.push('');
+  if (escalate.length) {
+    lines.push('## Escalate (require human approval)');
+    for (const item of escalate) lines.push(`- ${item}`);
+    lines.push('');
+  }
+  lines.push('## Forbidden');
+  for (const item of forbidden) lines.push(`- ${item}`);
+  lines.push('');
+  lines.push('---');
+  lines.push('_To compile into deterministic rules:_');
+  lines.push('```');
+  lines.push('ironcurtain compile-policy ~/.ironcurtain/constitution-clawarmor.md');
+  lines.push('```');
+  lines.push('_To update after a new audit:_');
+  lines.push('```');
+  lines.push('clawarmor stack sync');
+  lines.push('```');
+  return lines.join('\n');
+}
+/**
+ * Write constitution to ~/.ironcurtain/constitution-clawarmor.md.
+ * @param {string} content
+ * @returns {{ ok: boolean, err?: string, path: string }}
+ */
+export function writeConstitution(content) {
+  try {
+    if (!existsSync(IRONCURTAIN_DIR)) mkdirSync(IRONCURTAIN_DIR, { recursive: true });
+    writeFileSync(CONSTITUTION_PATH, content, 'utf8');
+    return { ok: true, path: CONSTITUTION_PATH };
+  } catch (e) {
+    return { ok: false, err: e.message?.split('\n')[0] || 'write failed', path: CONSTITUTION_PATH };
+  }
+}
+/**
+ * Get current status of IronCurtain integration.
+ * @returns {{ installed: boolean, constitutionExists: boolean, constitutionPath: string, lastGenerated: string|null }}
+ */
+export function getStatus() {
+  const installed = checkInstalled();
+  const constitutionExists = existsSync(CONSTITUTION_PATH);
+  let lastGenerated = null;
+  if (constitutionExists) {
+    try { lastGenerated = statSync(CONSTITUTION_PATH).mtime.toISOString(); } catch { /* non-fatal */ }
+  }
+  return { installed, constitutionExists, constitutionPath: CONSTITUTION_PATH, lastGenerated };
+}

package/lib/stack.js ADDED Viewed

@@ -0,0 +1,410 @@
+// lib/stack.js — ClawArmor stack command handler
+// Subcommands: status, plan, deploy [--invariant|--ironcurtain|--all], sync, teardown
+import { unlinkSync } from 'fs';
+import { paint } from './output/colors.js';
+import { getStackStatus, getPlan } from './stack/index.js';
+import * as Invariant from './stack/invariant.js';
+import * as IronCurtain from './stack/ironcurtain.js';
+const SEP = paint.dim('─'.repeat(52));
+const VERSION = '3.0.0';
+function box(title) {
+  const W = 52, pad = W - 2 - title.length, l = Math.floor(pad / 2), r = pad - l;
+  return [
+    paint.dim('╔' + '═'.repeat(W - 2) + '╗'),
+    paint.dim('║') + ' '.repeat(l) + paint.bold(title) + ' '.repeat(r) + paint.dim('║'),
+    paint.dim('╚' + '═'.repeat(W - 2) + '╝'),
+  ].join('\n');
+}
+function riskBadge(level) {
+  if (level === 'critical') return paint.critical('⬤ Critical');
+  if (level === 'medium')   return paint.yellow('⬤ Medium');
+  if (level === 'low')      return paint.green('⬤ Low');
+  return paint.dim('⬤ Unknown');
+}
+// ── status ────────────────────────────────────────────────────────────────────
+async function stackStatus() {
+  console.log(''); console.log(box(`ClawArmor Stack  v${VERSION}`)); console.log('');
+  const { audit, profile } = await getStackStatus();
+  const scoreNote = profile.score != null ? `(audit score: ${profile.score}/100)` : '(no audit data)';
+  console.log(`  ${paint.dim('Risk profile')}    ${riskBadge(profile.level)}  ${paint.dim(scoreNote)}`);
+  console.log('');
+  console.log(SEP);
+  // Invariant
+  const inv = Invariant.getStatus();
+  const invIcon   = inv.rulesExist ? paint.green('✓') : paint.yellow('○');
+  const invStatus = inv.rulesExist
+    ? `${paint.green('deployed')} ${paint.dim(`(${inv.ruleCount} rule${inv.ruleCount !== 1 ? 's' : ''}, ~/.clawarmor/invariant-rules.inv)`)}`
+    : paint.dim('not deployed');
+  const invPip = inv.installed ? paint.green('pip: installed') : paint.yellow('pip: not installed');
+  console.log(`  ${invIcon} ${paint.bold('Invariant')}     ${invStatus}`);
+  console.log(`      ${paint.dim('Flow guardrails — detects multi-step attack chains')}`);
+  console.log(`      ${paint.dim(invPip)}`);
+  if (!inv.rulesExist) {
+    console.log(`      ${paint.dim('→ run: clawarmor stack deploy --invariant')}`);
+  }
+  console.log('');
+  // IronCurtain
+  const ic = IronCurtain.getStatus();
+  const icIcon   = ic.constitutionExists ? paint.green('✓') : paint.yellow('○');
+  const icStatus = ic.constitutionExists
+    ? `${paint.green('constitution exists')} ${paint.dim('(~/.ironcurtain/constitution-clawarmor.md)')}`
+    : paint.dim('not configured');
+  const icCli = ic.installed ? paint.green('cli: installed') : paint.yellow('cli: not installed');
+  console.log(`  ${icIcon} ${paint.bold('IronCurtain')}   ${icStatus}`);
+  console.log(`      ${paint.dim('Runtime constitution — policy-enforced tool call interception')}`);
+  console.log(`      ${paint.dim(icCli)}`);
+  if (!ic.constitutionExists) {
+    console.log(`      ${paint.dim('→ run: clawarmor stack deploy --ironcurtain')}`);
+  } else {
+    console.log(`      ${paint.dim('→ compile: ironcurtain compile-policy ~/.ironcurtain/constitution-clawarmor.md')}`);
+  }
+  console.log('');
+  console.log(SEP);
+  const layers = (inv.rulesExist ? 1 : 0) + (ic.constitutionExists ? 1 : 0);
+  const layerColor = layers >= 2 ? paint.green : layers === 1 ? paint.yellow : paint.red;
+  console.log(`  Stack coverage:  ${layerColor(String(layers))} / 2 layers active`);
+  if (layers < 2) {
+    console.log(`  ${paint.dim('→ run: clawarmor stack deploy --all')}`);
+  }
+  console.log('');
+  return 0;
+}
+// ── plan ──────────────────────────────────────────────────────────────────────
+async function stackPlan() {
+  console.log(''); console.log(box(`ClawArmor Stack  v${VERSION}`)); console.log('');
+  console.log(`  ${paint.cyan('Plan — what would be deployed (no changes made):')}`);
+  console.log('');
+  const { audit, profile } = await getStackStatus();
+  const plan = getPlan(profile);
+  console.log(`  ${paint.dim('Risk profile')}  ${riskBadge(profile.level)}`);
+  if (profile.score != null) console.log(`  ${paint.dim('Audit score')}   ${profile.score}/100`);
+  if (audit?.findings?.length) console.log(`  ${paint.dim('Findings')}      ${audit.findings.length} total`);
+  console.log('');
+  console.log(`  ${paint.dim('Deployment rationale:')}`);
+  console.log(`    ${plan.reason}`);
+  console.log('');
+  console.log(SEP);
+  console.log(`  ${paint.bold('Components:')}`);
+  console.log('');
+  const inv = Invariant.getStatus();
+  const invMark = plan.invariant
+    ? (inv.rulesExist ? paint.dim('○ already deployed') : paint.green('→ would deploy'))
+    : paint.dim('– not recommended for this risk level');
+  console.log(`  Invariant     ${invMark}`);
+  if (plan.invariant && !inv.rulesExist) {
+    console.log(`    ${paint.dim('Would: pip3 install invariant-ai')}`);
+    console.log(`    ${paint.dim('Would: generate rules from ' + (audit?.findings?.length || 0) + ' audit findings')}`);
+    console.log(`    ${paint.dim('Would: write ~/.clawarmor/invariant-rules.inv')}`);
+  }
+  console.log('');
+  const ic = IronCurtain.getStatus();
+  const icMark = plan.ironcurtain
+    ? (ic.constitutionExists ? paint.dim('○ already deployed') : paint.green('→ would deploy'))
+    : paint.dim('– not recommended for this risk level');
+  console.log(`  IronCurtain   ${icMark}`);
+  if (plan.ironcurtain && !ic.constitutionExists) {
+    console.log(`    ${paint.dim('Would: generate constitution from audit findings')}`);
+    console.log(`    ${paint.dim('Would: write ~/.ironcurtain/constitution-clawarmor.md')}`);
+    console.log(`    ${paint.dim('Then:  ironcurtain compile-policy (manual step)')}`);
+  }
+  console.log('');
+  console.log(SEP);
+  console.log(`  ${paint.dim('To apply: clawarmor stack deploy --all')}`);
+  console.log('');
+  return 0;
+}
+// ── deploy ────────────────────────────────────────────────────────────────────
+async function stackDeploy(flags) {
+  const doInvariant  = flags.invariant  || flags.all;
+  const doIronCurtain = flags.ironcurtain || flags.all;
+  console.log(''); console.log(box(`ClawArmor Stack  v${VERSION}`)); console.log('');
+  if (!doInvariant && !doIronCurtain) {
+    console.log(`  ${paint.yellow('!')} Specify a component to deploy:`);
+    console.log(`    ${paint.cyan('clawarmor stack deploy --invariant')}`);
+    console.log(`    ${paint.cyan('clawarmor stack deploy --ironcurtain')}`);
+    console.log(`    ${paint.cyan('clawarmor stack deploy --all')}`);
+    console.log('');
+    return 1;
+  }
+  const { audit, profile } = await getStackStatus();
+  const findings = audit?.findings ?? [];
+  console.log(`  ${paint.dim('Risk profile')}  ${riskBadge(profile.level)}`);
+  if (findings.length) {
+    console.log(`  ${paint.dim('Findings')}      ${findings.length} — generating configs from audit data`);
+  } else {
+    console.log(`  ${paint.dim('Findings')}      ${paint.dim('none — run clawarmor audit first for best results')}`);
+  }
+  console.log('');
+  let exitCode = 0;
+  // ── Invariant ──────────────────────────────────────────────────────────────
+  if (doInvariant) {
+    console.log(SEP);
+    console.log(`  ${paint.bold('Invariant')} — flow guardrails`);
+    console.log('');
+    const alreadyInstalled = Invariant.checkInstalled();
+    if (!alreadyInstalled) {
+      process.stdout.write(`  ${paint.dim('Installing invariant-ai via pip3...')} `);
+      const result = Invariant.install();
+      if (result.ok) {
+        process.stdout.write(paint.green('✓\n'));
+      } else {
+        process.stdout.write(paint.red('✗\n'));
+        console.log(`  ${paint.red('Error:')} ${result.err}`);
+        console.log(`  ${paint.dim('Try manually: pip3 install invariant-ai')}`);
+        exitCode = 1;
+      }
+    } else {
+      console.log(`  ${paint.green('✓')} invariant-ai already installed`);
+    }
+    process.stdout.write(`  ${paint.dim('Generating rules from audit findings...')} `);
+    const rules = Invariant.generateRules(findings);
+    process.stdout.write(paint.green('✓\n'));
+    process.stdout.write(`  ${paint.dim('Writing ~/.clawarmor/invariant-rules.inv...')} `);
+    const deployResult = Invariant.deploy(rules);
+    if (deployResult.ok) {
+      process.stdout.write(paint.green('✓\n'));
+      const s = Invariant.getStatus();
+      console.log(`  ${paint.green('✓')} Deployed: ${s.ruleCount} rule${s.ruleCount !== 1 ? 's' : ''}`);
+      console.log(`  ${paint.dim('Path:')} ${deployResult.rulesPath}`);
+    } else {
+      process.stdout.write(paint.red('✗\n'));
+      console.log(`  ${paint.red('Error:')} ${deployResult.err}`);
+      exitCode = 1;
+    }
+    console.log('');
+  }
+  // ── IronCurtain ────────────────────────────────────────────────────────────
+  if (doIronCurtain) {
+    console.log(SEP);
+    console.log(`  ${paint.bold('IronCurtain')} — runtime constitution`);
+    console.log('');
+    const icInstalled = IronCurtain.checkInstalled();
+    if (icInstalled) {
+      console.log(`  ${paint.green('✓')} ironcurtain CLI installed`);
+    } else {
+      console.log(`  ${paint.yellow('○')} ironcurtain CLI not installed ${paint.dim('(constitution generated regardless)')}`);
+      console.log(`  ${paint.dim('Install: npm install -g ironcurtain')}`);
+    }
+    process.stdout.write(`  ${paint.dim('Generating constitution from audit findings...')} `);
+    const constitution = IronCurtain.generateConstitution(findings);
+    process.stdout.write(paint.green('✓\n'));
+    process.stdout.write(`  ${paint.dim('Writing ~/.ironcurtain/constitution-clawarmor.md...')} `);
+    const writeResult = IronCurtain.writeConstitution(constitution);
+    if (writeResult.ok) {
+      process.stdout.write(paint.green('✓\n'));
+      console.log(`  ${paint.green('✓')} Constitution written: ${writeResult.path}`);
+    } else {
+      process.stdout.write(paint.red('✗\n'));
+      console.log(`  ${paint.red('Error:')} ${writeResult.err}`);
+      exitCode = 1;
+    }
+    console.log('');
+    console.log(`  ${paint.yellow('!')} Next step — compile the constitution into deterministic rules:`);
+    console.log(`    ${paint.dim('ironcurtain compile-policy ~/.ironcurtain/constitution-clawarmor.md')}`);
+    console.log('');
+  }
+  console.log(SEP);
+  const invS = Invariant.getStatus();
+  const icS  = IronCurtain.getStatus();
+  const layers = (invS.rulesExist ? 1 : 0) + (icS.constitutionExists ? 1 : 0);
+  const layerColor = layers >= 2 ? paint.green : layers === 1 ? paint.yellow : paint.red;
+  console.log(`  Stack coverage: ${layerColor(String(layers))} / 2 layers active`);
+  if (exitCode === 0) {
+    console.log(`  ${paint.green('✓')} Done. Run ${paint.cyan('clawarmor stack status')} to verify.`);
+  } else {
+    console.log(`  ${paint.yellow('!')} Completed with errors. Check output above.`);
+  }
+  console.log('');
+  return exitCode;
+}
+// ── sync ──────────────────────────────────────────────────────────────────────
+async function stackSync() {
+  console.log(''); console.log(box(`ClawArmor Stack  v${VERSION}`)); console.log('');
+  console.log(`  ${paint.cyan('Sync — regenerating stack configs from latest audit...')}`);
+  console.log('');
+  const { audit, profile } = await getStackStatus();
+  if (!audit) {
+    console.log(`  ${paint.yellow('!')} No audit data found.`);
+    console.log(`  ${paint.dim('Run clawarmor audit first, then clawarmor stack sync.')}`);
+    console.log('');
+    return 1;
+  }
+  const findings = audit.findings ?? [];
+  console.log(`  ${paint.dim('Audit score')}   ${profile.score ?? 'n/a'}/100  ${paint.dim('(' + findings.length + ' findings)')}`);
+  console.log('');
+  const invStatus = Invariant.getStatus();
+  const icStatus  = IronCurtain.getStatus();
+  let updated = 0;
+  if (invStatus.rulesExist) {
+    process.stdout.write(`  ${paint.dim('Invariant: regenerating rules...')} `);
+    const rules  = Invariant.generateRules(findings);
+    const result = Invariant.deploy(rules);
+    if (result.ok) { process.stdout.write(paint.green('✓\n')); updated++; }
+    else           { process.stdout.write(paint.red('✗\n')); console.log(`    ${paint.dim(result.err)}`); }
+  } else {
+    console.log(`  ${paint.dim('Invariant: not deployed — skipping')}`);
+  }
+  if (icStatus.constitutionExists) {
+    process.stdout.write(`  ${paint.dim('IronCurtain: regenerating constitution...')} `);
+    const constitution = IronCurtain.generateConstitution(findings);
+    const result = IronCurtain.writeConstitution(constitution);
+    if (result.ok) { process.stdout.write(paint.green('✓\n')); updated++; }
+    else           { process.stdout.write(paint.red('✗\n')); console.log(`    ${paint.dim(result.err)}`); }
+  } else {
+    console.log(`  ${paint.dim('IronCurtain: not deployed — skipping')}`);
+  }
+  console.log('');
+  if (updated > 0) {
+    console.log(`  ${paint.green('✓')} Synced ${updated} component${updated !== 1 ? 's' : ''} from latest audit.`);
+    if (icStatus.constitutionExists && IronCurtain.checkInstalled()) {
+      console.log(`  ${paint.yellow('!')} Re-compile IronCurtain constitution to take effect:`);
+      console.log(`    ${paint.dim('ironcurtain compile-policy ~/.ironcurtain/constitution-clawarmor.md')}`);
+    }
+  } else {
+    console.log(`  ${paint.dim('Nothing synced. Run clawarmor stack deploy --all to set up the stack.')}`);
+  }
+  console.log('');
+  return 0;
+}
+// ── teardown ──────────────────────────────────────────────────────────────────
+async function stackTeardown(flags) {
+  const doInvariant   = flags.invariant   || flags.all;
+  const doIronCurtain = flags.ironcurtain || flags.all;
+  console.log(''); console.log(box(`ClawArmor Stack  v${VERSION}`)); console.log('');
+  if (!doInvariant && !doIronCurtain) {
+    console.log(`  ${paint.yellow('!')} Specify a component to teardown:`);
+    console.log(`    ${paint.cyan('clawarmor stack teardown --invariant')}`);
+    console.log(`    ${paint.cyan('clawarmor stack teardown --ironcurtain')}`);
+    console.log(`    ${paint.cyan('clawarmor stack teardown --all')}`);
+    console.log('');
+    return 1;
+  }
+  console.log(`  ${paint.cyan('Teardown — removing deployed stack components...')}`);
+  console.log('');
+  const invStatus = Invariant.getStatus();
+  const icStatus  = IronCurtain.getStatus();
+  let removed = 0;
+  if (doInvariant) {
+    if (invStatus.rulesExist) {
+      try {
+        unlinkSync(invStatus.rulesPath);
+        console.log(`  ${paint.green('✓')} Invariant rules removed: ${invStatus.rulesPath}`);
+        removed++;
+      } catch (e) {
+        console.log(`  ${paint.red('✗')} Failed to remove Invariant rules: ${e.message?.split('\n')[0]}`);
+      }
+    } else {
+      console.log(`  ${paint.dim('○')} Invariant rules not found — nothing to remove`);
+    }
+  }
+  if (doIronCurtain) {
+    if (icStatus.constitutionExists) {
+      try {
+        unlinkSync(icStatus.constitutionPath);
+        console.log(`  ${paint.green('✓')} IronCurtain constitution removed: ${icStatus.constitutionPath}`);
+        removed++;
+      } catch (e) {
+        console.log(`  ${paint.red('✗')} Failed to remove IronCurtain constitution: ${e.message?.split('\n')[0]}`);
+      }
+    } else {
+      console.log(`  ${paint.dim('○')} IronCurtain constitution not found — nothing to remove`);
+    }
+  }
+  console.log('');
+  if (removed > 0) {
+    console.log(`  ${paint.green('✓')} Teardown complete. Removed ${removed} component${removed !== 1 ? 's' : ''}.`);
+  } else {
+    console.log(`  ${paint.dim('Nothing removed.')}`);
+  }
+  console.log('');
+  return 0;
+}
+// ── Main export ───────────────────────────────────────────────────────────────
+export async function runStack(args = []) {
+  const sub = args[0];
+  if (!sub || sub === 'status')  return stackStatus();
+  if (sub === 'plan')            return stackPlan();
+  if (sub === 'sync')            return stackSync();
+  if (sub === 'deploy') {
+    return stackDeploy({
+      invariant:   args.includes('--invariant'),
+      ironcurtain: args.includes('--ironcurtain'),
+      all:         args.includes('--all'),
+    });
+  }
+  if (sub === 'teardown') {
+    return stackTeardown({
+      invariant:   args.includes('--invariant'),
+      ironcurtain: args.includes('--ironcurtain'),
+      all:         args.includes('--all'),
+    });
+  }
+  console.log('');
+  console.log(`  ${paint.red('✗')} Unknown stack subcommand: ${paint.bold(sub)}`);
+  console.log('');
+  console.log(`  ${paint.bold('Stack subcommands:')}`);
+  console.log(`    ${paint.cyan('clawarmor stack status')}`);
+  console.log(`    ${paint.cyan('clawarmor stack plan')}`);
+  console.log(`    ${paint.cyan('clawarmor stack deploy --invariant | --ironcurtain | --all')}`);
+  console.log(`    ${paint.cyan('clawarmor stack sync')}`);
+  console.log(`    ${paint.cyan('clawarmor stack teardown --invariant | --ironcurtain | --all')}`);
+  console.log('');
+  return 1;
+}

package/lib/status.js CHANGED Viewed

@@ -8,6 +8,8 @@ import { paint } from './output/colors.js';
 import { scoreToGrade, scoreColor, gradeColor } from './output/progress.js';
 import { watchDaemonStatus } from './watch.js';
 import { getMonitorStatus } from './monitor.js';
+import { getStatus as getInvariantStatus } from './stack/invariant.js';
+import { getStatus as getIronCurtainStatus } from './stack/ironcurtain.js';
 const HOME = homedir();
 const OC_DIR = join(HOME, '.openclaw');
@@ -21,7 +23,7 @@ const FISH_FUNCTION_FILE = join(HOME, '.config', 'fish', 'functions', 'openclaw.
 const SHELL_MARKER = '# ClawArmor intercept — added by: clawarmor protect --install';
 const CRON_JOBS_FILE = join(OC_DIR, 'cron', 'jobs.json');
 const HOOKS_DIR = join(OC_DIR, 'hooks', 'clawarmor-guard');
-const VERSION = '2.2.0';
+const VERSION = '3.0.0';
 const SEP = paint.dim('─'.repeat(52));
@@ -256,6 +258,26 @@ export async function runStatus() {
   }
   console.log(`  ${paint.dim('Credentials')}   ${credStr}`);
+  // ── Stack protection ──────────────────────────────────────────────────────
+  {
+    const inv = getInvariantStatus();
+    const ic  = getIronCurtainStatus();
+    const layers = (inv.rulesExist ? 1 : 0) + (ic.constitutionExists ? 1 : 0);
+    const invStr = inv.rulesExist
+      ? `${paint.green('✓')} ${paint.dim(`Invariant (${inv.ruleCount} rule${inv.ruleCount !== 1 ? 's' : ''})`)}`
+      : `${paint.yellow('○')} ${paint.dim('Invariant: not deployed')}`;
+    const icStr = ic.constitutionExists
+      ? `${paint.green('✓')} ${paint.dim('IronCurtain (constitution exists)')}`
+      : `${paint.yellow('○')} ${paint.dim('IronCurtain: not configured')}`;
+    const layerColor = layers >= 2 ? paint.green : layers === 1 ? paint.yellow : paint.red;
+    console.log(`  ${paint.dim('Stack')}         ${layerColor(String(layers) + '/2')} ${paint.dim('layers')}  ${invStr}  ${icStr}`);
+    if (layers < 2) {
+      console.log(`               ${paint.dim('→ run: clawarmor stack deploy --all')}`);
+    }
+  }
   console.log('');
   console.log(SEP);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "clawarmor",
-  "version": "2.2.1",
+  "version": "3.0.1",
   "description": "Security armor for OpenClaw agents — audit, scan, monitor",
   "bin": {
     "clawarmor": "cli.js"