clawarmor 3.0.0 → 3.1.0

package/README.md

@@ -1,6 +1,6 @@
 # ClawArmor
 
-Security armor for OpenClaw agents — audit, scan, monitor.
+The security control plane for OpenClaw agents — audit, harden, and orchestrate your full protection stack.
 
 [![npm version](https://img.shields.io/npm/v/clawarmor?color=3fb950&label=npm&style=flat-square)](https://www.npmjs.com/package/clawarmor)
 [![license](https://img.shields.io/badge/license-MIT-blue?style=flat-square)](LICENSE)
@@ -8,43 +8,77 @@ Security armor for OpenClaw agents — audit, scan, monitor.
 
 ## What it does
 
-- Audits your OpenClaw config and live gateway with 30+ checks — scored 0–100
-- Scans every installed skill file for malicious code and prompt injection patterns
-- Guards every install: intercepts `openclaw clawhub install`, pre-scans before activation
+AI agent security isn't one tool — it's a stack. ClawArmor is the foundation and control plane:
+
+1. **Audits** your OpenClaw config and live gateway — 30+ checks, scored 0–100
+2. **Hardens** your setup — auto-applies safe fixes, snapshots before every change
+3. **Orchestrates** the full security stack — deploys and configures [Invariant Guardrails](https://github.com/invariantlabs-ai/invariant) and [IronCurtain](https://github.com/provos/ironcurtain) based on your audit results
+
+```
+clawarmor audit          → understand your risk (0–100 score)
+clawarmor stack plan     → see what protection stack your risk profile needs
+clawarmor stack deploy   → deploy it in one command
+clawarmor stack sync     → keep everything aligned after changes
+```
 
 ## Quick start
 
 ```bash
 npm install -g clawarmor
-clawarmor protect --install
-clawarmor audit
+clawarmor protect --install   # install guard hooks
+clawarmor audit               # score your setup
+clawarmor stack deploy --all  # deploy full protection stack
 ```
 
+## The Stack
+
+ClawArmor sits at the foundation and orchestrates the layers above it:
+
+| Layer | Tool | What it does | ClawArmor role |
+|---|---|---|---|
+| **Foundation** | ClawArmor | Config hygiene, credential checks, skill supply chain | Audits + hardens |
+| **Flow guardrails** | [Invariant](https://github.com/invariantlabs-ai/invariant) | Detects multi-step attack chains at runtime | Generates rules from audit findings |
+| **Runtime sandbox** | [IronCurtain](https://github.com/provos/ironcurtain) | Policy-enforced tool call interception, V8 isolate | Generates constitution from audit findings |
+| **Action gating** | [Latch](https://github.com/latchagent/latch) | Human approval for risky actions via Telegram | Coming in v3.2 |
+
+`clawarmor stack deploy` reads your audit score, generates the right config for each tool, and deploys them. `clawarmor stack sync` keeps everything updated as your setup changes.
+
 ## Commands
 
+### Core
+
 | Command | Description |
 |---|---|
 | `audit` | Score your OpenClaw config (0–100), live gateway probes, plain-English verdict |
 | `scan` | Scan all installed skill files for malicious code and SKILL.md instructions |
 | `prescan <skill>` | Pre-scan a skill before installing — blocks on CRITICAL findings |
-| `protect --install` | Install guard hook, shell intercept (zsh/bash/fish), and watch daemon |
-| `protect --uninstall` | Remove all ClawArmor protection components |
-| `protect --status` | Show current protection state |
-| `watch` | Monitor config and skill changes in real time |
-| `watch --daemon` | Start the watcher as a background daemon |
-| `harden` | Interactive hardening wizard (--dry-run, --auto) |
+| `fix` | Auto-apply safe fixes (--dry-run to preview, --apply to run) |
+| `harden` | Interactive hardening wizard (--dry-run, --auto, --monitor) |
 | `status` | One-screen security posture dashboard |
-| `log` | View the audit event log |
-| `digest` | Show weekly security digest |
 | `verify` | Re-run only previously-failed checks (CI-friendly, exit 0 = all fixed) |
+
+### Stack Orchestration
+
+| Command | Description |
+|---|---|
+| `stack status` | Show all stack components, install state, config state |
+| `stack plan` | Preview what would be deployed based on current audit (no changes) |
+| `stack deploy` | Deploy stack components (--invariant, --ironcurtain, --all) |
+| `stack sync` | Regenerate stack configs from latest audit — run after harden/fix |
+| `stack teardown` | Remove deployed stack components |
+
+### History & Monitoring
+
+| Command | Description |
+|---|---|
 | `trend` | ASCII chart of your security score over time |
 | `compare` | Compare coverage vs openclaw security audit |
-| `fix` | Auto-apply safe fixes (--dry-run to preview, --apply to run) |
+| `log` | View the audit event log |
+| `digest` | Show weekly security digest |
+| `watch` | Monitor config and skill changes in real time |
+| `protect --install` | Install guard hook, shell intercept (zsh/bash/fish), and watch daemon |
 | `snapshot` | Save a config snapshot manually (auto-saved before every harden/fix) |
 | `rollback` | Restore config from auto-snapshot (--list, --id <id>) |
-| `harden --monitor` | Enable monitor mode — observe before enforcing |
-| `harden --monitor-report` | Show what monitor mode has observed |
-| `harden --monitor-off` | Disable monitor mode |
 
 ## What it catches
 
@@ -59,13 +93,14 @@ clawarmor audit
 | Live gateway auth | WebSocket probe — does server actually reject unauthenticated connections? | Full |
 | CORS misconfiguration | OPTIONS probe with arbitrary origin | Full |
 | Gateway exposure | TCP-connects to every non-loopback interface | Full |
-| Runtime policy enforcement | Requires a runtime layer (SupraWall) | None |
+| Multi-step attack chains | read→exfil, inject→execute flows (via Invariant) | Full (with stack) |
+| Runtime tool call interception | Policy-enforced sandboxing (via IronCurtain) | Full (with stack) |
 
 ## Safety features
 
-**Impact classification** — Every fix is tagged 🟢 Safe, 🟡 Caution, or 🔴 Breaking. `--auto` mode skips breaking changes unless you pass `--force`.
+**Impact classification** — Every fix is tagged 🟢 Safe, 🟡 Caution, or 🔴 Breaking. `--auto` skips breaking changes unless you pass `--force`.
 
-**Config snapshots** — ClawArmor auto-saves your config before every `harden` or `fix` run. If something breaks, roll back instantly:
+**Config snapshots** — Auto-saves before every `harden` or `fix` run:
 
 ```bash
 clawarmor rollback --list    # see all snapshots
@@ -73,7 +108,7 @@ clawarmor rollback           # restore the latest
 clawarmor rollback --id <n>  # restore a specific one
 ```
 
-**Monitor mode** — Observe what `harden` would do before enforcing:
+**Monitor mode** — Observe what `harden` would change before enforcing:
 
 ```bash
 clawarmor harden --monitor        # start monitoring
@@ -87,6 +122,8 @@ ClawArmor runs entirely on your machine — no telemetry, no cloud, no accounts.
 It has zero npm runtime dependencies, using only Node.js built-ins.
 Every run prints exactly what files it reads and what network calls it makes before executing anything.
 
+The full security stack for AI agents doesn't exist as one product. ClawArmor is the foundation that ties it together.
+
 ## License
 
 MIT

package/cli.js

@@ -3,7 +3,7 @@
 
 import { paint } from './lib/output/colors.js';
 
-const VERSION = '3.0.0';
+const VERSION = '3.1.0';
 const GATEWAY_PORT_DEFAULT = 18789;
 
 function isLocalhost(host) {
@@ -51,9 +51,11 @@ function usage() {
   console.log(`    ${paint.cyan('watch')}    Monitor config and skill changes in real time`);
   console.log(`    ${paint.cyan('protect')}  Install/uninstall/status the full guard system`);
   console.log(`    ${paint.cyan('prescan')}  Pre-scan a skill before installing it`);
-  console.log(`    ${paint.cyan('stack')}    Security orchestrator — deploy Invariant + IronCurtain from audit data`);
-  console.log(`    ${paint.cyan('log')}      View the audit event log`);
-  console.log(`    ${paint.cyan('digest')}   Show weekly security digest`);
+  console.log(`    ${paint.cyan('stack')}         Security orchestrator — deploy Invariant + IronCurtain from audit data`);
+  console.log(`    ${paint.cyan('skill-report')}  Show post-install audit impact of last skill install`);
+  console.log(`    ${paint.cyan('profile')}       Manage contextual hardening profiles`);
+  console.log(`    ${paint.cyan('log')}            View the audit event log`);
+  console.log(`    ${paint.cyan('digest')}         Show weekly security digest`);
   console.log('');
   console.log(`  ${paint.dim('Flags:')}`);
   console.log(`    ${paint.dim('--url <host:port>')}   Probe a specific host:port instead of 127.0.0.1`);
@@ -83,6 +85,9 @@ const parsedUrl = parseUrlFlag(urlArg);
 const configIdx = args.indexOf('--config');
 const configPathArg = configIdx !== -1 ? args[configIdx + 1] : null;
 
+const profileIdx = args.indexOf('--profile');
+const profileArg = profileIdx !== -1 ? args[profileIdx + 1] : null;
+
 const flags = {
   json: args.includes('--json'),
   explainReads: args.includes('--explain-reads'),
@@ -90,6 +95,7 @@ const flags = {
   targetPort: parsedUrl?.port || null,
   configPath: configPathArg || null,
   acceptChanges: args.includes('--accept-changes'),
+  profile: profileArg || null,
 };
 
 if (!cmd || cmd === '--help' || cmd === '-h' || cmd === 'help') { usage(); process.exit(0); }
@@ -201,6 +207,7 @@ if (cmd === 'log') {
 }
 
 if (cmd === 'harden') {
+  const hardenProfileIdx = args.indexOf('--profile');
   const hardenFlags = {
     dryRun: args.includes('--dry-run'),
     auto: args.includes('--auto'),
@@ -208,6 +215,7 @@ if (cmd === 'harden') {
     monitor: args.includes('--monitor'),
     monitorReport: args.includes('--monitor-report'),
     monitorOff: args.includes('--monitor-off'),
+    profile: hardenProfileIdx !== -1 ? args[hardenProfileIdx + 1] : null,
   };
   const { runHarden } = await import('./lib/harden.js');
   process.exit(await runHarden(hardenFlags));
@@ -239,5 +247,17 @@ if (cmd === 'stack') {
   process.exit(await runStack(stackArgs));
 }
 
+if (cmd === 'skill-report') {
+  const { runSkillReport } = await import('./lib/skill-report.js');
+  const srFlags = { apply: args.includes('--apply') };
+  process.exit(await runSkillReport(srFlags));
+}
+
+if (cmd === 'profile') {
+  const { runProfileCmd } = await import('./lib/profile-cmd.js');
+  const profileArgs = args.slice(1);
+  process.exit(await runProfileCmd(profileArgs));
+}
+
 console.log(`  ${paint.red('✗')} Unknown command: ${paint.bold(cmd)}`);
 usage(); process.exit(1);

package/lib/audit.js

@@ -1,5 +1,6 @@
 import { loadConfig } from './config.js';
 import { paint, severityColor } from './output/colors.js';
+import { getProfile, isExpectedFinding } from './profiles.js';
 import { progressBar, scoreColor, gradeColor, scoreToGrade } from './output/progress.js';
 import { probeGatewayLive } from './probes/gateway-probe.js';
 import { discoverRunningInstance } from './discovery.js';
@@ -74,6 +75,19 @@ function appendHistory(entry) {
 export async function runAudit(flags = {}) {
   const GATEWAY_PORT_DEFAULT = 18789;
 
+  // Load active profile (from flag or saved file)
+  let profileName = flags.profile || null;
+  if (!profileName) {
+    try {
+      const { readFileSync: rfs, existsSync: efs } = await import('fs');
+      const { join: pjoin } = await import('path');
+      const { homedir: phome } = await import('os');
+      const pFile = pjoin(phome(), '.clawarmor', 'profile.json');
+      if (efs(pFile)) profileName = JSON.parse(rfs(pFile, 'utf8')).name || null;
+    } catch { /* non-fatal */ }
+  }
+  const activeProfile = profileName ? getProfile(profileName) : null;
+
   // ── DISCOVERY: find what's actually running ──────────────────────────────
   let discovery = null;
   // Only auto-discover when no --url override was given
@@ -96,6 +110,11 @@ export async function runAudit(flags = {}) {
 
   console.log(''); console.log(box('ClawArmor Audit  v' + VERSION)); console.log('');
 
+  if (activeProfile) {
+    console.log(`  ${paint.dim('Profile:')} ${paint.cyan(activeProfile.name)} ${paint.dim('—')} ${activeProfile.description}`);
+    console.log('');
+  }
+
   if (error) {
     console.log(`  ${paint.red('✗')} ${error}`); console.log(''); process.exit(2);
   }
@@ -180,11 +199,25 @@ export async function runAudit(flags = {}) {
   const results = [...liveFindingResults, ...staticResults];
   const failed = results.filter(r => !r.passed);
   const passed = results.filter(r => r.passed);
-  const criticals = failed.filter(r => r.severity === 'CRITICAL').length;
+
+  // Annotate expected findings for active profile
+  const annotatedFailed = failed.map(f => {
+    if (activeProfile && isExpectedFinding(activeProfile.name, f.id)) {
+      return { ...f, _profileExpected: true };
+    }
+    return f;
+  });
+
+  // Score: expected findings don't count against the score
+  const scoringFailed = activeProfile
+    ? annotatedFailed.filter(f => !f._profileExpected)
+    : annotatedFailed;
+
+  const criticals = scoringFailed.filter(r => r.severity === 'CRITICAL').length;
 
   // Score with floor rules
   let score = 100;
-  for (const f of failed) score -= (W[f.severity] || 0);
+  for (const f of scoringFailed) score -= (W[f.severity] || 0);
   score = Math.max(0, score);
   if (criticals >= 2) score = Math.min(score, 25);
   else if (criticals >= 1) score = Math.min(score, 50);
@@ -196,12 +229,12 @@ export async function runAudit(flags = {}) {
   console.log(`  ${paint.bold('Security Score:')} ${colorFn(score+'/100')}  ${paint.dim('┃')}  Grade: ${gradeColor(grade)}`);
   console.log(`  ${colorFn(progressBar(score,20))}  ${paint.dim(score+'%')}`);
 
-  // Human verdict
+  // Human verdict (uses scoringFailed for accurate verdict)
   {
-    const openCriticals = failed.filter(f => f.severity === 'CRITICAL').length;
-    const openHighs = failed.filter(f => f.severity === 'HIGH').length;
+    const openCriticals = scoringFailed.filter(f => f.severity === 'CRITICAL').length;
+    const openHighs = scoringFailed.filter(f => f.severity === 'HIGH').length;
     let verdict;
-    if (!failed.length) {
+    if (!scoringFailed.length) {
       verdict = paint.green('Your instance is secure. No issues found.');
     } else if (openCriticals >= 1) {
       verdict = paint.red('Your instance has CRITICAL exposure. Fix immediately before using.');
@@ -215,7 +248,7 @@ export async function runAudit(flags = {}) {
   }
 
   if (flags.json) {
-    console.log(JSON.stringify({score,grade,failed,passed},null,2));
+    console.log(JSON.stringify({score,grade,failed: annotatedFailed,passed},null,2));
     const histJ = loadHistory();
     const prevScoreJ = histJ.length ? histJ[histJ.length - 1].score : null;
     const deltaJ = prevScoreJ != null ? score - prevScoreJ : null;
@@ -224,23 +257,30 @@ export async function runAudit(flags = {}) {
       trigger: 'manual',
       score,
       delta: deltaJ,
-      findings: failed.map(f => ({ id: f.id, severity: f.severity })),
+      findings: annotatedFailed.map(f => ({ id: f.id, severity: f.severity })),
       blocked: null,
       skill: null,
     });
     appendHistory({ timestamp: new Date().toISOString(), score, grade,
-      findings: failed.length, criticals, version: VERSION,
-      failedIds: failed.map(f => f.id) });
+      findings: annotatedFailed.length, criticals, version: VERSION,
+      failedIds: annotatedFailed.map(f => f.id) });
     return 0;
   }
 
   for (const sev of ['CRITICAL','HIGH','MEDIUM','LOW']) {
-    const group = failed.filter(f => f.severity === sev);
+    const group = annotatedFailed.filter(f => f.severity === sev);
     if (!group.length) continue;
     console.log(''); console.log(SEP);
     console.log(`  ${severityColor[sev](sev)}${paint.dim('  ('+group.length+' finding'+(group.length>1?'s':'')+')')}`);
     console.log(SEP);
-    for (const f of group) printFinding(f);
+    for (const f of group) {
+      if (f._profileExpected) {
+        console.log('');
+        console.log(`  ${paint.dim('○')} ${paint.dim('[profile: expected]')} ${paint.dim(f.title)}`);
+      } else {
+        printFinding(f);
+      }
+    }
   }
 
   if (passed.length) {
@@ -254,10 +294,12 @@ export async function runAudit(flags = {}) {
   }
 
   console.log(''); console.log(SEP);
-  if (!failed.length) {
+  if (!scoringFailed.length) {
     console.log(`  ${paint.green('✓')} ${paint.bold('All checks passed.')}`);
   } else {
-    console.log(`  ${failed.length} issue${failed.length>1?'s':''} found. Fix above to improve score.`);
+    const expectedCount = annotatedFailed.length - scoringFailed.length;
+    const suffix = expectedCount > 0 ? ` ${paint.dim(`(${expectedCount} expected for profile)`)}` : '';
+    console.log(`  ${scoringFailed.length} issue${scoringFailed.length>1?'s':''} found. Fix above to improve score.${suffix}`);
   }
   console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor scan')} ${paint.dim('to check installed skills.')}`);
   console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor trend')} ${paint.dim('to see score history.')}`);
@@ -291,7 +333,7 @@ export async function runAudit(flags = {}) {
     trigger: 'manual',
     score,
     delta,
-    findings: failed.map(f => ({ id: f.id, severity: f.severity })),
+    findings: annotatedFailed.map(f => ({ id: f.id, severity: f.severity })),
     blocked: null,
     skill: null,
   });
@@ -301,10 +343,10 @@ export async function runAudit(flags = {}) {
     timestamp: new Date().toISOString(),
     score,
     grade,
-    findings: failed.length,
+    findings: annotatedFailed.length,
     criticals,
     version: VERSION,
-    failedIds: failed.map(f => f.id),
+    failedIds: annotatedFailed.map(f => f.id),
   });
 
   return failed.length > 0 ? 1 : 0;

package/lib/harden.js

@@ -15,6 +15,7 @@ import { scoreToGrade, scoreColor, gradeColor } from './output/progress.js';
 import { loadConfig, get } from './config.js';
 import { saveSnapshot } from './snapshot.js';
 import { enableMonitor, disableMonitor, getMonitorStatus, printMonitorReport } from './monitor.js';
+import { getProfile, isExpectedFinding, getOverriddenSeverity } from './profiles.js';
 
 const HOME = homedir();
 const OC_DIR = join(HOME, '.openclaw');
@@ -255,10 +256,47 @@ export async function runHarden(flags = {}) {
     return 0;
   }
 
+  // Load active profile (from flag or saved file)
+  let profileName = flags.profile || null;
+  if (!profileName) {
+    try {
+      const { readFileSync: rfs, existsSync: efs } = await import('fs');
+      const { join: pjoin } = await import('path');
+      const { homedir: phome } = await import('os');
+      const pFile = pjoin(phome(), '.clawarmor', 'profile.json');
+      if (efs(pFile)) profileName = JSON.parse(rfs(pFile, 'utf8')).name || null;
+    } catch { /* non-fatal */ }
+  }
+  const profile = profileName ? getProfile(profileName) : null;
+
   console.log(''); console.log(box('ClawArmor Harden  v2.1')); console.log('');
 
+  if (profile) {
+    console.log(`  ${paint.dim('Profile:')} ${paint.cyan(profile.name)} ${paint.dim('—')} ${profile.description}`);
+    console.log('');
+  }
+
   const { config, configPath } = loadConfig();
-  const fixes = buildFixes(config);
+  const allFixes = buildFixes(config);
+
+  // When profile is set, skip or adjust fixes for expected capabilities
+  const fixes = allFixes.map(fix => {
+    if (!profile) return fix;
+    const overrideSev = getOverriddenSeverity(profile.name, fix.id);
+    const expected = isExpectedFinding(profile.name, fix.id);
+    if (expected) {
+      // Mark as expected — skip entirely from harden output
+      return { ...fix, _skipForProfile: true };
+    }
+    if (overrideSev) {
+      // Upgrade to higher severity if unexpected for this profile
+      const currentWeight = { SAFE: 1, CAUTION: 2, BREAKING: 3 };
+      const upgradeMap = { HIGH: IMPACT.BREAKING, MEDIUM: IMPACT.CAUTION, INFO: IMPACT.SAFE };
+      const newImpact = upgradeMap[overrideSev] || fix.impact;
+      return { ...fix, impact: newImpact, _profileOverride: overrideSev };
+    }
+    return fix;
+  }).filter(fix => !fix._skipForProfile);
 
   // ── Monitor enable (advisory only, no apply) ───────────────────────────────
   if (flags.monitor) {

package/lib/profile-cmd.js

@@ -0,0 +1,214 @@
+// lib/profile-cmd.js — clawarmor profile command
+// Subcommands: list, detect, set <name>, show
+
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { paint } from './output/colors.js';
+import { listProfiles, getProfile, detectProfile } from './profiles.js';
+import { loadConfig } from './config.js';
+
+const HOME = homedir();
+const CLAWARMOR_DIR = join(HOME, '.clawarmor');
+const PROFILE_FILE = join(CLAWARMOR_DIR, 'profile.json');
+const SEP = paint.dim('─'.repeat(52));
+
+function box(title) {
+  const W = 52, pad = W - 2 - title.length, l = Math.floor(pad / 2), r = pad - l;
+  return [
+    paint.dim('╔' + '═'.repeat(W - 2) + '╗'),
+    paint.dim('║') + ' '.repeat(l) + paint.bold(title) + ' '.repeat(r) + paint.dim('║'),
+    paint.dim('╚' + '═'.repeat(W - 2) + '╝'),
+  ].join('\n');
+}
+
+function readCurrentProfile() {
+  try {
+    if (!existsSync(PROFILE_FILE)) return null;
+    return JSON.parse(readFileSync(PROFILE_FILE, 'utf8'));
+  } catch { return null; }
+}
+
+function writeProfile(name) {
+  try {
+    mkdirSync(CLAWARMOR_DIR, { recursive: true });
+    writeFileSync(PROFILE_FILE, JSON.stringify({ name, setAt: new Date().toISOString() }, null, 2), 'utf8');
+    return true;
+  } catch { return false; }
+}
+
+function profileBadge(name) {
+  const badges = {
+    coding:    paint.cyan('coding'),
+    browsing:  paint.green('browsing'),
+    messaging: paint.yellow('messaging'),
+    general:   paint.dim('general'),
+  };
+  return badges[name] || paint.dim(name);
+}
+
+async function listCmd() {
+  console.log(''); console.log(box('ClawArmor Profiles')); console.log('');
+  console.log(`  ${paint.bold('Available profiles:')}`);
+  console.log('');
+
+  const current = readCurrentProfile();
+  const profiles = listProfiles();
+
+  for (const p of profiles) {
+    const isCurrent = current?.name === p.name;
+    const marker = isCurrent ? paint.green('→') : paint.dim('·');
+    const badge = profileBadge(p.name);
+    console.log(`  ${marker} ${badge.padEnd(12)}  ${p.description}`);
+    if (p.allowedCapabilities.length > 0) {
+      console.log(`       ${paint.dim('allows:')} ${paint.dim(p.allowedCapabilities.join(', '))}`);
+    }
+    if (p.restrictedCapabilities.length > 0) {
+      console.log(`       ${paint.dim('restricts:')} ${paint.dim(p.restrictedCapabilities.join(', '))}`);
+    }
+    console.log('');
+  }
+
+  if (current) {
+    console.log(`  ${paint.dim('Current profile:')} ${profileBadge(current.name)}`);
+  } else {
+    console.log(`  ${paint.dim('No profile set. Defaulting to')} ${profileBadge('general')}`);
+    console.log(`  ${paint.dim('Set with:')} ${paint.cyan('clawarmor profile set <name>')}`);
+  }
+  console.log('');
+  return 0;
+}
+
+async function detectCmd() {
+  console.log(''); console.log(box('ClawArmor Profile Detect')); console.log('');
+
+  const { config } = loadConfig();
+  const { profile: detected, reasons } = detectProfile(config);
+
+  console.log(`  ${paint.bold('Auto-detected profile:')} ${profileBadge(detected)}`);
+  console.log('');
+  console.log(`  ${paint.dim('Reasoning:')}`);
+  for (const reason of reasons) {
+    console.log(`    ${paint.dim('·')} ${reason}`);
+  }
+  console.log('');
+
+  const profileDef = getProfile(detected);
+  if (profileDef) {
+    console.log(`  ${paint.dim('Profile description:')} ${profileDef.description}`);
+  }
+
+  const current = readCurrentProfile();
+  if (current && current.name !== detected) {
+    console.log('');
+    console.log(`  ${paint.yellow('!')} Current profile is ${profileBadge(current.name)}, detected ${profileBadge(detected)}`);
+    console.log(`  ${paint.dim('Run')} ${paint.cyan(`clawarmor profile set ${detected}`)} ${paint.dim('to switch.')}`);
+  } else if (!current) {
+    console.log('');
+    console.log(`  ${paint.dim('Run')} ${paint.cyan(`clawarmor profile set ${detected}`)} ${paint.dim('to activate this profile.')}`);
+  }
+
+  console.log('');
+  return 0;
+}
+
+async function setCmd(name) {
+  if (!name) {
+    console.log('');
+    console.log(`  ${paint.red('✗')} Profile name required.`);
+    console.log(`  Usage: ${paint.cyan('clawarmor profile set <name>')}`);
+    console.log(`  Available: ${listProfiles().map(p => p.name).join(', ')}`);
+    console.log('');
+    return 1;
+  }
+
+  const profile = getProfile(name);
+  if (!profile) {
+    console.log('');
+    console.log(`  ${paint.red('✗')} Unknown profile: ${paint.bold(name)}`);
+    console.log(`  Available: ${listProfiles().map(p => p.name).join(', ')}`);
+    console.log('');
+    return 1;
+  }
+
+  const ok = writeProfile(name);
+  console.log('');
+  if (ok) {
+    console.log(`  ${paint.green('✓')} Profile set to ${profileBadge(name)}`);
+    console.log(`  ${paint.dim(profile.description)}`);
+    console.log('');
+    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor harden --profile ' + name)} ${paint.dim('for profile-aware recommendations.')}`);
+    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor audit --profile ' + name)} ${paint.dim('for profile-adjusted scoring.')}`);
+  } else {
+    console.log(`  ${paint.red('✗')} Failed to write profile to ${PROFILE_FILE}`);
+  }
+  console.log('');
+  return ok ? 0 : 1;
+}
+
+async function showCmd() {
+  console.log(''); console.log(box('ClawArmor Current Profile')); console.log('');
+
+  const current = readCurrentProfile();
+
+  if (!current) {
+    console.log(`  ${paint.dim('No profile set.')}`);
+    console.log(`  ${paint.dim('Defaulting to general — no relaxations or restrictions applied.')}`);
+    console.log('');
+    console.log(`  ${paint.dim('Set a profile:')} ${paint.cyan('clawarmor profile set <name>')}`);
+    console.log(`  ${paint.dim('Auto-detect:')}   ${paint.cyan('clawarmor profile detect')}`);
+    console.log('');
+    return 0;
+  }
+
+  const profileDef = getProfile(current.name);
+  const setAt = current.setAt ? new Date(current.setAt).toLocaleString('en-US', { dateStyle: 'medium', timeStyle: 'short' }) : 'unknown';
+
+  console.log(`  ${paint.bold('Profile:')}  ${profileBadge(current.name)}`);
+  console.log(`  ${paint.bold('Set at:')}   ${setAt}`);
+  console.log('');
+
+  if (profileDef) {
+    console.log(`  ${paint.dim(profileDef.description)}`);
+    console.log('');
+    if (profileDef.allowedCapabilities.length > 0) {
+      console.log(`  ${paint.green('Allowed:')}    ${profileDef.allowedCapabilities.join(', ')}`);
+    }
+    if (profileDef.restrictedCapabilities.length > 0) {
+      console.log(`  ${paint.yellow('Restricted:')} ${profileDef.restrictedCapabilities.join(', ')}`);
+    }
+    if (Object.keys(profileDef.checkWeightOverrides).length > 0) {
+      console.log('');
+      console.log(`  ${paint.dim('Check overrides:')}`);
+      for (const [check, severity] of Object.entries(profileDef.checkWeightOverrides)) {
+        console.log(`    ${paint.dim(check)} → ${severity}`);
+      }
+    }
+  }
+
+  console.log('');
+  console.log(`  ${paint.dim('Change profile:')} ${paint.cyan('clawarmor profile set <name>')}`);
+  console.log(`  ${paint.dim('List profiles:')}  ${paint.cyan('clawarmor profile list')}`);
+  console.log('');
+  return 0;
+}
+
+export async function runProfileCmd(args = []) {
+  const sub = args[0];
+
+  if (!sub || sub === 'list') return listCmd();
+  if (sub === 'detect')       return detectCmd();
+  if (sub === 'set')          return setCmd(args[1]);
+  if (sub === 'show')         return showCmd();
+
+  console.log('');
+  console.log(`  ${paint.red('✗')} Unknown profile subcommand: ${paint.bold(sub)}`);
+  console.log('');
+  console.log(`  ${paint.bold('Profile subcommands:')}`);
+  console.log(`    ${paint.cyan('clawarmor profile list')}`);
+  console.log(`    ${paint.cyan('clawarmor profile detect')}`);
+  console.log(`    ${paint.cyan('clawarmor profile set <name>')}`);
+  console.log(`    ${paint.cyan('clawarmor profile show')}`);
+  console.log('');
+  return 1;
+}

package/lib/profiles.js

@@ -0,0 +1,159 @@
+// lib/profiles.js — Contextual hardening profiles
+// Profiles adjust harden/audit recommendations based on what the agent actually does.
+
+const PROFILES = {
+  coding: {
+    name: 'coding',
+    description: 'Code-focused agent — exec, file write, git are expected. External sends are restricted.',
+    allowedCapabilities: ['exec', 'file.write', 'git', 'file.read'],
+    restrictedCapabilities: ['external.send', 'external.network', 'channel.external'],
+    checkWeightOverrides: {
+      // exec being enabled is EXPECTED for a coding agent — downgrade severity
+      'exec.ask.off': 'INFO',
+      'exec.approval': 'INFO',
+      // external sends from a coding agent are UNEXPECTED — upgrade severity
+      'channel.groupPolicy': 'HIGH',
+      'channel.allowFrom': 'HIGH',
+    },
+  },
+  browsing: {
+    name: 'browsing',
+    description: 'Web browsing agent — fetch and read are expected. File writes and exec are restricted.',
+    allowedCapabilities: ['fetch', 'file.read', 'web'],
+    restrictedCapabilities: ['exec', 'file.write', 'channel.external'],
+    checkWeightOverrides: {
+      // file writes from a browsing agent are UNEXPECTED
+      'filesystem.perms': 'HIGH',
+      // exec from a browsing agent is UNEXPECTED
+      'exec.ask.off': 'HIGH',
+      'exec.approval': 'HIGH',
+    },
+  },
+  messaging: {
+    name: 'messaging',
+    description: 'Messaging agent — channel access and send are expected. Exec and file access are restricted.',
+    allowedCapabilities: ['channel.send', 'channel.read', 'message'],
+    restrictedCapabilities: ['exec', 'file.write', 'file.read'],
+    checkWeightOverrides: {
+      // channel sends are EXPECTED for a messaging agent — downgrade severity
+      'channel.groupPolicy': 'INFO',
+      'channel.allowFrom': 'INFO',
+      // exec from a messaging agent is UNEXPECTED
+      'exec.ask.off': 'HIGH',
+      'exec.approval': 'HIGH',
+    },
+  },
+  general: {
+    name: 'general',
+    description: 'General-purpose agent — balanced defaults. No relaxations or extra restrictions.',
+    allowedCapabilities: [],
+    restrictedCapabilities: [],
+    checkWeightOverrides: {},
+  },
+};
+
+/**
+ * Get a profile by name.
+ * @param {string} name
+ * @returns {object|null}
+ */
+export function getProfile(name) {
+  return PROFILES[name] || null;
+}
+
+/**
+ * List all available profiles.
+ * @returns {object[]}
+ */
+export function listProfiles() {
+  return Object.values(PROFILES);
+}
+
+/**
+ * Auto-detect profile from openclaw config.
+ * @param {object} config - parsed openclaw.json
+ * @returns {{ profile: string, reasons: string[] }}
+ */
+export function detectProfile(config) {
+  if (!config) return { profile: 'general', reasons: ['No config found — using general profile'] };
+
+  const reasons = [];
+
+  // Check for exec tools
+  const execEnabled = config?.tools?.exec?.enabled !== false && config?.exec?.enabled !== false;
+  const execAsk = config?.tools?.exec?.ask ?? config?.exec?.ask;
+  const hasExec = execEnabled && execAsk !== 'always';
+
+  // Check for web/fetch tools
+  const hasWeb = !!(
+    config?.tools?.fetch || config?.tools?.web ||
+    (config?.skills && JSON.stringify(config.skills).toLowerCase().includes('browser'))
+  );
+
+  // Check for channel/messaging tools
+  const hasChannels = !!(
+    config?.channels || config?.messaging ||
+    (config?.tools && JSON.stringify(config.tools).toLowerCase().includes('channel'))
+  );
+
+  // Check for git
+  const hasGit = !!(
+    config?.tools?.git ||
+    (config?.skills && JSON.stringify(config.skills).toLowerCase().includes('git'))
+  );
+
+  // Decision logic
+  if (hasExec && hasGit && !hasChannels) {
+    reasons.push('exec tools present → coding agent');
+    if (hasGit) reasons.push('git tools detected → coding profile');
+    return { profile: 'coding', reasons };
+  }
+
+  if (hasChannels && !hasExec) {
+    reasons.push('channel/messaging tools present → messaging agent');
+    return { profile: 'messaging', reasons };
+  }
+
+  if (hasWeb && !hasExec && !hasChannels) {
+    reasons.push('web/fetch tools present → browsing agent');
+    return { profile: 'browsing', reasons };
+  }
+
+  reasons.push('No strong signal detected → using general profile');
+  return { profile: 'general', reasons };
+}
+
+/**
+ * Check if a finding is expected for a given profile.
+ * @param {string} profileName
+ * @param {string} checkId - the check/finding id
+ * @returns {boolean}
+ */
+export function isExpectedFinding(profileName, checkId) {
+  const profile = getProfile(profileName);
+  if (!profile) return false;
+  const id = (checkId || '').toLowerCase();
+  // Check if this finding's id matches any allowed capability patterns
+  // For exec findings in a coding profile, they're expected
+  if (profileName === 'coding' && (id.includes('exec') && (id.includes('ask') || id.includes('approval')))) return true;
+  if (profileName === 'messaging' && (id.includes('channel') && (id.includes('group') || id.includes('allow')))) return true;
+  return false;
+}
+
+/**
+ * Get overridden severity for a check in a given profile.
+ * @param {string} profileName
+ * @param {string} checkId
+ * @param {string} defaultSeverity
+ * @returns {string} overridden or original severity
+ */
+export function getOverriddenSeverity(profileName, checkId) {
+  const profile = getProfile(profileName);
+  if (!profile) return null;
+  const id = (checkId || '').toLowerCase();
+  // Check overrides by matching check id prefixes
+  for (const [pattern, overrideSev] of Object.entries(profile.checkWeightOverrides)) {
+    if (id.includes(pattern.toLowerCase())) return overrideSev;
+  }
+  return null;
+}

package/lib/protect.js

@@ -68,7 +68,8 @@ Install with: \`clawarmor protect --install\`
 `;
 
 const HANDLER_JS = `// clawarmor-guard hook handler
-// Fires on gateway:startup. Silent unless score drops or CRITICAL finding appears.
+// Fires on gateway:startup and after clawhub skill installs.
+// Silent unless score drops or CRITICAL finding appears.
 // No external dependencies.
 
 import { spawnSync } from 'child_process';
@@ -79,6 +80,7 @@ import { homedir } from 'os';
 const HOME = homedir();
 const CLAWARMOR_DIR = join(HOME, '.clawarmor');
 const LAST_SCORE_FILE = join(CLAWARMOR_DIR, 'last-score.json');
+const SKILL_REPORT_FILE = join(CLAWARMOR_DIR, 'skill-install-report.json');
 
 function readLastScore() {
   try {
@@ -109,8 +111,81 @@ function runAuditJson() {
   return null;
 }
 
-// Main hook entry point — called by openclaw on gateway:startup
+function runStackSync() {
+  try {
+    spawnSync('clawarmor', ['stack', 'sync'], {
+      encoding: 'utf8',
+      timeout: 60000,
+      stdio: 'ignore',
+    });
+  } catch {}
+}
+
+function buildProposedFixes(newFindings) {
+  const fixes = [];
+  for (const f of newFindings) {
+    const id = (f.id || '').toLowerCase();
+    if (id.includes('exec') && id.includes('ask')) {
+      fixes.push('openclaw config set tools.exec.ask on-miss');
+    } else if (id.includes('gateway') && id.includes('host')) {
+      fixes.push('openclaw config set gateway.host 127.0.0.1');
+    } else if (id.includes('cred') || id.includes('filesystem')) {
+      fixes.push('clawarmor harden --auto');
+    } else if (id.includes('skill')) {
+      fixes.push('clawarmor scan');
+    }
+  }
+  return [...new Set(fixes)];
+}
+
+function handleSkillInstall(skillName, scoreBefore, auditResult) {
+  const scoreAfter = auditResult?.score ?? null;
+  if (scoreAfter === null) return;
+
+  // Regenerate stack rules for new tool surface
+  runStackSync();
+
+  const scoreDelta = scoreAfter - scoreBefore;
+
+  if (scoreDelta < 0) {
+    const prevFailed = [];
+    const newFailed = auditResult.failed || [];
+    // newFindings = findings in new audit not previously known
+    const lastState = readLastScore();
+    const prevIds = new Set((lastState?.failedIds || []));
+    const newFindings = newFailed.filter(f => !prevIds.has(f.id));
+    const proposedFixes = buildProposedFixes(newFindings);
+
+    const report = {
+      skill: skillName,
+      installedAt: new Date().toISOString(),
+      scoreBefore,
+      scoreAfter,
+      scoreDelta,
+      newFindings,
+      proposedFixes,
+    };
+
+    try {
+      mkdirSync(CLAWARMOR_DIR, { recursive: true });
+      writeFileSync(SKILL_REPORT_FILE, JSON.stringify(report, null, 2), 'utf8');
+    } catch {}
+
+    console.error(\`⚠ ClawArmor: skill install dropped score \${scoreBefore}→\${scoreAfter} (\${scoreDelta}). Run: clawarmor stack sync && clawarmor fix --dry-run\`);
+  } else {
+    console.error(\`✓ ClawArmor: score unchanged after install (\${scoreAfter}/100)\`);
+  }
+}
+
+// Main hook entry point — called by openclaw on gateway:startup and clawhub install
 export default async function handler(event) {
+  const isSkillInstall = event?.type === 'clawhub:install' || event?.skill;
+  const skillName = event?.skill || event?.args?.[0] || null;
+
+  // Capture score before install (for skill diff)
+  const lastState = readLastScore();
+  const lastScore = lastState?.score ?? null;
+
   let auditResult;
   try {
     auditResult = runAuditJson();
@@ -122,14 +197,20 @@ export default async function handler(event) {
   if (!auditResult) return;
 
   const newScore = auditResult.score ?? null;
-  const lastState = readLastScore();
-  const lastScore = lastState?.score ?? null;
   const isFirstRun = lastScore === null;
 
   if (newScore !== null) {
     if (isFirstRun) {
-      writeLastScore({ score: newScore, grade: auditResult.grade, timestamp: new Date().toISOString() });
+      writeLastScore({
+        score: newScore,
+        grade: auditResult.grade,
+        failedIds: (auditResult.failed || []).map(f => f.id),
+        timestamp: new Date().toISOString(),
+      });
       // First run — establish baseline silently
+      if (isSkillInstall && skillName) {
+        runStackSync();
+      }
       return;
     }
 
@@ -142,9 +223,16 @@ export default async function handler(event) {
       score: newScore,
       grade: auditResult.grade,
       criticals: newCriticalCount,
+      failedIds: (auditResult.failed || []).map(f => f.id),
       timestamp: new Date().toISOString(),
     });
 
+    // Skill install post-audit diff
+    if (isSkillInstall && skillName) {
+      handleSkillInstall(skillName, lastScore, auditResult);
+      return;
+    }
+
     if (newCriticalCount > hadCriticals) {
       // New CRITICAL finding — alert immediately
       const names = newCriticals.map(f => f.id || f.title).join(', ');

package/lib/skill-report.js

@@ -0,0 +1,124 @@
+// lib/skill-report.js — Show post-install skill audit impact report
+// Generated automatically after each skill install via the clawarmor-guard hook.
+
+import { existsSync, readFileSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { spawnSync } from 'child_process';
+import { paint } from './output/colors.js';
+
+const HOME = homedir();
+const CLAWARMOR_DIR = join(HOME, '.clawarmor');
+const SKILL_REPORT_FILE = join(CLAWARMOR_DIR, 'skill-install-report.json');
+const SEP = paint.dim('─'.repeat(52));
+
+function box(title) {
+  const W = 52, pad = W - 2 - title.length, l = Math.floor(pad / 2), r = pad - l;
+  return [
+    paint.dim('╔' + '═'.repeat(W - 2) + '╗'),
+    paint.dim('║') + ' '.repeat(l) + paint.bold(title) + ' '.repeat(r) + paint.dim('║'),
+    paint.dim('╚' + '═'.repeat(W - 2) + '╝'),
+  ].join('\n');
+}
+
+function readReport() {
+  try {
+    if (!existsSync(SKILL_REPORT_FILE)) return null;
+    return JSON.parse(readFileSync(SKILL_REPORT_FILE, 'utf8'));
+  } catch { return null; }
+}
+
+function applyFixes(fixes) {
+  let applied = 0, failed = 0;
+  for (const fix of fixes) {
+    try {
+      const result = spawnSync(fix, { shell: true, encoding: 'utf8', timeout: 30000, stdio: 'pipe' });
+      if (result.status === 0) {
+        console.log(`  ${paint.green('✓')} ${fix}`);
+        applied++;
+      } else {
+        console.log(`  ${paint.red('✗')} ${fix} — ${(result.stderr || '').split('\n')[0]}`);
+        failed++;
+      }
+    } catch (e) {
+      console.log(`  ${paint.red('✗')} ${fix} — ${e.message?.split('\n')[0]}`);
+      failed++;
+    }
+  }
+  return { applied, failed };
+}
+
+export async function runSkillReport(flags = {}) {
+  console.log(''); console.log(box('ClawArmor Skill Report')); console.log('');
+
+  const report = readReport();
+
+  if (!report) {
+    console.log(`  ${paint.dim('No skill install report found.')}`);
+    console.log(`  ${paint.dim('Reports are generated automatically after each skill install.')}`);
+    console.log('');
+    return 0;
+  }
+
+  const installedAt = new Date(report.installedAt).toLocaleString('en-US', { dateStyle: 'medium', timeStyle: 'short' });
+  const deltaStr = report.scoreDelta > 0
+    ? paint.green(`+${report.scoreDelta}`)
+    : report.scoreDelta < 0
+      ? paint.red(String(report.scoreDelta))
+      : paint.dim('±0');
+
+  console.log(`  ${paint.bold('Skill:')}        ${report.skill}`);
+  console.log(`  ${paint.bold('Installed:')}    ${installedAt}`);
+  console.log(`  ${paint.bold('Score:')}        ${report.scoreBefore}/100 → ${report.scoreAfter}/100  (${deltaStr})`);
+  console.log('');
+
+  if (report.newFindings && report.newFindings.length > 0) {
+    console.log(SEP);
+    console.log(`  ${paint.bold('New findings after install:')}`);
+    console.log('');
+    for (const f of report.newFindings) {
+      const sev = f.severity || 'INFO';
+      const sevColors = { CRITICAL: paint.red, HIGH: paint.red, MEDIUM: paint.yellow, LOW: paint.dim, INFO: paint.dim };
+      const sevColor = sevColors[sev] || paint.dim;
+      console.log(`  ${paint.red('✗')} ${paint.bold(f.title || f.id)}  ${paint.dim('←')} ${sevColor(sev)}`);
+      if (f.description) {
+        for (const line of (f.description || '').split('\n').slice(0, 2)) {
+          console.log(`    ${paint.dim(line)}`);
+        }
+      }
+    }
+    console.log('');
+  } else {
+    console.log(`  ${paint.green('✓')} No new findings introduced by this install.`);
+    console.log('');
+  }
+
+  if (report.proposedFixes && report.proposedFixes.length > 0) {
+    console.log(SEP);
+    console.log(`  ${paint.bold('Proposed fixes:')}`);
+    console.log('');
+    for (const fix of report.proposedFixes) {
+      console.log(`    ${paint.cyan('$')} ${fix}`);
+    }
+    console.log('');
+
+    if (flags.apply) {
+      console.log(SEP);
+      console.log(`  ${paint.cyan('Applying proposed fixes...')}`);
+      console.log('');
+      const { applied, failed } = applyFixes(report.proposedFixes);
+      console.log('');
+      console.log(`  Applied: ${paint.green(String(applied))}  Failed: ${failed > 0 ? paint.red(String(failed)) : paint.dim('0')}`);
+      console.log('');
+      return failed > 0 ? 1 : 0;
+    } else {
+      console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor skill-report --apply')} ${paint.dim('to apply these fixes.')}`);
+      console.log('');
+    }
+  } else {
+    console.log(`  ${paint.dim('No auto-fixable issues proposed.')}`);
+    console.log('');
+  }
+
+  return 0;
+}

package/lib/stack/invariant.js

@@ -207,7 +207,7 @@ export function deploy(rulesContent) {
 
 /**
  * Get current status of Invariant integration.
- * @returns {{ installed: boolean, rulesExist: boolean, rulesPath: string, ruleCount: number, lastDeployed: string|null }}
+ * @returns {{ installed: boolean, rulesExist: boolean, rulesPath: string, ruleCount: number, lastDeployed: string|null, enforcing: boolean }}
  */
 export function getStatus() {
   const installed = checkInstalled();
@@ -216,9 +216,12 @@ export function getStatus() {
   if (rulesExist) {
     try {
       const content = readFileSync(RULES_PATH, 'utf8');
+      // Count non-comment rules (lines starting with 'raise')
       ruleCount = (content.match(/^raise /gm) || []).length;
       lastDeployed = statSync(RULES_PATH).mtime.toISOString();
     } catch { /* non-fatal */ }
   }
-  return { installed, rulesExist, rulesPath: RULES_PATH, ruleCount, lastDeployed };
+  // enforcing = pip installed + rules file exists + at least 1 non-comment rule
+  const enforcing = installed && rulesExist && ruleCount > 0;
+  return { installed, rulesExist, rulesPath: RULES_PATH, ruleCount, lastDeployed, enforcing };
 }

package/lib/stack/ironcurtain.js

@@ -2,7 +2,7 @@
 // IronCurtain: English constitution → LLM compiles to deterministic rules → runtime enforcement.
 // We generate the Markdown constitution from audit findings. User runs compile-policy themselves.
 
-import { existsSync, writeFileSync, mkdirSync, statSync } from 'fs';
+import { existsSync, writeFileSync, mkdirSync, statSync, readdirSync } from 'fs';
 import { join } from 'path';
 import { homedir } from 'os';
 import { spawnSync } from 'child_process';
@@ -180,16 +180,32 @@ export function writeConstitution(content) {
   }
 }
 
+/**
+ * Check if ~/.ironcurtain/generated/ exists and has compiled output.
+ * @returns {boolean}
+ */
+function checkCompiled() {
+  const generatedDir = join(IRONCURTAIN_DIR, 'generated');
+  if (!existsSync(generatedDir)) return false;
+  try {
+    const entries = readdirSync(generatedDir);
+    return entries.length > 0;
+  } catch { return false; }
+}
+
 /**
  * Get current status of IronCurtain integration.
- * @returns {{ installed: boolean, constitutionExists: boolean, constitutionPath: string, lastGenerated: string|null }}
+ * @returns {{ installed: boolean, constitutionExists: boolean, constitutionPath: string, lastGenerated: string|null, compiled: boolean, enforcing: boolean }}
  */
 export function getStatus() {
-  const installed = checkInstalled();
+  const cliInstalled = checkInstalled();
   const constitutionExists = existsSync(CONSTITUTION_PATH);
+  const compiled = checkCompiled();
   let lastGenerated = null;
   if (constitutionExists) {
     try { lastGenerated = statSync(CONSTITUTION_PATH).mtime.toISOString(); } catch { /* non-fatal */ }
   }
-  return { installed, constitutionExists, constitutionPath: CONSTITUTION_PATH, lastGenerated };
+  // enforcing = cli installed + compiled output exists
+  const enforcing = cliInstalled && compiled;
+  return { installed: cliInstalled, cliInstalled, constitutionExists, constitutionPath: CONSTITUTION_PATH, lastGenerated, compiled, enforcing };
 }

package/lib/stack.js

@@ -8,7 +8,7 @@ import * as Invariant from './stack/invariant.js';
 import * as IronCurtain from './stack/ironcurtain.js';
 
 const SEP = paint.dim('─'.repeat(52));
-const VERSION = '3.0.0';
+const VERSION = '3.1.0';
 
 function box(title) {
   const W = 52, pad = W - 2 - title.length, l = Math.floor(pad / 2), r = pad - l;
@@ -39,41 +39,62 @@ async function stackStatus() {
 
   // Invariant
   const inv = Invariant.getStatus();
-  const invIcon   = inv.rulesExist ? paint.green('✓') : paint.yellow('○');
-  const invStatus = inv.rulesExist
-    ? `${paint.green('deployed')} ${paint.dim(`(${inv.ruleCount} rule${inv.ruleCount !== 1 ? 's' : ''}, ~/.clawarmor/invariant-rules.inv)`)}`
-    : paint.dim('not deployed');
+  let invIcon, invStatus;
+  if (inv.enforcing) {
+    invIcon = paint.green('✓');
+    invStatus = `${paint.green('✓ actively enforcing')} ${paint.dim(`(${inv.ruleCount} rule${inv.ruleCount !== 1 ? 's' : ''})`)}`;
+  } else if (inv.rulesExist && inv.ruleCount > 0) {
+    invIcon = paint.yellow('○');
+    invStatus = `${paint.yellow('✓ rules generated')} ${paint.dim(`(${inv.ruleCount} rule${inv.ruleCount !== 1 ? 's' : ''}, not enforcing)`)}`;
+  } else {
+    invIcon = paint.yellow('○');
+    invStatus = paint.dim('not deployed');
+  }
   const invPip = inv.installed ? paint.green('pip: installed') : paint.yellow('pip: not installed');
   console.log(`  ${invIcon} ${paint.bold('Invariant')}     ${invStatus}`);
   console.log(`      ${paint.dim('Flow guardrails — detects multi-step attack chains')}`);
   console.log(`      ${paint.dim(invPip)}`);
   if (!inv.rulesExist) {
     console.log(`      ${paint.dim('→ run: clawarmor stack deploy --invariant')}`);
+  } else if (!inv.enforcing) {
+    console.log(`      ${paint.yellow('⚠')} Rules generated but not enforcing — install invariant-ai to activate: ${paint.cyan('pip3 install invariant-ai')}`);
   }
   console.log('');
 
   // IronCurtain
   const ic = IronCurtain.getStatus();
-  const icIcon   = ic.constitutionExists ? paint.green('✓') : paint.yellow('○');
-  const icStatus = ic.constitutionExists
-    ? `${paint.green('constitution exists')} ${paint.dim('(~/.ironcurtain/constitution-clawarmor.md)')}`
-    : paint.dim('not configured');
-  const icCli = ic.installed ? paint.green('cli: installed') : paint.yellow('cli: not installed');
+  let icIcon, icStatus;
+  if (ic.enforcing) {
+    icIcon = paint.green('✓');
+    icStatus = paint.green('✓ compiled + running');
+  } else if (ic.constitutionExists) {
+    icIcon = paint.yellow('○');
+    icStatus = `${paint.yellow('✓ constitution written')} ${paint.dim('(not compiled)')}`;
+  } else {
+    icIcon = paint.yellow('○');
+    icStatus = paint.dim('not configured');
+  }
+  const icCli = ic.cliInstalled ? paint.green('cli: installed') : paint.yellow('cli: not installed');
   console.log(`  ${icIcon} ${paint.bold('IronCurtain')}   ${icStatus}`);
   console.log(`      ${paint.dim('Runtime constitution — policy-enforced tool call interception')}`);
   console.log(`      ${paint.dim(icCli)}`);
   if (!ic.constitutionExists) {
     console.log(`      ${paint.dim('→ run: clawarmor stack deploy --ironcurtain')}`);
-  } else {
-    console.log(`      ${paint.dim('→ compile: ironcurtain compile-policy ~/.ironcurtain/constitution-clawarmor.md')}`);
+  } else if (!ic.enforcing) {
+    console.log(`      ${paint.yellow('⚠')} Constitution written but not compiled — run: ${paint.cyan('ironcurtain compile-policy ~/.ironcurtain/constitution-clawarmor.md')}`);
   }
   console.log('');
 
   console.log(SEP);
-  const layers = (inv.rulesExist ? 1 : 0) + (ic.constitutionExists ? 1 : 0);
-  const layerColor = layers >= 2 ? paint.green : layers === 1 ? paint.yellow : paint.red;
-  console.log(`  Stack coverage:  ${layerColor(String(layers))} / 2 layers active`);
-  if (layers < 2) {
+  // Count enforcing layers, not just deployed
+  const enforcingLayers = (inv.enforcing ? 1 : 0) + (ic.enforcing ? 1 : 0);
+  const layerColor = enforcingLayers >= 2 ? paint.green : enforcingLayers === 1 ? paint.yellow : paint.red;
+  console.log(`  Stack coverage:  ${layerColor(String(enforcingLayers))} / 2 layers enforcing`);
+  if (enforcingLayers < 2) {
+    const generatedLayers = (inv.rulesExist ? 1 : 0) + (ic.constitutionExists ? 1 : 0);
+    if (generatedLayers > enforcingLayers) {
+      console.log(`  ${paint.dim(`(${generatedLayers} layer${generatedLayers !== 1 ? 's' : ''} generated but not yet enforcing)`)}`);
+    }
     console.log(`  ${paint.dim('→ run: clawarmor stack deploy --all')}`);
   }
   console.log('');
@@ -240,9 +261,9 @@ async function stackDeploy(flags) {
   console.log(SEP);
   const invS = Invariant.getStatus();
   const icS  = IronCurtain.getStatus();
-  const layers = (invS.rulesExist ? 1 : 0) + (icS.constitutionExists ? 1 : 0);
-  const layerColor = layers >= 2 ? paint.green : layers === 1 ? paint.yellow : paint.red;
-  console.log(`  Stack coverage: ${layerColor(String(layers))} / 2 layers active`);
+  const deployedLayers = (invS.rulesExist ? 1 : 0) + (icS.constitutionExists ? 1 : 0);
+  const layerColor = deployedLayers >= 2 ? paint.green : deployedLayers === 1 ? paint.yellow : paint.red;
+  console.log(`  Stack coverage: ${layerColor(String(deployedLayers))} / 2 layers generated`);
   if (exitCode === 0) {
     console.log(`  ${paint.green('✓')} Done. Run ${paint.cyan('clawarmor stack status')} to verify.`);
   } else {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawarmor",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "description": "Security armor for OpenClaw agents — audit, scan, monitor",
   "bin": {
     "clawarmor": "cli.js"