clawclamp 0.1.6 → 0.1.7

package/README.md

@@ -24,6 +24,8 @@ plugins:
         principalId: openclaw
         policyStoreUri: file:///path/to/policy-store.json
         policyFailOpen: false
+        # 可选：UI 访问令牌（非 loopback 时可通过 ?token= 或 X-OpenClaw-Token 访问）
+        # uiToken: "your-ui-token"
         risk:
           default: high
           overrides:
@@ -43,3 +45,13 @@ plugins:
 ## UI
 
 Open the gateway path `/plugins/clawclamp` to view audit logs, toggle gray mode, and create short-term grants.
+
+UI access rules:
+
+- Loopback (127.0.0.1 / ::1) is allowed without a token.
+- Non-loopback requires a token via `?token=` or `X-OpenClaw-Token` / `Authorization: Bearer`.
+
+Policy management:
+
+- The UI includes a Cedar policy panel for CRUD.
+- If `policyStoreUri` is set, policies are read-only.

package/assets/app.js

@@ -14,6 +14,17 @@ const grantNoteInput = qs("grant-note");
 const grantHint = qs("grant-hint");
 const grantsEl = qs("grants");
 const auditEl = qs("audit");
+const policyListEl = qs("policy-list");
+const policyIdInput = qs("policy-id");
+const policyContentInput = qs("policy-content");
+const policyCreateBtn = qs("policy-create");
+const policyUpdateBtn = qs("policy-update");
+const policyDeleteBtn = qs("policy-delete");
+const policyStatusEl = qs("policy-status");
+const policySchemaEl = qs("policy-schema");
+let policyReadOnly = false;
+let policies = [];
+let deniedTools = new Set();
 
 async function fetchJson(path, opts = {}) {
   const res = await fetch(path, {
@@ -98,7 +109,8 @@ function renderAudit(entries) {
 
   const header = document.createElement("div");
   header.className = "table-row header";
-  header.innerHTML = "<div>时间</div><div>工具</div><div>决策</div><div>风险</div><div>说明</div>";
+  header.innerHTML =
+    "<div>时间</div><div>工具</div><div>决策</div><div>风险</div><div>说明</div><div>操作</div>";
 
   auditEl.innerHTML = "";
   auditEl.appendChild(header);
@@ -107,24 +119,87 @@ function renderAudit(entries) {
     const row = document.createElement("div");
     row.className = "table-row";
     const badgeClass = decisionBadge(entry.decision);
+    const canAllow = entry.decision === "deny" || entry.decision === "allow_grayed";
+    const isDenied = deniedTools.has(entry.toolName) || deniedTools.has("*");
+    const canDeny = entry.decision === "allow" && !isDenied;
     row.innerHTML = `
       <div>${formatTime(entry.timestamp)}</div>
       <div class="mono">${entry.toolName}</div>
       <div class="badge ${badgeClass}">${decisionLabel(entry.decision)}</div>
       <div>${riskLabel(entry.risk)}</div>
       <div>${entry.reason || entry.error || ""}</div>
+      <div class="actions">
+        ${canAllow ? "<button class=\"btn mini\" data-action=\"allow\">一键允许</button>" : ""}
+        ${canDeny ? "<button class=\"btn mini warn\" data-action=\"deny\">一键拒绝</button>" : ""}
+      </div>
     `;
+    const allowBtn = row.querySelector("button[data-action=\"allow\"]");
+    if (allowBtn) {
+      allowBtn.addEventListener("click", async () => {
+        await fetchJson(`${API_BASE}/grants`, {
+          method: "POST",
+          body: JSON.stringify({ toolName: entry.toolName }),
+        });
+        await refreshAll();
+      });
+    }
+    const denyBtn = row.querySelector("button[data-action=\"deny\"]");
+    if (denyBtn) {
+      denyBtn.addEventListener("click", async () => {
+        await fetchJson(`${API_BASE}/denies`, {
+          method: "POST",
+          body: JSON.stringify({ toolName: entry.toolName }),
+        });
+        await refreshAll();
+      });
+    }
     auditEl.appendChild(row);
   });
 }
 
+function renderPolicyList(list) {
+  policies = list;
+  if (!list.length) {
+    policyListEl.innerHTML = "<div class=\"note\">暂无策略。</div>";
+    return;
+  }
+  policyListEl.innerHTML = "";
+  list.forEach((policy) => {
+    const item = document.createElement("button");
+    item.className = "policy-item";
+    item.textContent = policy.id;
+    item.addEventListener("click", () => {
+      policyIdInput.value = policy.id;
+      policyContentInput.value = policy.content || "";
+      policyStatusEl.textContent = "";
+    });
+    policyListEl.appendChild(item);
+  });
+}
+
+async function refreshPolicies() {
+  const result = await fetchJson(`${API_BASE}/policies`);
+  policyReadOnly = result.readOnly === true;
+  renderPolicyList(result.policies || []);
+  policySchemaEl.textContent = result.schema || "";
+  policyCreateBtn.disabled = policyReadOnly;
+  policyUpdateBtn.disabled = policyReadOnly;
+  policyDeleteBtn.disabled = policyReadOnly;
+  if (policyReadOnly) {
+    policyStatusEl.textContent = "policyStoreUri 模式下为只读。";
+  }
+}
+
 async function refreshAll() {
   const state = await fetchJson(`${API_BASE}/state`);
   renderMode(state);
   const grants = await fetchJson(`${API_BASE}/grants`);
   renderGrants(grants.grants || []);
+  const denies = await fetchJson(`${API_BASE}/denies`);
+  deniedTools = new Set(denies.tools || []);
   const logs = await fetchJson(`${API_BASE}/logs`);
   renderAudit(logs.entries || []);
+  await refreshPolicies();
 }
 
 refreshBtn.addEventListener("click", () => {
@@ -164,3 +239,53 @@ grantForm.addEventListener("submit", async (event) => {
 
 refreshAll();
 setInterval(refreshAll, 10_000);
+
+policyCreateBtn.addEventListener("click", async () => {
+  const id = policyIdInput.value.trim();
+  const content = policyContentInput.value.trim();
+  if (!content) {
+    policyStatusEl.textContent = "请输入 Policy 内容。";
+    return;
+  }
+  const body = { content, ...(id ? { id } : {}) };
+  await fetchJson(`${API_BASE}/policies`, {
+    method: "POST",
+    body: JSON.stringify(body),
+  });
+  policyStatusEl.textContent = "已新增策略。";
+  await refreshPolicies();
+});
+
+policyUpdateBtn.addEventListener("click", async () => {
+  const id = policyIdInput.value.trim();
+  const content = policyContentInput.value.trim();
+  if (!id) {
+    policyStatusEl.textContent = "请选择或填写 Policy ID。";
+    return;
+  }
+  if (!content) {
+    policyStatusEl.textContent = "请输入 Policy 内容。";
+    return;
+  }
+  await fetchJson(`${API_BASE}/policies/${encodeURIComponent(id)}`, {
+    method: "PUT",
+    body: JSON.stringify({ content }),
+  });
+  policyStatusEl.textContent = "已保存策略。";
+  await refreshPolicies();
+});
+
+policyDeleteBtn.addEventListener("click", async () => {
+  const id = policyIdInput.value.trim();
+  if (!id) {
+    policyStatusEl.textContent = "请选择或填写 Policy ID。";
+    return;
+  }
+  await fetchJson(`${API_BASE}/policies/${encodeURIComponent(id)}`, {
+    method: "DELETE",
+  });
+  policyStatusEl.textContent = "已删除策略。";
+  policyIdInput.value = "";
+  policyContentInput.value = "";
+  await refreshPolicies();
+});

package/assets/index.html

@@ -68,6 +68,36 @@
         <div class="note">最近的工具调用记录（允许、拒绝、灰度放行）。</div>
         <div class="table" id="audit"></div>
       </section>
+
+      <section class="card">
+        <h2>Cedar 策略</h2>
+        <div class="note">查看与维护当前策略集（policyStoreUri 配置时为只读）。</div>
+        <div class="policy-grid">
+          <div class="policy-list" id="policy-list"></div>
+          <div class="policy-editor">
+            <div class="policy-form">
+              <label>
+                Policy ID
+                <input id="policy-id" placeholder="policy-id" />
+              </label>
+              <label>
+                Policy 内容
+                <textarea id="policy-content" rows="8" placeholder="permit(principal, action, resource) when { ... }"></textarea>
+              </label>
+              <div class="policy-actions">
+                <button id="policy-create" class="btn primary">新增</button>
+                <button id="policy-update" class="btn">保存</button>
+                <button id="policy-delete" class="btn warn">删除</button>
+              </div>
+              <div id="policy-status" class="note"></div>
+            </div>
+            <div class="policy-schema">
+              <div class="label">Schema</div>
+              <pre id="policy-schema"></pre>
+            </div>
+          </div>
+        </div>
+      </section>
     </div>
 
     <script type="module" src="/plugins/clawclamp/assets/app.js"></script>

package/assets/styles.css

@@ -1,17 +1,17 @@
 :root {
   color-scheme: light;
-  --bg: #f5f1ea;
+  --bg: #f2f3f5;
   --panel: #ffffff;
-  --ink: #1b1b1b;
-  --muted: #5b5b5b;
-  --accent: #1a4dff;
-  --accent-2: #ff8b2c;
-  --warn: #d64b31;
-  --border: #e5ddd0;
-  --shadow: 0 12px 40px rgba(0, 0, 0, 0.08);
-  --radius: 16px;
-  --mono: "IBM Plex Mono", "SFMono-Regular", "Menlo", "Consolas", monospace;
-  --sans: "Space Grotesk", "Avenir Next", "Segoe UI", sans-serif;
+  --ink: #0f1115;
+  --muted: #5f6774;
+  --accent: #00a3ff;
+  --accent-2: #7c8cff;
+  --warn: #ff5b4d;
+  --border: #d7dbe2;
+  --shadow: 0 10px 30px rgba(4, 8, 16, 0.08);
+  --radius: 10px;
+  --mono: "JetBrains Mono", "IBM Plex Mono", "SFMono-Regular", "Menlo", "Consolas", monospace;
+  --sans: "Space Grotesk", "IBM Plex Sans", "Segoe UI", sans-serif;
 }
 
 * {
@@ -20,28 +20,28 @@
 
 body {
   margin: 0;
-  font-family: var(--sans);
-  background: radial-gradient(circle at top, #fdfbf7 0%, var(--bg) 50%, #efe7db 100%);
+  font-family: var(--mono);
+  background: radial-gradient(circle at top, #ffffff 0%, var(--bg) 45%, #e7eaef 100%);
   color: var(--ink);
 }
 
 .page {
-  max-width: 1180px;
+  max-width: 1120px;
   margin: 0 auto;
-  padding: 32px 24px 48px;
+  padding: 20px 18px 32px;
 }
 
 .header {
   display: flex;
   align-items: flex-start;
   justify-content: space-between;
-  gap: 24px;
-  padding: 24px;
+  gap: 16px;
+  padding: 16px 18px;
   background: var(--panel);
   border-radius: var(--radius);
   box-shadow: var(--shadow);
   border: 1px solid var(--border);
-  margin-bottom: 24px;
+  margin-bottom: 16px;
 }
 
 .eyebrow {
@@ -53,8 +53,9 @@ body {
 }
 
 h1 {
-  margin: 0 0 6px;
-  font-size: 2.2rem;
+  margin: 0 0 4px;
+  font-size: 1.6rem;
+  letter-spacing: 0.02em;
 }
 
 .subhead {
@@ -70,35 +71,36 @@ h1 {
 
 .grid {
   display: grid;
-  grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
-  gap: 20px;
-  margin-bottom: 24px;
+  grid-template-columns: repeat(auto-fit, minmax(240px, 1fr));
+  gap: 12px;
+  margin-bottom: 16px;
 }
 
 .card {
   background: var(--panel);
   border-radius: var(--radius);
-  padding: 20px;
+  padding: 14px;
   border: 1px solid var(--border);
   box-shadow: var(--shadow);
 }
 
 h2 {
-  margin: 0 0 12px;
-  font-size: 1.2rem;
+  margin: 0 0 8px;
+  font-size: 1rem;
+  letter-spacing: 0.02em;
 }
 
 .mode-row {
   display: flex;
   align-items: center;
   justify-content: space-between;
-  gap: 16px;
+  gap: 12px;
 }
 
 .mode-actions {
   display: flex;
   flex-direction: column;
-  gap: 8px;
+  gap: 6px;
 }
 
 .label {
@@ -107,7 +109,7 @@ h2 {
 }
 
 .value {
-  font-size: 1.4rem;
+  font-size: 1.1rem;
   font-weight: 600;
 }
 
@@ -118,12 +120,14 @@ h2 {
 }
 
 .btn {
-  padding: 10px 16px;
-  border-radius: 999px;
+  padding: 8px 12px;
+  border-radius: 8px;
   border: 1px solid var(--border);
   background: #fff;
   cursor: pointer;
   font-weight: 600;
+  font-family: var(--mono);
+  font-size: 0.82rem;
 }
 
 .btn.primary {
@@ -138,6 +142,12 @@ h2 {
   border-color: var(--warn);
 }
 
+.btn.mini {
+  padding: 6px 8px;
+  border-radius: 6px;
+  font-size: 0.75rem;
+}
+
 .btn.ghost {
   background: transparent;
 }
@@ -163,10 +173,10 @@ h2 {
 
 input {
   border: 1px solid var(--border);
-  border-radius: 12px;
-  padding: 10px 12px;
-  font-size: 0.95rem;
-  font-family: var(--sans);
+  border-radius: 8px;
+  padding: 8px 10px;
+  font-size: 0.85rem;
+  font-family: var(--mono);
 }
 
 .list {
@@ -178,11 +188,11 @@ input {
   display: flex;
   justify-content: space-between;
   align-items: center;
-  padding: 12px;
-  border-radius: 12px;
+  padding: 10px;
+  border-radius: 8px;
   border: 1px solid var(--border);
-  background: #faf7f1;
-  font-size: 0.9rem;
+  background: #f6f7f9;
+  font-size: 0.8rem;
 }
 
 .list-item strong {
@@ -191,24 +201,24 @@ input {
 
 .table {
   display: grid;
-  gap: 8px;
-  margin-top: 12px;
+  gap: 6px;
+  margin-top: 10px;
 }
 
 .table-row {
   display: grid;
-  grid-template-columns: 140px 120px 1fr 100px 120px;
-  gap: 12px;
+  grid-template-columns: 110px 110px 90px 70px 1fr 120px;
+  gap: 10px;
   align-items: center;
-  padding: 10px 12px;
-  border-radius: 12px;
+  padding: 8px 10px;
+  border-radius: 8px;
   border: 1px solid var(--border);
-  background: #fcfbf8;
-  font-size: 0.85rem;
+  background: #fdfdfd;
+  font-size: 0.78rem;
 }
 
 .table-row.header {
-  background: #f0e8db;
+  background: #eef2f7;
   font-weight: 700;
 }
 
@@ -216,37 +226,127 @@ input {
   font-family: var(--mono);
 }
 
+.actions {
+  display: flex;
+  gap: 6px;
+  flex-wrap: wrap;
+}
+
+.policy-grid {
+  display: grid;
+  grid-template-columns: 220px 1fr;
+  gap: 12px;
+  margin-top: 10px;
+}
+
+.policy-list {
+  display: grid;
+  gap: 6px;
+  align-content: start;
+  max-height: 360px;
+  overflow: auto;
+  padding-right: 4px;
+}
+
+.policy-item {
+  padding: 6px 8px;
+  border-radius: 6px;
+  border: 1px solid var(--border);
+  background: #f7f8fb;
+  font-family: var(--mono);
+  font-size: 0.75rem;
+  text-align: left;
+  cursor: pointer;
+}
+
+.policy-editor {
+  display: grid;
+  grid-template-columns: 1fr 1fr;
+  gap: 12px;
+}
+
+.policy-form {
+  display: grid;
+  gap: 8px;
+}
+
+.policy-form label {
+  display: grid;
+  gap: 6px;
+  font-size: 0.8rem;
+  color: var(--muted);
+}
+
+.policy-form textarea {
+  border: 1px solid var(--border);
+  border-radius: 8px;
+  padding: 8px 10px;
+  font-size: 0.8rem;
+  font-family: var(--mono);
+  min-height: 160px;
+  resize: vertical;
+}
+
+.policy-actions {
+  display: flex;
+  gap: 6px;
+  flex-wrap: wrap;
+}
+
+.policy-schema pre {
+  margin: 0;
+  padding: 10px;
+  border: 1px solid var(--border);
+  border-radius: 8px;
+  background: #f3f5f9;
+  font-size: 0.75rem;
+  line-height: 1.4;
+  max-height: 260px;
+  overflow: auto;
+}
+
+@media (max-width: 900px) {
+  .policy-grid {
+    grid-template-columns: 1fr;
+  }
+  .policy-editor {
+    grid-template-columns: 1fr;
+  }
+}
+
 .badge {
-  padding: 4px 8px;
+  padding: 3px 6px;
   border-radius: 999px;
-  font-size: 0.75rem;
+  font-size: 0.68rem;
   text-transform: uppercase;
   font-weight: 700;
   justify-self: start;
 }
 
 .badge.allow {
-  background: rgba(26, 77, 255, 0.15);
-  color: #1a4dff;
+  background: rgba(0, 163, 255, 0.15);
+  color: #0086cc;
 }
 
 .badge.deny {
-  background: rgba(214, 75, 49, 0.15);
-  color: #d64b31;
+  background: rgba(255, 91, 77, 0.15);
+  color: #d9392c;
 }
 
 .badge.gray {
-  background: rgba(255, 139, 44, 0.2);
-  color: #c15c00;
+  background: rgba(124, 140, 255, 0.2);
+  color: #4f5bff;
 }
 
 @media (max-width: 900px) {
   .table-row {
-    grid-template-columns: 120px 100px 1fr;
-    grid-template-rows: auto auto;
+    grid-template-columns: 100px 1fr;
+    grid-template-rows: auto auto auto;
   }
+  .table-row > :nth-child(3),
   .table-row > :nth-child(4),
-  .table-row > :nth-child(5) {
+  .table-row > :nth-child(5),
+  .table-row > :nth-child(6) {
     grid-column: 1 / -1;
   }
 }

package/index.ts

@@ -23,14 +23,20 @@ const plugin = {
     api.on("after_tool_call", async (event, ctx) => service.handleAfterToolCall(event, ctx));
 
     const assetsDir = path.join(path.dirname(fileURLToPath(import.meta.url)), "assets");
+    const gatewayToken =
+      typeof api.config.gateway?.auth?.token === "string" ? api.config.gateway.auth.token : undefined;
     api.registerHttpRoute({
       path: "/plugins/clawclamp",
-      auth: "gateway",
+      auth: "plugin",
       match: "prefix",
       handler: createClawClampHttpHandler({
         stateDir,
         config,
         assetsDir,
+        gatewayToken,
+        onPolicyUpdate: async () => {
+          await service.resetCedarling();
+        },
       }),
     });
   },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawclamp",
-  "version": "0.1.6",
+  "version": "0.1.7",
   "description": "OpenClaw Cedar authorization guard with audit UI",
   "type": "module",
   "dependencies": {

package/src/config.ts

@@ -64,6 +64,7 @@ const CEDAR_GUARD_CONFIG_JSON_SCHEMA = {
     principalId: { type: "string", default: DEFAULT_CLAWCLAMP_CONFIG.principalId },
     policyStoreUri: { type: "string" },
     policyStoreLocal: { type: "string" },
+    uiToken: { type: "string" },
     policyFailOpen: { type: "boolean", default: DEFAULT_CLAWCLAMP_CONFIG.policyFailOpen },
     risk: {
       type: "object",
@@ -188,6 +189,10 @@ export function resolveClawClampConfig(input: unknown): ClawClampConfig {
       typeof raw.policyStoreLocal === "string" && raw.policyStoreLocal.trim()
         ? raw.policyStoreLocal.trim()
         : undefined,
+    uiToken:
+      typeof raw.uiToken === "string" && raw.uiToken.trim()
+        ? raw.uiToken.trim()
+        : undefined,
     policyFailOpen:
       typeof raw.policyFailOpen === "boolean"
         ? raw.policyFailOpen

package/src/denies.ts

@@ -0,0 +1,75 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import { readJsonFileWithFallback, writeJsonFileAtomically } from "openclaw/plugin-sdk";
+import { withStateFileLock } from "./storage.js";
+
+const DENIES_FILE = "denies.json";
+
+type DenyState = {
+  tools: string[];
+};
+
+const EMPTY_STATE: DenyState = { tools: [] };
+
+function resolveDenyPath(stateDir: string): string {
+  return path.join(stateDir, "clawclamp", DENIES_FILE);
+}
+
+async function readDenyState(stateDir: string): Promise<DenyState> {
+  const filePath = resolveDenyPath(stateDir);
+  const { value } = await readJsonFileWithFallback(filePath, EMPTY_STATE);
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    return { tools: [] };
+  }
+  const tools = Array.isArray((value as DenyState).tools) ? (value as DenyState).tools : [];
+  return { tools };
+}
+
+async function writeDenyState(stateDir: string, state: DenyState): Promise<void> {
+  const filePath = resolveDenyPath(stateDir);
+  await fs.mkdir(path.dirname(filePath), { recursive: true });
+  await writeJsonFileAtomically(filePath, state);
+}
+
+function normalizeToolName(toolName: string): string {
+  return toolName.trim();
+}
+
+export async function listDeniedTools(stateDir: string): Promise<string[]> {
+  return withStateFileLock(stateDir, "denies", async () => {
+    const state = await readDenyState(stateDir);
+    return state.tools;
+  });
+}
+
+export async function addDeniedTool(stateDir: string, toolName: string): Promise<string[]> {
+  return withStateFileLock(stateDir, "denies", async () => {
+    const state = await readDenyState(stateDir);
+    const normalized = normalizeToolName(toolName);
+    if (!normalized) {
+      return state.tools;
+    }
+    if (!state.tools.includes(normalized)) {
+      state.tools.push(normalized);
+      await writeDenyState(stateDir, state);
+    }
+    return state.tools;
+  });
+}
+
+export async function removeDeniedTool(stateDir: string, toolName: string): Promise<string[]> {
+  return withStateFileLock(stateDir, "denies", async () => {
+    const state = await readDenyState(stateDir);
+    const normalized = normalizeToolName(toolName);
+    const next = state.tools.filter((tool) => tool !== normalized);
+    if (next.length !== state.tools.length) {
+      await writeDenyState(stateDir, { tools: next });
+      return next;
+    }
+    return state.tools;
+  });
+}
+
+export function isToolDenied(deniedTools: string[], toolName: string): boolean {
+  return deniedTools.includes(toolName) || deniedTools.includes("*");
+}

package/src/guard.ts

@@ -9,7 +9,9 @@ import { getCedarling } from "./cedarling.js";
 import { appendAuditEntry, createAuditEntryId } from "./audit.js";
 import { listGrants, findActiveGrant } from "./grants.js";
 import { getModeOverride } from "./mode.js";
+import { isToolDenied, listDeniedTools } from "./denies.js";
 import { buildDefaultPolicyStore } from "./policy.js";
+import { ensurePolicyStore } from "./policy-store.js";
 import type { AuditEntry, ClawClampConfig, ClawClampMode, RiskLevel } from "./types.js";
 
 type CedarDecision = "allow" | "deny" | "error";
@@ -58,9 +60,12 @@ function summarizeParams(
   return summary;
 }
 
-function buildCedarlingConfig(config: ClawClampConfig): CedarlingConfig {
+function buildCedarlingConfig(params: {
+  config: ClawClampConfig;
+  policyStoreLocal?: string;
+}): CedarlingConfig {
   const policyStoreLocal =
-    config.policyStoreLocal ?? JSON.stringify(buildDefaultPolicyStore());
+    params.policyStoreLocal ?? params.config.policyStoreLocal ?? JSON.stringify(buildDefaultPolicyStore());
 
   const cedarConfig: CedarlingConfig = {
     CEDARLING_APPLICATION_NAME: "openclaw-clawclamp",
@@ -72,8 +77,8 @@ function buildCedarlingConfig(config: ClawClampConfig): CedarlingConfig {
     CEDARLING_LOG_LEVEL: "WARN",
   };
 
-  if (config.policyStoreUri) {
-    cedarConfig.CEDARLING_POLICY_STORE_URI = config.policyStoreUri;
+  if (params.config.policyStoreUri) {
+    cedarConfig.CEDARLING_POLICY_STORE_URI = params.config.policyStoreUri;
   } else {
     cedarConfig.CEDARLING_POLICY_STORE_LOCAL = policyStoreLocal;
   }
@@ -168,9 +173,13 @@ export class ClawClampService {
     const auditId = createAuditEntryId();
     const mode = await this.getEffectiveMode();
     const grant = await this.resolveGrant(toolName);
+    const deniedTools = await listDeniedTools(this.stateDir);
+    const explicitlyDenied = isToolDenied(deniedTools, toolName);
 
     let cedarDecision: CedarEvaluation;
-    if (this.config.enabled) {
+    if (explicitlyDenied) {
+      cedarDecision = { decision: "deny", reason: "Denied by operator" };
+    } else if (this.config.enabled) {
       const cedarling = await this.getCedarlingInstance();
       cedarDecision = await evaluateCedar({
         cedarling,
@@ -268,7 +277,11 @@ export class ClawClampService {
 
   private async getCedarlingInstance(): Promise<CedarlingInstance> {
     if (!this.cedarlingPromise) {
-      const cedarConfig = buildCedarlingConfig(this.config);
+      const policyStore = await ensurePolicyStore({ stateDir: this.stateDir, config: this.config });
+      const cedarConfig = buildCedarlingConfig({
+        config: this.config,
+        policyStoreLocal: policyStore.readOnly ? undefined : policyStore.json,
+      });
       this.cedarlingPromise = getCedarling(cedarConfig);
     }
     try {

package/src/http.ts

@@ -4,6 +4,8 @@ import type { IncomingMessage, ServerResponse } from "node:http";
 import { listGrants, createGrant, revokeGrant } from "./grants.js";
 import { readAuditEntries } from "./audit.js";
 import { getModeOverride, setModeOverride } from "./mode.js";
+import { addDeniedTool, listDeniedTools, removeDeniedTool } from "./denies.js";
+import { createPolicy, deletePolicy, listPolicies, updatePolicy } from "./policy-store.js";
 import type { ClawClampConfig, ClawClampMode } from "./types.js";
 
 const API_PREFIX = "/plugins/clawclamp/api";
@@ -47,6 +49,91 @@ function parseUrl(rawUrl?: string): URL | null {
   }
 }
 
+function getHeader(req: IncomingMessage, name: string): string | undefined {
+  const raw = req.headers[name.toLowerCase()];
+  if (typeof raw === "string") {
+    return raw;
+  }
+  if (Array.isArray(raw)) {
+    return raw[0];
+  }
+  return undefined;
+}
+
+function getBearerToken(req: IncomingMessage): string | undefined {
+  const raw = getHeader(req, "authorization")?.trim() ?? "";
+  if (!raw.toLowerCase().startsWith("bearer ")) {
+    return undefined;
+  }
+  const token = raw.slice(7).trim();
+  return token || undefined;
+}
+
+function hasProxyForwardingHints(req: IncomingMessage): boolean {
+  const headers = req.headers ?? {};
+  return Boolean(
+    headers["x-forwarded-for"] ||
+      headers["x-real-ip"] ||
+      headers.forwarded ||
+      headers["x-forwarded-host"] ||
+      headers["x-forwarded-proto"],
+  );
+}
+
+function normalizeRemoteClientKey(remoteAddress: string | undefined): string {
+  const normalized = remoteAddress?.trim().toLowerCase();
+  if (!normalized) {
+    return "unknown";
+  }
+  return normalized.startsWith("::ffff:") ? normalized.slice("::ffff:".length) : normalized;
+}
+
+function isLoopbackClientIp(clientIp: string): boolean {
+  return clientIp === "127.0.0.1" || clientIp === "::1";
+}
+
+function isLoopbackRequest(req: IncomingMessage): boolean {
+  const remoteKey = normalizeRemoteClientKey(req.socket?.remoteAddress);
+  return isLoopbackClientIp(remoteKey) && !hasProxyForwardingHints(req);
+}
+
+function resolveAuthToken(params: {
+  req: IncomingMessage;
+  parsed: URL;
+}): string | undefined {
+  const queryToken = params.parsed.searchParams.get("token")?.trim();
+  if (queryToken) {
+    return queryToken;
+  }
+  const headerToken = getHeader(params.req, "x-openclaw-token")?.trim();
+  if (headerToken) {
+    return headerToken;
+  }
+  return getBearerToken(params.req);
+}
+
+function isAuthorizedRequest(params: {
+  req: IncomingMessage;
+  parsed: URL;
+  config: ClawClampConfig;
+  gatewayToken?: string;
+}): boolean {
+  if (isLoopbackRequest(params.req)) {
+    return true;
+  }
+  const token = resolveAuthToken({ req: params.req, parsed: params.parsed });
+  if (!token) {
+    return false;
+  }
+  if (params.config.uiToken && token === params.config.uiToken) {
+    return true;
+  }
+  if (params.gatewayToken && token === params.gatewayToken) {
+    return true;
+  }
+  return false;
+}
+
 async function readJsonBody(req: IncomingMessage, limit = 64_000): Promise<unknown> {
   const chunks: Buffer[] = [];
   let size = 0;
@@ -109,6 +196,8 @@ export function createClawClampHttpHandler(params: {
   stateDir: string;
   config: ClawClampConfig;
   assetsDir: string;
+  gatewayToken?: string;
+  onPolicyUpdate?: () => Promise<void>;
 }) {
   const assetsDir = path.resolve(params.assetsDir);
 
@@ -118,6 +207,15 @@ export function createClawClampHttpHandler(params: {
       return false;
     }
 
+    if (!isAuthorizedRequest({ req, parsed, config: params.config, gatewayToken: params.gatewayToken })) {
+      if (parsed.pathname.startsWith(API_PREFIX)) {
+        sendJson(res, 401, { error: "unauthorized" });
+      } else {
+        sendText(res, 401, "Unauthorized");
+      }
+      return true;
+    }
+
     if (await serveAsset(req, res, assetsDir, parsed.pathname)) {
       return true;
     }
@@ -192,6 +290,122 @@ export function createClawClampHttpHandler(params: {
       return true;
     }
 
+    if (apiPath === "denies" && req.method === "GET") {
+      const tools = await listDeniedTools(params.stateDir);
+      sendJson(res, 200, { tools });
+      return true;
+    }
+
+    if (apiPath === "denies" && req.method === "POST") {
+      try {
+        const body = (await readJsonBody(req)) as Record<string, unknown>;
+        const toolName = typeof body?.toolName === "string" ? body.toolName.trim() : "";
+        if (!toolName) {
+          sendJson(res, 400, { error: "toolName is required" });
+          return true;
+        }
+        const tools = await addDeniedTool(params.stateDir, toolName);
+        sendJson(res, 200, { tools });
+        return true;
+      } catch (error) {
+        sendJson(res, 400, { error: error instanceof Error ? error.message : String(error) });
+        return true;
+      }
+    }
+
+    if (apiPath.startsWith("denies/") && req.method === "DELETE") {
+      const toolName = apiPath.slice("denies/".length);
+      if (!toolName) {
+        sendJson(res, 400, { error: "toolName is required" });
+        return true;
+      }
+      const tools = await removeDeniedTool(params.stateDir, toolName);
+      sendJson(res, 200, { tools });
+      return true;
+    }
+
+    if (apiPath === "policies" && req.method === "GET") {
+      if (params.config.policyStoreUri) {
+        sendJson(res, 200, { readOnly: true, policies: [], schema: "" });
+        return true;
+      }
+      const { policies, schema } = await listPolicies({ stateDir: params.stateDir });
+      sendJson(res, 200, { readOnly: false, policies, schema });
+      return true;
+    }
+
+    if (apiPath === "policies" && req.method === "POST") {
+      if (params.config.policyStoreUri) {
+        sendJson(res, 400, { error: "policyStoreUri is read-only" });
+        return true;
+      }
+      try {
+        const body = (await readJsonBody(req)) as Record<string, unknown>;
+        const content = typeof body?.content === "string" ? body.content : "";
+        const id = typeof body?.id === "string" ? body.id : undefined;
+        if (!content.trim()) {
+          sendJson(res, 400, { error: "content is required" });
+          return true;
+        }
+        const policy = await createPolicy({ stateDir: params.stateDir, id, content });
+        if (params.onPolicyUpdate) {
+          await params.onPolicyUpdate();
+        }
+        sendJson(res, 200, { policy });
+        return true;
+      } catch (error) {
+        sendJson(res, 400, { error: error instanceof Error ? error.message : String(error) });
+        return true;
+      }
+    }
+
+    if (apiPath.startsWith("policies/") && req.method === "PUT") {
+      if (params.config.policyStoreUri) {
+        sendJson(res, 400, { error: "policyStoreUri is read-only" });
+        return true;
+      }
+      try {
+        const id = apiPath.slice("policies/".length);
+        if (!id) {
+          sendJson(res, 400, { error: "policy id required" });
+          return true;
+        }
+        const body = (await readJsonBody(req)) as Record<string, unknown>;
+        const content = typeof body?.content === "string" ? body.content : "";
+        if (!content.trim()) {
+          sendJson(res, 400, { error: "content is required" });
+          return true;
+        }
+        const policy = await updatePolicy({ stateDir: params.stateDir, id, content });
+        if (params.onPolicyUpdate) {
+          await params.onPolicyUpdate();
+        }
+        sendJson(res, 200, { policy });
+        return true;
+      } catch (error) {
+        sendJson(res, 400, { error: error instanceof Error ? error.message : String(error) });
+        return true;
+      }
+    }
+
+    if (apiPath.startsWith("policies/") && req.method === "DELETE") {
+      if (params.config.policyStoreUri) {
+        sendJson(res, 400, { error: "policyStoreUri is read-only" });
+        return true;
+      }
+      const id = apiPath.slice("policies/".length);
+      if (!id) {
+        sendJson(res, 400, { error: "policy id required" });
+        return true;
+      }
+      const ok = await deletePolicy({ stateDir: params.stateDir, id });
+      if (params.onPolicyUpdate) {
+        await params.onPolicyUpdate();
+      }
+      sendJson(res, 200, { ok });
+      return true;
+    }
+
     if (apiPath === "grants" && req.method === "GET") {
       const grants = await listGrants(params.stateDir);
       sendJson(res, 200, { grants });

package/src/policy-store.ts

@@ -0,0 +1,133 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import { randomUUID } from "node:crypto";
+import { readJsonFileWithFallback, writeJsonFileAtomically } from "openclaw/plugin-sdk";
+import type { ClawClampConfig } from "./types.js";
+import { withStateFileLock } from "./storage.js";
+import { buildDefaultPolicyStore } from "./policy.js";
+
+const POLICY_FILE = "policy-store.json";
+
+export type PolicyEntry = { id: string; content: string };
+
+export type PolicyStoreSnapshot = {
+  cedar_version: string;
+  schema: Record<string, string>;
+  policies: Record<string, { policy_content: string }>;
+};
+
+function resolvePolicyPath(stateDir: string): string {
+  return path.join(stateDir, "clawclamp", POLICY_FILE);
+}
+
+function decodeBase64(value: string): string {
+  return Buffer.from(value, "base64").toString("utf8");
+}
+
+function encodeBase64(value: string): string {
+  return Buffer.from(value, "utf8").toString("base64");
+}
+
+async function readPolicyStore(stateDir: string): Promise<PolicyStoreSnapshot> {
+  const filePath = resolvePolicyPath(stateDir);
+  const { value } = await readJsonFileWithFallback<PolicyStoreSnapshot>(
+    filePath,
+    buildDefaultPolicyStore() as PolicyStoreSnapshot,
+  );
+  return value;
+}
+
+async function writePolicyStore(stateDir: string, store: PolicyStoreSnapshot): Promise<void> {
+  const filePath = resolvePolicyPath(stateDir);
+  await fs.mkdir(path.dirname(filePath), { recursive: true });
+  await writeJsonFileAtomically(filePath, store);
+}
+
+export async function ensurePolicyStore(params: {
+  stateDir: string;
+  config: ClawClampConfig;
+}): Promise<{ json: string; readOnly: boolean } | { json?: undefined; readOnly: true }> {
+  if (params.config.policyStoreUri) {
+    return { readOnly: true };
+  }
+  return withStateFileLock(params.stateDir, "policy-store", async () => {
+    const filePath = resolvePolicyPath(params.stateDir);
+    try {
+      const raw = await fs.readFile(filePath, "utf8");
+      return { json: raw, readOnly: false };
+    } catch (error) {
+      const code = (error as { code?: string }).code;
+      if (code !== "ENOENT") {
+        throw error;
+      }
+    }
+
+    const initial = params.config.policyStoreLocal
+      ? (JSON.parse(params.config.policyStoreLocal) as PolicyStoreSnapshot)
+      : (buildDefaultPolicyStore() as PolicyStoreSnapshot);
+    await writePolicyStore(params.stateDir, initial);
+    return { json: JSON.stringify(initial), readOnly: false };
+  });
+}
+
+export async function listPolicies(params: {
+  stateDir: string;
+}): Promise<{ policies: PolicyEntry[]; schema: string }> {
+  return withStateFileLock(params.stateDir, "policy-store", async () => {
+    const store = await readPolicyStore(params.stateDir);
+    const policies: PolicyEntry[] = Object.entries(store.policies ?? {}).map(([id, payload]) => ({
+      id,
+      content: decodeBase64(payload.policy_content ?? ""),
+    }));
+    const schemaEncoded = store.schema?.["schema.json"] ?? "";
+    return { policies, schema: schemaEncoded ? decodeBase64(schemaEncoded) : "" };
+  });
+}
+
+export async function createPolicy(params: {
+  stateDir: string;
+  id?: string;
+  content: string;
+}): Promise<PolicyEntry> {
+  return withStateFileLock(params.stateDir, "policy-store", async () => {
+    const store = await readPolicyStore(params.stateDir);
+    const id = params.id?.trim() || `clawclamp-${randomUUID()}`;
+    if (!store.policies) {
+      store.policies = {};
+    }
+    if (store.policies[id]) {
+      throw new Error("policy id already exists");
+    }
+    store.policies[id] = { policy_content: encodeBase64(params.content) };
+    await writePolicyStore(params.stateDir, store);
+    return { id, content: params.content };
+  });
+}
+
+export async function updatePolicy(params: {
+  stateDir: string;
+  id: string;
+  content: string;
+}): Promise<PolicyEntry> {
+  return withStateFileLock(params.stateDir, "policy-store", async () => {
+    const store = await readPolicyStore(params.stateDir);
+    if (!store.policies?.[params.id]) {
+      throw new Error("policy id not found");
+    }
+    store.policies[params.id] = { policy_content: encodeBase64(params.content) };
+    await writePolicyStore(params.stateDir, store);
+    return { id: params.id, content: params.content };
+  });
+}
+
+export async function deletePolicy(params: { stateDir: string; id: string }): Promise<boolean> {
+  return withStateFileLock(params.stateDir, "policy-store", async () => {
+    const store = await readPolicyStore(params.stateDir);
+    if (!store.policies?.[params.id]) {
+      return false;
+    }
+    delete store.policies[params.id];
+    await writePolicyStore(params.stateDir, store);
+    return true;
+  });
+}

package/src/types.ts

@@ -8,6 +8,7 @@ export type ClawClampConfig = {
   principalId: string;
   policyStoreUri?: string;
   policyStoreLocal?: string;
+  uiToken?: string;
   policyFailOpen: boolean;
   risk: {
     default: RiskLevel;