clawclamp 0.1.7 → 0.1.9

package/README.md

@@ -5,7 +5,7 @@ Clawclamp adds Cedar-based authorization to OpenClaw tool calls. It evaluates ev
 ## Features
 
 - Cedar policy enforcement for `before_tool_call`.
-- Long-term authorization via policy (defaults allow low-risk tools).
+- Long-term authorization via policy (default policy denies all unless a grant is active).
 - Short-term authorization via expiring grants.
 - Audit UI for allowed/denied/gray-mode tool calls.
 - Gray mode: denied calls are still executed but logged as overrides.
@@ -20,7 +20,7 @@ plugins:
     clawclamp:
       enabled: true
       config:
-        mode: enforce
+        mode: gray
         principalId: openclaw
         policyStoreUri: file:///path/to/policy-store.json
         policyFailOpen: false
@@ -40,7 +40,7 @@ plugins:
           includeParams: true
 ```
 
-`policyStoreUri` points to a Cedar policy store JSON (file:// or https://). `policyStoreLocal` can be set to a raw JSON string for the policy store. If omitted, the plugin uses a built-in policy store that permits low-risk tools and requires a grant for other risks.
+`policyStoreUri` points to a Cedar policy store JSON (file:// or https://). `policyStoreLocal` can be set to a raw JSON string for the policy store. If omitted, the plugin uses a built-in policy store that denies all tool calls unless a grant is active or an explicit permit policy exists.
 
 ## UI
 
@@ -55,3 +55,4 @@ Policy management:
 
 - The UI includes a Cedar policy panel for CRUD.
 - If `policyStoreUri` is set, policies are read-only.
+- Default policy set is empty, so all tool calls are denied unless you add permit policies.

package/assets/app.js

@@ -120,8 +120,17 @@ function renderAudit(entries) {
     row.className = "table-row";
     const badgeClass = decisionBadge(entry.decision);
     const canAllow = entry.decision === "deny" || entry.decision === "allow_grayed";
-    const isDenied = deniedTools.has(entry.toolName) || deniedTools.has("*");
-    const canDeny = entry.decision === "allow" && !isDenied;
+    const canDeny = entry.decision === "allow";
+    const paramsText =
+      entry.params && typeof entry.params === "object"
+        ? JSON.stringify(entry.params, null, 2)
+        : entry.params || "";
+    const meta = [
+      entry.toolCallId ? `toolCallId: ${entry.toolCallId}` : null,
+      entry.runId ? `runId: ${entry.runId}` : null,
+      entry.sessionKey ? `sessionKey: ${entry.sessionKey}` : null,
+      entry.agentId ? `agentId: ${entry.agentId}` : null,
+    ].filter(Boolean);
     row.innerHTML = `
       <div>${formatTime(entry.timestamp)}</div>
       <div class="mono">${entry.toolName}</div>
@@ -132,24 +141,22 @@ function renderAudit(entries) {
         ${canAllow ? "<button class=\"btn mini\" data-action=\"allow\">一键允许</button>" : ""}
         ${canDeny ? "<button class=\"btn mini warn\" data-action=\"deny\">一键拒绝</button>" : ""}
       </div>
+      <div class="audit-detail">
+        <div class="audit-meta">${meta.join(" · ")}</div>
+        ${paramsText ? `<pre>${paramsText}</pre>` : ""}
+      </div>
     `;
     const allowBtn = row.querySelector("button[data-action=\"allow\"]");
     if (allowBtn) {
       allowBtn.addEventListener("click", async () => {
-        await fetchJson(`${API_BASE}/grants`, {
-          method: "POST",
-          body: JSON.stringify({ toolName: entry.toolName }),
-        });
+        await applyPolicyChange("permit", entry.toolName);
         await refreshAll();
       });
     }
     const denyBtn = row.querySelector("button[data-action=\"deny\"]");
     if (denyBtn) {
       denyBtn.addEventListener("click", async () => {
-        await fetchJson(`${API_BASE}/denies`, {
-          method: "POST",
-          body: JSON.stringify({ toolName: entry.toolName }),
-        });
+        await applyPolicyChange("forbid", entry.toolName);
         await refreshAll();
       });
     }
@@ -195,8 +202,6 @@ async function refreshAll() {
   renderMode(state);
   const grants = await fetchJson(`${API_BASE}/grants`);
   renderGrants(grants.grants || []);
-  const denies = await fetchJson(`${API_BASE}/denies`);
-  deniedTools = new Set(denies.tools || []);
   const logs = await fetchJson(`${API_BASE}/logs`);
   renderAudit(logs.entries || []);
   await refreshPolicies();
@@ -240,6 +245,39 @@ grantForm.addEventListener("submit", async (event) => {
 refreshAll();
 setInterval(refreshAll, 10_000);
 
+function sanitizeIdPart(value) {
+  return value.toLowerCase().replace(/[^a-z0-9_-]+/g, "_").slice(0, 64);
+}
+
+function policyIdPrefix(effect, toolName) {
+  return `ui-${effect}:${sanitizeIdPart(toolName)}:`;
+}
+
+function policyBody(effect, toolName) {
+  const keyword = effect === "forbid" ? "forbid" : "permit";
+  return `${keyword}(principal, action, resource)\nwhen {\n  action == Action::\"Invoke\" && resource.name == \"${toolName}\"\n};`;
+}
+
+async function removePoliciesByPrefix(prefix) {
+  const targets = policies.filter((policy) => policy.id.startsWith(prefix));
+  for (const policy of targets) {
+    await fetchJson(`${API_BASE}/policies/${encodeURIComponent(policy.id)}`, {
+      method: "DELETE",
+    });
+  }
+}
+
+async function applyPolicyChange(effect, toolName) {
+  const opposite = effect === "permit" ? "forbid" : "permit";
+  await removePoliciesByPrefix(policyIdPrefix(opposite, toolName));
+  const id = `${policyIdPrefix(effect, toolName)}${Date.now()}`;
+  const content = policyBody(effect, toolName);
+  await fetchJson(`${API_BASE}/policies`, {
+    method: "POST",
+    body: JSON.stringify({ id, content }),
+  });
+}
+
 policyCreateBtn.addEventListener("click", async () => {
   const id = policyIdInput.value.trim();
   const content = policyContentInput.value.trim();

package/assets/styles.css

@@ -232,6 +232,26 @@ input {
   flex-wrap: wrap;
 }
 
+.audit-detail {
+  grid-column: 1 / -1;
+  border-top: 1px dashed var(--border);
+  margin-top: 6px;
+  padding-top: 6px;
+  font-size: 0.72rem;
+  color: var(--muted);
+}
+
+.audit-detail pre {
+  margin: 6px 0 0;
+  padding: 8px;
+  border-radius: 6px;
+  border: 1px solid var(--border);
+  background: #f3f5f9;
+  font-size: 0.72rem;
+  line-height: 1.35;
+  overflow: auto;
+}
+
 .policy-grid {
   display: grid;
   grid-template-columns: 220px 1fr;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawclamp",
-  "version": "0.1.7",
+  "version": "0.1.9",
   "description": "OpenClaw Cedar authorization guard with audit UI",
   "type": "module",
   "dependencies": {

package/src/cedarling.ts

@@ -1,4 +1,6 @@
 import initWasm, { init } from "@janssenproject/cedarling_wasm";
+import { readFile } from "node:fs/promises";
+import { createRequire } from "node:module";
 
 export type CedarlingConfig = Record<string, string | number | boolean>;
 
@@ -11,7 +13,9 @@ export type CedarlingInstance = {
   pop_logs: () => unknown[];
 };
 
+const require = createRequire(import.meta.url);
 let cedarlingPromise: Promise<CedarlingInstance> | null = null;
+let wasmInitPromise: Promise<void> | null = null;
 
 export async function getCedarling(config: CedarlingConfig): Promise<CedarlingInstance> {
   if (!cedarlingPromise) {
@@ -20,8 +24,19 @@ export async function getCedarling(config: CedarlingConfig): Promise<CedarlingIn
   return cedarlingPromise;
 }
 
+async function ensureWasmInitialized(): Promise<void> {
+  if (!wasmInitPromise) {
+    wasmInitPromise = (async () => {
+      const wasmPath = require.resolve("@janssenproject/cedarling_wasm/cedarling_wasm_bg.wasm");
+      const wasmBytes = await readFile(wasmPath);
+      await initWasm(wasmBytes);
+    })();
+  }
+  return wasmInitPromise;
+}
+
 async function createCedarling(config: CedarlingConfig): Promise<CedarlingInstance> {
-  await initWasm();
+  await ensureWasmInitialized();
   const instance = await init(config);
   return instance as CedarlingInstance;
 }

package/src/config.ts

@@ -31,7 +31,7 @@ const DEFAULT_RISK_OVERRIDES: Record<string, RiskLevel> = {
 
 export const DEFAULT_CLAWCLAMP_CONFIG: ClawClampConfig = {
   enabled: true,
-  mode: "enforce",
+  mode: "gray",
   principalId: "openclaw",
   policyFailOpen: false,
   risk: {

package/src/guard.ts

@@ -9,7 +9,6 @@ import { getCedarling } from "./cedarling.js";
 import { appendAuditEntry, createAuditEntryId } from "./audit.js";
 import { listGrants, findActiveGrant } from "./grants.js";
 import { getModeOverride } from "./mode.js";
-import { isToolDenied, listDeniedTools } from "./denies.js";
 import { buildDefaultPolicyStore } from "./policy.js";
 import { ensurePolicyStore } from "./policy-store.js";
 import type { AuditEntry, ClawClampConfig, ClawClampMode, RiskLevel } from "./types.js";
@@ -173,13 +172,9 @@ export class ClawClampService {
     const auditId = createAuditEntryId();
     const mode = await this.getEffectiveMode();
     const grant = await this.resolveGrant(toolName);
-    const deniedTools = await listDeniedTools(this.stateDir);
-    const explicitlyDenied = isToolDenied(deniedTools, toolName);
 
     let cedarDecision: CedarEvaluation;
-    if (explicitlyDenied) {
-      cedarDecision = { decision: "deny", reason: "Denied by operator" };
-    } else if (this.config.enabled) {
+    if (this.config.enabled) {
       const cedarling = await this.getCedarlingInstance();
       cedarDecision = await evaluateCedar({
         cedarling,

package/src/http.ts

@@ -4,7 +4,6 @@ import type { IncomingMessage, ServerResponse } from "node:http";
 import { listGrants, createGrant, revokeGrant } from "./grants.js";
 import { readAuditEntries } from "./audit.js";
 import { getModeOverride, setModeOverride } from "./mode.js";
-import { addDeniedTool, listDeniedTools, removeDeniedTool } from "./denies.js";
 import { createPolicy, deletePolicy, listPolicies, updatePolicy } from "./policy-store.js";
 import type { ClawClampConfig, ClawClampMode } from "./types.js";
 
@@ -290,40 +289,6 @@ export function createClawClampHttpHandler(params: {
       return true;
     }
 
-    if (apiPath === "denies" && req.method === "GET") {
-      const tools = await listDeniedTools(params.stateDir);
-      sendJson(res, 200, { tools });
-      return true;
-    }
-
-    if (apiPath === "denies" && req.method === "POST") {
-      try {
-        const body = (await readJsonBody(req)) as Record<string, unknown>;
-        const toolName = typeof body?.toolName === "string" ? body.toolName.trim() : "";
-        if (!toolName) {
-          sendJson(res, 400, { error: "toolName is required" });
-          return true;
-        }
-        const tools = await addDeniedTool(params.stateDir, toolName);
-        sendJson(res, 200, { tools });
-        return true;
-      } catch (error) {
-        sendJson(res, 400, { error: error instanceof Error ? error.message : String(error) });
-        return true;
-      }
-    }
-
-    if (apiPath.startsWith("denies/") && req.method === "DELETE") {
-      const toolName = apiPath.slice("denies/".length);
-      if (!toolName) {
-        sendJson(res, 400, { error: "toolName is required" });
-        return true;
-      }
-      const tools = await removeDeniedTool(params.stateDir, toolName);
-      sendJson(res, 200, { tools });
-      return true;
-    }
-
     if (apiPath === "policies" && req.method === "GET") {
       if (params.config.policyStoreUri) {
         sendJson(res, 200, { readOnly: true, policies: [], schema: "" });

package/src/policy.ts

@@ -24,11 +24,7 @@ action "Invoke" appliesTo {
 };
 `;
 
-const DEFAULT_POLICIES = [
-  `permit(principal, action, resource)
-when {
-  action == Action::"Invoke" && resource.risk == "low"
-};`,
+const DEFAULT_POLICIES: string[] = [
   `permit(principal, action, resource)
 when {
   action == Action::"Invoke" && context.grant_active == true

package/src/denies.ts

@@ -1,75 +0,0 @@
-import fs from "node:fs/promises";
-import path from "node:path";
-import { readJsonFileWithFallback, writeJsonFileAtomically } from "openclaw/plugin-sdk";
-import { withStateFileLock } from "./storage.js";
-
-const DENIES_FILE = "denies.json";
-
-type DenyState = {
-  tools: string[];
-};
-
-const EMPTY_STATE: DenyState = { tools: [] };
-
-function resolveDenyPath(stateDir: string): string {
-  return path.join(stateDir, "clawclamp", DENIES_FILE);
-}
-
-async function readDenyState(stateDir: string): Promise<DenyState> {
-  const filePath = resolveDenyPath(stateDir);
-  const { value } = await readJsonFileWithFallback(filePath, EMPTY_STATE);
-  if (!value || typeof value !== "object" || Array.isArray(value)) {
-    return { tools: [] };
-  }
-  const tools = Array.isArray((value as DenyState).tools) ? (value as DenyState).tools : [];
-  return { tools };
-}
-
-async function writeDenyState(stateDir: string, state: DenyState): Promise<void> {
-  const filePath = resolveDenyPath(stateDir);
-  await fs.mkdir(path.dirname(filePath), { recursive: true });
-  await writeJsonFileAtomically(filePath, state);
-}
-
-function normalizeToolName(toolName: string): string {
-  return toolName.trim();
-}
-
-export async function listDeniedTools(stateDir: string): Promise<string[]> {
-  return withStateFileLock(stateDir, "denies", async () => {
-    const state = await readDenyState(stateDir);
-    return state.tools;
-  });
-}
-
-export async function addDeniedTool(stateDir: string, toolName: string): Promise<string[]> {
-  return withStateFileLock(stateDir, "denies", async () => {
-    const state = await readDenyState(stateDir);
-    const normalized = normalizeToolName(toolName);
-    if (!normalized) {
-      return state.tools;
-    }
-    if (!state.tools.includes(normalized)) {
-      state.tools.push(normalized);
-      await writeDenyState(stateDir, state);
-    }
-    return state.tools;
-  });
-}
-
-export async function removeDeniedTool(stateDir: string, toolName: string): Promise<string[]> {
-  return withStateFileLock(stateDir, "denies", async () => {
-    const state = await readDenyState(stateDir);
-    const normalized = normalizeToolName(toolName);
-    const next = state.tools.filter((tool) => tool !== normalized);
-    if (next.length !== state.tools.length) {
-      await writeDenyState(stateDir, { tools: next });
-      return next;
-    }
-    return state.tools;
-  });
-}
-
-export function isToolDenied(deniedTools: string[], toolName: string): boolean {
-  return deniedTools.includes(toolName) || deniedTools.includes("*");
-}