clawon 0.1.16 → 0.1.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +22 -0
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -23,6 +23,7 @@ npx clawon local backup
23
23
  npx clawon local backup --tag "before migration"
24
24
  npx clawon local backup --include-memory-db # Include SQLite memory index
25
25
  npx clawon local backup --include-sessions # Include chat history
26
+ npx clawon local backup --no-secret-scan # Skip secret scanning
26
27
  npx clawon local backup --max-snapshots 10 # Keep only 10 most recent
27
28
 
28
29
  # List all local backups
@@ -92,6 +93,7 @@ npx clawon backup --tag "stable config"
92
93
  npx clawon backup --dry-run # Preview without uploading
93
94
  npx clawon backup --include-memory-db # Requires Hobby or Pro
94
95
  npx clawon backup --include-sessions # Requires Hobby or Pro
96
+ npx clawon backup --no-secret-scan # Skip secret scanning
95
97
 
96
98
  # List cloud backups
97
99
  npx clawon list
@@ -114,6 +116,7 @@ npx clawon activity # Recent events
114
116
  npx clawon discover # Show exactly which files would be backed up
115
117
  npx clawon discover --include-memory-db # Include SQLite memory index
116
118
  npx clawon discover --include-sessions # Include chat history
119
+ npx clawon discover --scan # Scan for secrets in discovered files
117
120
  npx clawon schedule status # Show active schedules
118
121
  npx clawon status # Connection status, workspace, and file count
119
122
  npx clawon logout # Remove local credentials
@@ -156,6 +159,25 @@ These are **always excluded**, even if they match an include pattern:
156
159
 
157
160
  **Credentials never leave your machine.** The entire `credentials/` directory and `openclaw.json` are excluded by default. You can verify this by running `npx clawon discover` before any backup.
158
161
 
162
+ ## Secret Scanning
163
+
164
+ Every backup is pre-scanned for leaked secrets using **221 detection rules** ported from [gitleaks](https://github.com/gitleaks/gitleaks). This catches API keys, tokens, private keys, JWTs, and more — before they leave your machine.
165
+
166
+ How it works: keyword pre-filtering narrows candidates, then regex matching and Shannon entropy checks confirm real secrets. No new dependencies — pure regex matching built into the CLI.
167
+
168
+ When secrets are found during a manual backup, you'll see an interactive prompt:
169
+ - `[s]` — **Skip** flagged files (default)
170
+ - `[a]` — **Abort** the backup entirely
171
+ - `[i]` — **Ignore** findings and back up anyway
172
+
173
+ Scheduled backups automatically skip flagged files.
174
+
175
+ ```bash
176
+ npx clawon discover --scan # Preview secret findings without backing up
177
+ npx clawon local backup --no-secret-scan # Disable scanning for a backup
178
+ npx clawon backup --no-secret-scan # Same for cloud backups
179
+ ```
180
+
159
181
  ## Archive Format
160
182
 
161
183
  Local backups are standard gzip-compressed tar archives (`.tar.gz`). You can inspect and extract them with standard tools:
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "clawon",
3
- "version": "0.1.16",
3
+ "version": "0.1.17",
4
4
  "description": "Backup and restore your OpenClaw workspace",
5
5
  "type": "module",
6
6
  "bin": {