npm - clawpowers - Versions diffs - 1.1.4 → 2.0.0 - Mend

clawpowers 1.1.4 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (75) hide show

package/CHANGELOG.md +94 -0
package/LICENSE +44 -0
package/README.md +204 -228
package/SECURITY.md +72 -0
package/dist/index.d.ts +844 -0
package/dist/index.js +2536 -0
package/dist/index.js.map +1 -0
package/package.json +50 -44
package/.claude-plugin/manifest.json +0 -19
package/.codex/INSTALL.md +0 -36
package/.cursor-plugin/manifest.json +0 -21
package/.opencode/INSTALL.md +0 -52
package/ARCHITECTURE.md +0 -69
package/bin/clawpowers.js +0 -625
package/bin/clawpowers.sh +0 -91
package/docs/demo/clawpowers-demo.cast +0 -197
package/docs/demo/clawpowers-demo.gif +0 -0
package/docs/launch-images/25-skills-breakdown.jpg +0 -0
package/docs/launch-images/clawpowers-vs-superpowers.jpg +0 -0
package/docs/launch-images/economic-code-optimization.jpg +0 -0
package/docs/launch-images/native-vs-bridge-2.jpg +0 -0
package/docs/launch-images/native-vs-bridge.jpg +0 -0
package/docs/launch-images/post1-hero-lobster.jpg +0 -0
package/docs/launch-images/post2-dashboard.jpg +0 -0
package/docs/launch-images/post3-superpowers.jpg +0 -0
package/docs/launch-images/post4-before-after.jpg +0 -0
package/docs/launch-images/post5-install-now.jpg +0 -0
package/docs/launch-images/ultimate-stack.jpg +0 -0
package/docs/launch-posts.md +0 -76
package/docs/quickstart-first-transaction.md +0 -204
package/gemini-extension.json +0 -32
package/hooks/session-start +0 -205
package/hooks/session-start.cmd +0 -43
package/hooks/session-start.js +0 -163
package/runtime/demo/README.md +0 -78
package/runtime/demo/x402-mock-server.js +0 -230
package/runtime/feedback/analyze.js +0 -621
package/runtime/feedback/analyze.sh +0 -546
package/runtime/init.js +0 -210
package/runtime/init.sh +0 -178
package/runtime/metrics/collector.js +0 -361
package/runtime/metrics/collector.sh +0 -308
package/runtime/payments/ledger.js +0 -305
package/runtime/payments/ledger.sh +0 -262
package/runtime/payments/pipeline.js +0 -455
package/runtime/persistence/store.js +0 -433
package/runtime/persistence/store.sh +0 -303
package/skill.json +0 -106
package/skills/agent-bounties/SKILL.md +0 -553
package/skills/agent-payments/SKILL.md +0 -479
package/skills/brainstorming/SKILL.md +0 -233
package/skills/content-pipeline/SKILL.md +0 -282
package/skills/cross-project-knowledge/SKILL.md +0 -345
package/skills/dispatching-parallel-agents/SKILL.md +0 -305
package/skills/economic-code-optimization/SKILL.md +0 -265
package/skills/executing-plans/SKILL.md +0 -255
package/skills/finishing-a-development-branch/SKILL.md +0 -260
package/skills/formal-verification-lite/SKILL.md +0 -441
package/skills/learn-how-to-learn/SKILL.md +0 -235
package/skills/market-intelligence/SKILL.md +0 -323
package/skills/meta-skill-evolution/SKILL.md +0 -325
package/skills/prospecting/SKILL.md +0 -454
package/skills/receiving-code-review/SKILL.md +0 -225
package/skills/requesting-code-review/SKILL.md +0 -206
package/skills/security-audit/SKILL.md +0 -353
package/skills/self-healing-code/SKILL.md +0 -369
package/skills/subagent-driven-development/SKILL.md +0 -244
package/skills/systematic-debugging/SKILL.md +0 -355
package/skills/test-driven-development/SKILL.md +0 -416
package/skills/using-clawpowers/SKILL.md +0 -160
package/skills/using-git-worktrees/SKILL.md +0 -261
package/skills/validator/SKILL.md +0 -281
package/skills/verification-before-completion/SKILL.md +0 -254
package/skills/writing-plans/SKILL.md +0 -276
package/skills/writing-skills/SKILL.md +0 -260

package/SECURITY.md ADDED Viewed

@@ -0,0 +1,72 @@
+# Security Policy
+## Supported Versions
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.0.x   | ✅ Active support  |
+| < 2.0   | ❌ No support      |
+## Reporting a Vulnerability
+**Do NOT open a public GitHub issue for security vulnerabilities.**
+Please report security vulnerabilities via email:
+📧 **security@ai-agent-economy.com**
+Include:
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact assessment
+- Suggested fix (if any)
+## Response Timeline
+- **Acknowledgment:** Within 48 hours
+- **Initial Assessment:** Within 5 business days
+- **Fix Timeline:** Critical vulnerabilities within 7 days
+## Security Design Principles
+### Spending Policy (Financial Safety)
+- **Fail-closed:** Any policy error results in payment rejection
+- **Never auto-retry:** Failed payments are logged but never automatically retried
+- **Daily limits:** Hard-enforced, cannot be overridden by RSI
+- **Domain allowlists:** When configured, only listed domains can receive payments
+### RSI Safety Invariants
+The following can **NEVER** be modified by the RSI engine:
+1. Spending limits and SpendingPolicy configuration
+2. Core identity and directives
+3. RSI safety tier definitions
+4. Sandbox boundaries
+5. Authentication credentials
+### T4 Gate
+T4 (Architecture Proposals) mutations **always** require human approval. The `'auto'` mode is rejected at the type system level and the validation layer.
+### Wallet Security
+- Private keys are encrypted at rest using AES-256-GCM
+- Key derivation uses scrypt (N=16384, r=8, p=1)
+- Atomic file writes prevent corruption
+- Backup files created before overwrites
+### Memory Integrity
+- Episodic memory is append-only (JSONL)
+- Procedural memory uses atomic writes with backup
+- Checkpoint files use write-to-temp-then-rename pattern
+- Corruption recovery is built into episodic memory
+## Dependencies
+This library has minimal runtime dependencies:
+- `zod` — Schema validation (no known vulnerabilities)
+- Node.js built-in `crypto` — For wallet operations
+## Audit
+The codebase enforces:
+- Zero `any` types in TypeScript
+- Strict mode enabled
+- All financial operations logged to audit trail