npm - clawsec - Versions diffs - 0.0.1 → 0.0.2 - Mend

clawsec 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (146) hide show

package/dist/src/hooks/before-tool-call/handler.js CHANGED Viewed

@@ -8,28 +8,30 @@ import { createAnalyzer } from '../../engine/analyzer.js';
 import { createActionExecutor } from '../../actions/executor.js';
 import { createAgentConfirmHandler } from '../../approval/agent-confirm.js';
 import { getDefaultApprovalStore } from '../../approval/store.js';
+import { createLogger } from '../../utils/logger.js';
 /**
  * Convert hook ToolCallContext to engine ToolCallContext
  * The engine context has a slightly different shape
  */
 function toEngineContext(hookContext) {
+    const toolInput = hookContext.toolInput || {};
     return {
         toolName: hookContext.toolName,
-        toolInput: hookContext.toolInput,
+        toolInput,
         // url can be extracted from toolInput if present
-        url: typeof hookContext.toolInput.url === 'string' ? hookContext.toolInput.url : undefined,
+        url: typeof toolInput.url === 'string' ? toolInput.url : undefined,
     };
 }
 /**
- * Convert analysis result and action result to BeforeToolCallResult
+ * Convert analysis result and action result to BeforeToolCallResult (modern API)
  */
 function toBeforeToolCallResult(actionResult, detection) {
     const result = {
-        allow: actionResult.allowed,
+        block: !actionResult.allowed, // Inverted: !allow = block
     };
-    // Add block message if not allowed
+    // Add block reason if blocked
     if (!actionResult.allowed && actionResult.message) {
-        result.blockMessage = actionResult.message;
+        result.blockReason = actionResult.message;
     }
     // Add metadata from primary detection
     if (detection) {
@@ -43,48 +45,48 @@ function toBeforeToolCallResult(actionResult, detection) {
             result.metadata.rule = detection.metadata.rule;
         }
     }
-    // Add pending approval instructions to block message if present
+    // Add pending approval instructions to block reason if present
     if (actionResult.pendingApproval) {
         const approvalInfo = `\n\nApproval ID: ${actionResult.pendingApproval.id}\nTimeout: ${actionResult.pendingApproval.timeout}s\nMethods: ${actionResult.pendingApproval.methods.join(', ')}`;
-        result.blockMessage = (result.blockMessage || 'Approval required') + approvalInfo;
+        result.blockReason = (result.blockReason || 'Approval required') + approvalInfo;
     }
     return result;
 }
 /**
- * Create the allow result for when no threats are detected
+ * Create the allow result for when no threats are detected (modern API)
  */
 function createAllowResult() {
     return {
-        allow: true,
+        block: false, // Modern: explicit false means allow
     };
 }
 /**
- * Create a result for valid agent-confirm flow
+ * Create a result for valid agent-confirm flow (modern API)
  */
 function createAgentConfirmAllowResult(strippedInput) {
     return {
-        allow: true,
-        modifiedInput: strippedInput,
+        block: false,
+        params: strippedInput, // Modern: renamed from modifiedInput
     };
 }
 /**
- * Create a result for invalid agent-confirm flow
+ * Create a result for invalid agent-confirm flow (modern API)
  */
 function createAgentConfirmInvalidResult(error) {
     return {
-        allow: false,
-        blockMessage: error || 'Invalid or expired approval confirmation',
+        block: true, // Modern: true = block
+        blockReason: error || 'Invalid or expired approval confirmation',
         metadata: {
             reason: 'Agent confirmation parameter was present but invalid',
         },
     };
 }
 /**
- * Create a result for disabled plugin
+ * Create a result for disabled plugin (modern API)
  */
 function createDisabledResult() {
     return {
-        allow: true,
+        block: false,
     };
 }
 /**
@@ -99,58 +101,88 @@ function createDisabledResult() {
  *
  * @param config - Clawsec configuration
  * @param options - Optional custom components
+ * @param logger - Optional logger instance
  * @returns BeforeToolCallHandler function
  */
-export function createBeforeToolCallHandler(config, options) {
+export function createBeforeToolCallHandler(config, options, logger) {
+    const log = logger ?? createLogger(null, null);
     // Create or use provided components
-    const analyzer = options?.analyzer ?? createAnalyzer(config);
-    const executor = options?.executor ?? createActionExecutor();
+    const analyzer = options?.analyzer ?? createAnalyzer(config, undefined, log);
+    const executor = options?.executor ?? createActionExecutor({ logger: log });
     const agentConfirm = options?.agentConfirm ??
         createAgentConfirmHandler({
             enabled: config.approval?.agentConfirm?.enabled ?? true,
             parameterName: config.approval?.agentConfirm?.parameterName,
             store: getDefaultApprovalStore(),
+            logger: log,
         });
     // Get the parameter name from config
     const confirmParamName = config.approval?.agentConfirm?.parameterName ?? '_clawsec_confirm';
     return async (context) => {
-        // 1. Check if plugin is disabled
-        if (config.global?.enabled === false) {
-            return createDisabledResult();
-        }
-        // 2. Check for agent-confirm parameter
-        if (config.approval?.agentConfirm?.enabled !== false) {
-            const confirmResult = agentConfirm.checkConfirmation(context.toolInput, confirmParamName);
-            if (confirmResult.confirmed) {
-                // Agent is trying to confirm a previous action
-                const processResult = agentConfirm.processConfirmation(context.toolInput, confirmParamName);
-                if (processResult.valid) {
-                    // Valid confirmation - strip the parameter and allow
-                    const strippedInput = agentConfirm.stripConfirmParameter(context.toolInput, confirmParamName);
-                    return createAgentConfirmAllowResult(strippedInput);
-                }
-                else {
-                    // Invalid confirmation - block
-                    return createAgentConfirmInvalidResult(processResult.error);
+        try {
+            // Normalize context: OpenClaw may send 'params' instead of 'toolInput'
+            // Support both field names for backward compatibility
+            const normalizedContext = {
+                ...context,
+                toolInput: context.toolInput || context.params || {},
+            };
+            const toolName = normalizedContext.toolName;
+            log.info(`[Hook:before-tool-call] Entry: tool=${toolName}`);
+            // Validate context (using normalized version)
+            if (!normalizedContext || !normalizedContext.toolName || !normalizedContext.toolInput) {
+                log.error(`[Hook:before-tool-call] Invalid context received`, context);
+                return createAllowResult(); // Fail-open for invalid context
+            }
+            // 1. Check if plugin is disabled
+            if (config.global?.enabled === false) {
+                log.info(`[Hook:before-tool-call] Plugin disabled, allowing tool`);
+                return createDisabledResult();
+            }
+            // 2. Check for agent-confirm parameter
+            if (config.approval?.agentConfirm?.enabled !== false) {
+                const confirmResult = agentConfirm.checkConfirmation(normalizedContext.toolInput, confirmParamName);
+                if (confirmResult.confirmed) {
+                    // Agent is trying to confirm a previous action
+                    const processResult = agentConfirm.processConfirmation(normalizedContext.toolInput, confirmParamName);
+                    if (processResult.valid) {
+                        // Valid confirmation - strip the parameter and allow
+                        const strippedInput = agentConfirm.stripConfirmParameter(normalizedContext.toolInput, confirmParamName);
+                        log.info(`[Hook:before-tool-call] Exit: tool=${toolName}, result=allow (agent-confirm validated)`);
+                        return createAgentConfirmAllowResult(strippedInput);
+                    }
+                    else {
+                        // Invalid confirmation - block
+                        log.warn(`[Hook:before-tool-call] Exit: tool=${toolName}, result=block (invalid agent-confirm)`);
+                        return createAgentConfirmInvalidResult(processResult.error);
+                    }
                 }
             }
+            // 3. Run the analyzer (using normalized context)
+            const engineContext = toEngineContext(normalizedContext);
+            const analysis = await analyzer.analyze(engineContext);
+            // 4. If no detections or action is allow/log/warn, handle appropriately
+            if (analysis.action === 'allow') {
+                log.debug(`[Hook:before-tool-call] Exit: tool=${toolName}, result=allow`);
+                return createAllowResult();
+            }
+            // 5. Execute the action
+            const actionContext = {
+                analysis,
+                toolCall: engineContext,
+                config,
+            };
+            const actionResult = await executor.execute(actionContext);
+            // 6. Convert to BeforeToolCallResult
+            const result = toBeforeToolCallResult(actionResult, analysis.primaryDetection);
+            log.info(`[Hook:before-tool-call] Exit: tool=${toolName}, result=${result.block ? 'block' : 'allow'}`);
+            return result;
         }
-        // 3. Run the analyzer
-        const engineContext = toEngineContext(context);
-        const analysis = await analyzer.analyze(engineContext);
-        // 4. If no detections or action is allow/log/warn, handle appropriately
-        if (analysis.action === 'allow') {
-            return createAllowResult();
+        catch (error) {
+            // Error handling: log and fail-open (allow the action)
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            log.error(`[Hook:before-tool-call] Unhandled error: ${errorMessage}`, error);
+            return createAllowResult(); // Fail-open on errors
         }
-        // 5. Execute the action
-        const actionContext = {
-            analysis,
-            toolCall: engineContext,
-            config,
-        };
-        const actionResult = await executor.execute(actionContext);
-        // 6. Convert to BeforeToolCallResult
-        return toBeforeToolCallResult(actionResult, analysis.primaryDetection);
     };
 }
 /**

package/dist/src/hooks/before-tool-call/handler.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../../src/hooks/before-tool-call/handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiBH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAclE;;;GAGG;AACH,SAAS,eAAe,CAAC,WAAgC;IACvD,OAAO;QACL,QAAQ,EAAE,WAAW,CAAC,QAAQ;QAC9B,SAAS~~,EAAE,WAAW,CAAC,SAAS~~;~~QAChC~~,iDAAiD;QACjD,GAAG,EAAE,OAAO,~~WAAW,CAAC,~~SAAS,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,~~WAAW,CAAC,~~SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;~~KAC3F~~,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAC7B,YAA0B,EAC1B,SAAqB;IAErB,MAAM,MAAM,GAAyB;QACnC,KAAK,EAAE,YAAY,CAAC,OAAO;~~KAC5B~~,CAAC;IAEF,~~mCAAmC~~;~~IACnC~~,IAAI,CAAC,YAAY,CAAC,OAAO,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QAClD,MAAM,CAAC,~~YAAY~~,GAAG,YAAY,CAAC,OAAO,CAAC;~~IAC7C~~,CAAC;IAED,sCAAsC;IACtC,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,CAAC,QAAQ,GAAG;YAChB,QAAQ,EAAE,SAAS,CAAC,QAA0B;YAC9C,QAAQ,EAAE,SAAS,CAAC,QAAoB;YACxC,MAAM,EAAE,SAAS,CAAC,MAAM;SACzB,CAAC;QAEF,4CAA4C;QAC5C,IAAI,SAAS,CAAC,QAAQ,EAAE,IAAI,IAAI,OAAO,SAAS,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5E,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC;QACjD,CAAC;IACH,CAAC;IAED~~,gEAAgE~~;~~IAChE~~,IAAI,YAAY,CAAC,eAAe,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG,oBAAoB,YAAY,CAAC,eAAe,CAAC,EAAE,cAAc,YAAY,CAAC,eAAe,CAAC,OAAO,eAAe,YAAY,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3L,MAAM,CAAC,~~YAAY~~,GAAG,CAAC,MAAM,CAAC,~~YAAY~~,IAAI,mBAAmB,CAAC,GAAG,YAAY,CAAC;~~IACpF~~,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,OAAO;QACL,KAAK,EAAE,~~IAAI~~;~~KACZ~~,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,6BAA6B,CACpC,aAAsC;IAEtC,OAAO;QACL,KAAK,EAAE,~~IAAI~~;~~QACX~~,aAAa,EAAE,~~aAAa~~;~~KAC7B~~,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,+BAA+B,CAAC,KAAc;IACrD,OAAO;QACL,KAAK,EAAE,~~KAAK~~;~~QACZ~~,~~YAAY~~,EAAE,KAAK,IAAI,0CAA0C;~~QACjE~~,QAAQ,EAAE;YACR,MAAM,EAAE,sDAAsD;SAC/D;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB;IAC3B,OAAO;QACL,KAAK,EAAE,~~IAAI~~;~~KACZ~~,CAAC;AACJ,CAAC;AAED~~;;;;;;;;;;;;;GAaG~~;AACH,MAAM,UAAU,2BAA2B,CACzC,MAAqB,EACrB,OAAsC;~~IAEtC~~,oCAAoC;IACpC,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;~~IAC7D~~,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,oBAAoB,EAAE,CAAC;~~IAC7D~~,MAAM,YAAY,GAChB,OAAO,EAAE,YAAY;QACrB,yBAAyB,CAAC;YACxB,OAAO,EAAE,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,IAAI,IAAI;YACvD,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa;YAC3D,KAAK,EAAE,uBAAuB,EAAE;~~SACjC~~,CAAC,CAAC;IAEL,qCAAqC;IACrC,MAAM,gBAAgB,GAAG,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa,IAAI,kBAAkB,CAAC;IAE5F,OAAO,KAAK,EAAE,OAA4B,EAAiC,EAAE;QAC3E,iCAAiC;~~QACjC~~,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;~~YACrC~~,OAAO,oBAAoB,EAAE,CAAC;~~QAChC~~,CAAC;~~QAED~~,uCAAuC;~~QACvC~~,IAAI,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;~~YACrD~~,MAAM,aAAa,GAAG,YAAY,CAAC,iBAAiB,CAClD,~~OAAO~~,CAAC,SAAS,~~EACjB~~,gBAAgB,CACjB,CAAC;~~YAEF~~,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;~~gBAC5B~~,+CAA+C;~~gBAC~~/C,MAAM,aAAa,GAAG,YAAY,CAAC,mBAAmB,CACpD,~~OAAO~~,CAAC,SAAS,~~EACjB~~,gBAAgB,CACjB,CAAC;~~gBAEF~~,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;~~oBACxB~~,qDAAqD;~~oBACrD~~,MAAM,aAAa,GAAG,YAAY,CAAC,qBAAqB,CACtD,~~OAAO~~,CAAC,SAAS,~~EACjB~~,gBAAgB,CACjB,CAAC;~~oBACF~~,OAAO,6BAA6B,CAAC,aAAa,CAAC,CAAC;~~gBACtD~~,CAAC;~~qBAAM~~,CAAC;~~oBACN~~,+BAA+B;~~oBAC~~/B,OAAO,+BAA+B,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;~~gBAC9D~~,CAAC;~~YACH~~,CAAC;~~QACH~~,CAAC;~~QAED~~,~~sBAAsB~~;~~QACtB~~,MAAM,aAAa,GAAG,eAAe,CAAC,~~OAAO~~,CAAC,CAAC;~~QAC/C~~,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;~~QAEvD~~,wEAAwE;~~QACxE~~,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;~~YAChC~~,OAAO,iBAAiB,EAAE,CAAC;~~QAC7B~~,CAAC;~~QAED~~,wBAAwB;~~QACxB~~,MAAM,aAAa,GAAkB;~~YACnC~~,QAAQ;~~YACR~~,QAAQ,EAAE,aAAa;~~YACvB~~,MAAM;~~SACP~~,CAAC;~~QAEF~~,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;~~QAE3D~~,qCAAqC;~~QACrC~~,~~OAAO~~,sBAAsB,CAAC,YAAY,EAAE,QAAQ,CAAC,gBAAgB,CAAC,CAAC;~~IACzE~~,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kCAAkC;IAChD,MAAM,aAAa,GAAkB;QACnC,OAAO,EAAE,KAAK;QACd,MAAM,EAAE;YACN,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,MAAM;SACjB;QACD,GAAG,EAAE;YACH,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,IAAI;SACZ;QACD,KAAK,EAAE;YACL,QAAQ,EAAE;gBACR,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,OAAO;gBACf,WAAW,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE;gBAChD,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,EAAE;aAC9C;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE,EAAE;gBACb,SAAS,EAAE,EAAE;aACd;YACD,WAAW,EAAE;gBACX,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBACxB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBACxB,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;aACxB;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,OAAO;aAChB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;aAChB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;gBACf,aAAa,EAAE,GAAG;gBAClB,aAAa,EAAE,KAAK;gBACpB,UAAU,EAAE;oBACV,mBAAmB,EAAE,IAAI;oBACzB,UAAU,EAAE,IAAI;oBAChB,SAAS,EAAE,IAAI;oBACf,cAAc,EAAE,IAAI;iBACrB;aACF;SACF;QACD,QAAQ,EAAE;YACR,MAAM,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE;YACvC,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,kBAAkB,EAAE;YAClE,OAAO,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;SACtE;KACF,CAAC;IAEF,OAAO,2BAA2B,CAAC,aAAa,CAAC,CAAC;AACpD,CAAC"}
1	+ {"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../../src/hooks/before-tool-call/handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiBH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClE,OAAO,EAAE,YAAY,EAAe,MAAM,uBAAuB,CAAC;AAclE;;;GAGG;AACH,SAAS,eAAe,CAAC,WAAgC;IACvD,MAAM,SAAS,GAAG,WAAW,CAAC,SAAS,IAAI,EAAE,CAAC;IAC9C,OAAO;QACL,QAAQ,EAAE,WAAW,CAAC,QAAQ;QAC9B,SAAS;QACT,iDAAiD;QACjD,GAAG,EAAE,OAAO,SAAS,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;KACnE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAC7B,YAA0B,EAC1B,SAAqB;IAErB,MAAM,MAAM,GAAyB;QACnC,KAAK,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,2BAA2B;KAC1D,CAAC;IAEF,8BAA8B;IAC9B,IAAI,CAAC,YAAY,CAAC,OAAO,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QAClD,MAAM,CAAC,WAAW,GAAG,YAAY,CAAC,OAAO,CAAC;IAC5C,CAAC;IAED,sCAAsC;IACtC,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,CAAC,QAAQ,GAAG;YAChB,QAAQ,EAAE,SAAS,CAAC,QAA0B;YAC9C,QAAQ,EAAE,SAAS,CAAC,QAAoB;YACxC,MAAM,EAAE,SAAS,CAAC,MAAM;SACzB,CAAC;QAEF,4CAA4C;QAC5C,IAAI,SAAS,CAAC,QAAQ,EAAE,IAAI,IAAI,OAAO,SAAS,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5E,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC;QACjD,CAAC;IACH,CAAC;IAED,+DAA+D;IAC/D,IAAI,YAAY,CAAC,eAAe,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG,oBAAoB,YAAY,CAAC,eAAe,CAAC,EAAE,cAAc,YAAY,CAAC,eAAe,CAAC,OAAO,eAAe,YAAY,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3L,MAAM,CAAC,WAAW,GAAG,CAAC,MAAM,CAAC,WAAW,IAAI,mBAAmB,CAAC,GAAG,YAAY,CAAC;IAClF,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,OAAO;QACL,KAAK,EAAE,KAAK,EAAE,qCAAqC;KACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,6BAA6B,CACpC,aAAsC;IAEtC,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,MAAM,EAAE,aAAa,EAAE,qCAAqC;KAC7D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,+BAA+B,CAAC,KAAc;IACrD,OAAO;QACL,KAAK,EAAE,IAAI,EAAE,uBAAuB;QACpC,WAAW,EAAE,KAAK,IAAI,0CAA0C;QAChE,QAAQ,EAAE;YACR,MAAM,EAAE,sDAAsD;SAC/D;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB;IAC3B,OAAO;QACL,KAAK,EAAE,KAAK;KACb,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,2BAA2B,CACzC,MAAqB,EACrB,OAAsC,EACtC,MAAe;IAEf,MAAM,GAAG,GAAG,MAAM,IAAI,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAE/C,oCAAoC;IACpC,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,cAAc,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IAC7E,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,oBAAoB,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAC5E,MAAM,YAAY,GAChB,OAAO,EAAE,YAAY;QACrB,yBAAyB,CAAC;YACxB,OAAO,EAAE,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,IAAI,IAAI;YACvD,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa;YAC3D,KAAK,EAAE,uBAAuB,EAAE;YAChC,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;IAEL,qCAAqC;IACrC,MAAM,gBAAgB,GAAG,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa,IAAI,kBAAkB,CAAC;IAE5F,OAAO,KAAK,EAAE,OAA4B,EAAiC,EAAE;QAC3E,IAAI,CAAC;YACH,uEAAuE;YACvE,sDAAsD;YACtD,MAAM,iBAAiB,GAAwB;gBAC7C,GAAG,OAAO;gBACV,SAAS,EAAE,OAAO,CAAC,SAAS,IAAK,OAAe,CAAC,MAAM,IAAI,EAAE;aAC9D,CAAC;YAEF,MAAM,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC;YAC5C,GAAG,CAAC,IAAI,CAAC,uCAAuC,QAAQ,EAAE,CAAC,CAAC;YAE5D,8CAA8C;YAC9C,IAAI,CAAC,iBAAiB,IAAI,CAAC,iBAAiB,CAAC,QAAQ,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,CAAC;gBACtF,GAAG,CAAC,KAAK,CAAC,kDAAkD,EAAE,OAAO,CAAC,CAAC;gBACvE,OAAO,iBAAiB,EAAE,CAAC,CAAC,gCAAgC;YAC9D,CAAC;YAED,iCAAiC;YACjC,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;gBACrC,GAAG,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;gBACnE,OAAO,oBAAoB,EAAE,CAAC;YAChC,CAAC;YAED,uCAAuC;YACzC,IAAI,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;gBACrD,MAAM,aAAa,GAAG,YAAY,CAAC,iBAAiB,CAClD,iBAAiB,CAAC,SAAS,EAC3B,gBAAgB,CACjB,CAAC;gBAEF,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;oBAC5B,+CAA+C;oBAC/C,MAAM,aAAa,GAAG,YAAY,CAAC,mBAAmB,CACpD,iBAAiB,CAAC,SAAS,EAC3B,gBAAgB,CACjB,CAAC;oBAEF,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;wBACxB,qDAAqD;wBACrD,MAAM,aAAa,GAAG,YAAY,CAAC,qBAAqB,CACtD,iBAAiB,CAAC,SAAS,EAC3B,gBAAgB,CACjB,CAAC;wBACF,GAAG,CAAC,IAAI,CAAC,sCAAsC,QAAQ,0CAA0C,CAAC,CAAC;wBACnG,OAAO,6BAA6B,CAAC,aAAa,CAAC,CAAC;oBACtD,CAAC;yBAAM,CAAC;wBACN,+BAA+B;wBAC/B,GAAG,CAAC,IAAI,CAAC,sCAAsC,QAAQ,wCAAwC,CAAC,CAAC;wBACjG,OAAO,+BAA+B,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;oBAC9D,CAAC;gBACH,CAAC;YACH,CAAC;YAED,iDAAiD;YACjD,MAAM,aAAa,GAAG,eAAe,CAAC,iBAAiB,CAAC,CAAC;YACzD,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAEvD,wEAAwE;YACxE,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBAChC,GAAG,CAAC,KAAK,CAAC,sCAAsC,QAAQ,gBAAgB,CAAC,CAAC;gBAC1E,OAAO,iBAAiB,EAAE,CAAC;YAC7B,CAAC;YAED,wBAAwB;YACxB,MAAM,aAAa,GAAkB;gBACnC,QAAQ;gBACR,QAAQ,EAAE,aAAa;gBACvB,MAAM;aACP,CAAC;YAEF,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAEzD,qCAAqC;YACrC,MAAM,MAAM,GAAG,sBAAsB,CAAC,YAAY,EAAE,QAAQ,CAAC,gBAAgB,CAAC,CAAC;YAC/E,GAAG,CAAC,IAAI,CAAC,sCAAsC,QAAQ,YAAY,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACvG,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,uDAAuD;YACvD,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5E,GAAG,CAAC,KAAK,CAAC,4CAA4C,YAAY,EAAE,EAAE,KAAK,CAAC,CAAC;YAC7E,OAAO,iBAAiB,EAAE,CAAC,CAAC,sBAAsB;QACpD,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kCAAkC;IAChD,MAAM,aAAa,GAAkB;QACnC,OAAO,EAAE,KAAK;QACd,MAAM,EAAE;YACN,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,MAAM;SACjB;QACD,GAAG,EAAE;YACH,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,IAAI;SACZ;QACD,KAAK,EAAE;YACL,QAAQ,EAAE;gBACR,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,OAAO;gBACf,WAAW,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE;gBAChD,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,EAAE;aAC9C;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE,EAAE;gBACb,SAAS,EAAE,EAAE;aACd;YACD,WAAW,EAAE;gBACX,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBACxB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBACxB,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;aACxB;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,OAAO;aAChB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;aAChB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;gBACf,aAAa,EAAE,GAAG;gBAClB,aAAa,EAAE,KAAK;gBACpB,UAAU,EAAE;oBACV,mBAAmB,EAAE,IAAI;oBACzB,UAAU,EAAE,IAAI;oBAChB,SAAS,EAAE,IAAI;oBACf,cAAc,EAAE,IAAI;iBACrB;aACF;SACF;QACD,QAAQ,EAAE;YACR,MAAM,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE;YACvC,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,kBAAkB,EAAE;YAClE,OAAO,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;SACtE;KACF,CAAC;IAEF,OAAO,2BAA2B,CAAC,aAAa,CAAC,CAAC;AACpD,CAAC"}

package/dist/src/hooks/tool-result-persist/handler.d.ts CHANGED Viewed

@@ -6,6 +6,7 @@
  */
 import type { ToolResultPersistHandler } from '../../index.js';
 import type { ClawsecConfig } from '../../config/schema.js';
+import { type Logger } from '../../utils/logger.js';
 /**
  * Options for creating a tool-result-persist handler
  */
@@ -39,9 +40,10 @@ export interface ToolResultPersistHandlerOptions {
  *
  * @param config - Clawsec configuration
  * @param options - Optional handler options
+ * @param logger - Optional logger instance
  * @returns ToolResultPersistHandler function
  */
-export declare function createToolResultPersistHandler(config: ClawsecConfig, options?: ToolResultPersistHandlerOptions): ToolResultPersistHandler;
+export declare function createToolResultPersistHandler(config: ClawsecConfig, options?: ToolResultPersistHandlerOptions, logger?: Logger): ToolResultPersistHandler;
 /**
  * Create a default tool-result-persist handler with default configuration
  */

package/dist/src/hooks/tool-result-persist/handler.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../../src/hooks/tool-result-persist/handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAGV,wBAAwB,EACzB,MAAM,gBAAgB,CAAC;AACxB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;~~AAO5D~~;;GAEG;AACH,MAAM,WAAW,+BAA+B;IAC9C;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB;;;OAGG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;~~AAkDD;;;;;;;;;;;;;;;;;;;GAmBG~~;AACH,wBAAgB,8BAA8B,CAC5C,MAAM,EAAE,aAAa,EACrB,OAAO,CAAC,EAAE,+BAA+B,~~GACxC~~,wBAAwB,~~CA6F1B~~;AAED;;GAEG;AACH,wBAAgB,qCAAqC,IAAI,wBAAwB,CAmEhF"}
1	+ {"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../../src/hooks/tool-result-persist/handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAGV,wBAAwB,EACzB,MAAM,gBAAgB,CAAC;AACxB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAK5D,OAAO,EAAgB,KAAK,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAElE;;GAEG;AACH,MAAM,WAAW,+BAA+B;IAC9C;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB;;;OAGG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAqDD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,8BAA8B,CAC5C,MAAM,EAAE,aAAa,EACrB,OAAO,CAAC,EAAE,+BAA+B,EACzC,MAAM,CAAC,EAAE,MAAM,GACd,wBAAwB,CA8F1B;AAED;;GAEG;AACH,wBAAgB,qCAAqC,IAAI,wBAAwB,CAmEhF"}

package/dist/src/hooks/tool-result-persist/handler.js CHANGED Viewed

@@ -4,34 +4,37 @@
  * Hook handler that scans tool outputs for secrets/PII, prompt injections,
  * and filters sensitive data before it's persisted.
  */
-import { createSecretsDetector } from '../../detectors/secrets/index.js';
 import { scan, sanitize } from '../../sanitization/scanner.js';
 import { filterOutput } from './filter.js';
+import { createLogger } from '../../utils/logger.js';
 /**
- * Create an allow result with no filtering
+ * Create an allow result with no filtering (modern API)
  */
 function createAllowResult() {
-    return {
-        allow: true,
-    };
+    return {}; // Modern API: empty object means no changes (allow)
 }
 /**
- * Create a block result for detected prompt injections
+ * Create a block result for detected prompt injections (modern API)
+ * Note: Modern API doesn't support blocking, only filtering.
+ * We'll return empty message with redactions metadata.
  */
 function createBlockResult(redactions) {
     return {
-        allow: false,
-        redactions,
+        message: {
+            content: '[BLOCKED: Content violated security policy]',
+            redactions,
+        },
     };
 }
 /**
- * Create a result with filtered output and redaction info
+ * Create a result with filtered output and redaction info (modern API)
  */
 function createFilteredResult(filteredOutput, redactions) {
     return {
-        allow: true,
-        filteredOutput,
-        redactions,
+        message: {
+            content: filteredOutput,
+            redactions,
+        },
     };
 }
 /**
@@ -64,17 +67,15 @@ function outputToString(output) {
  *
  * @param config - Clawsec configuration
  * @param options - Optional handler options
+ * @param logger - Optional logger instance
  * @returns ToolResultPersistHandler function
  */
-export function createToolResultPersistHandler(config, options) {
+export function createToolResultPersistHandler(config, options, logger) {
+    const log = logger ?? createLogger(null, null);
     const filterEnabled = options?.filter ?? true;
     const scanInjectionsEnabled = options?.scanInjections ?? true;
-    // Create secrets detector from config
-    const secretsDetector = createSecretsDetector({
-        enabled: config.rules?.secrets?.enabled ?? true,
-        severity: config.rules?.secrets?.severity ?? 'critical',
-        action: config.rules?.secrets?.action ?? 'block',
-    });
+    // Note: We don't use the async secrets detector here because this handler
+    // must be synchronous. The filterOutput function provides synchronous pattern matching.
     // Create scanner config from sanitization rules
     const sanitizationConfig = config.rules?.sanitization;
     const scannerConfig = {
@@ -88,27 +89,35 @@ export function createToolResultPersistHandler(config, options) {
         minConfidence: sanitizationConfig?.minConfidence ?? 0.5,
         redactMatches: sanitizationConfig?.redactMatches ?? false,
     };
-    return async (context) => {
+    return (context) => {
+        const toolName = context.toolName;
+        log.debug(`[Hook:tool-result-persist] Entry: tool=${toolName}`);
         // 1. Check if plugin is globally disabled
         if (config.global?.enabled === false) {
+            log.debug(`[Hook:tool-result-persist] Plugin disabled, allowing output`);
             return createAllowResult();
         }
         // Convert output to string for scanning
         const toolOutputString = outputToString(context.toolOutput);
         // 2. Run prompt injection scanner if enabled
         if (scanInjectionsEnabled && sanitizationConfig?.enabled !== false && toolOutputString) {
+            log.debug(`[Hook:tool-result-persist] Scanning for prompt injections`);
             const scanResult = scan(toolOutputString, scannerConfig);
             if (scanResult.hasInjection) {
+                const categories = [...new Set(scanResult.matches.map(m => m.category))];
+                log.warn(`[Hook:tool-result-persist] Prompt injection detected: categories=${categories.join(',')}, matches=${scanResult.matches.length}`);
                 const injectionRedactions = scanResult.matches.map(match => ({
                     type: `injection-${match.category}`,
                     description: `Prompt injection detected: ${match.match.substring(0, 50)}${match.match.length > 50 ? '...' : ''}`,
                 }));
                 // If action is 'block', reject the output entirely
                 if (sanitizationConfig?.action === 'block') {
+                    log.info(`[Hook:tool-result-persist] Blocking output due to injection`);
                     return createBlockResult(injectionRedactions);
                 }
                 // If redactMatches is enabled, sanitize the output
                 if (sanitizationConfig?.redactMatches) {
+                    log.info(`[Hook:tool-result-persist] Sanitizing injection patterns`);
                     const sanitizedOutput = sanitize(toolOutputString, scanResult.matches);
                     return createFilteredResult(sanitizedOutput, injectionRedactions);
                 }
@@ -120,27 +129,20 @@ export function createToolResultPersistHandler(config, options) {
         if (!filterEnabled || config.rules?.secrets?.enabled === false) {
             return createAllowResult();
         }
-        // 4. Run secrets detector on the tool output
-        let detections = [];
-        try {
-            detections = await secretsDetector.detectAll({
-                toolName: context.toolName,
-                toolInput: context.toolInput,
-                toolOutput: toolOutputString,
-            });
-        }
-        catch {
-            // If detection fails, allow the output through without filtering
-            // This ensures tool results aren't lost due to detector errors
-            return createAllowResult();
-        }
+        // 4. Skip async secrets detector - filterOutput below does synchronous pattern matching
+        // Note: This handler must be synchronous per OpenClaw requirements
+        // The filterOutput function (line 211) catches secrets via regex patterns
+        log.debug(`[Hook:tool-result-persist] Using synchronous pattern matching for secrets`);
+        const detections = [];
         // 5. Filter output with pattern matching (catches secrets detector might have missed)
         const filterResult = filterOutput(context.toolOutput, detections);
         // 6. If nothing was redacted, allow through unchanged
         if (!filterResult.wasRedacted) {
+            log.debug(`[Hook:tool-result-persist] Exit: tool=${toolName}, no filtering needed`);
             return createAllowResult();
         }
         // 7. Return filtered result with redaction metadata
+        log.info(`[Hook:tool-result-persist] Exit: tool=${toolName}, redactions=${filterResult.redactions.length}`);
         return createFilteredResult(filterResult.filteredOutput, filterResult.redactions);
     };
 }

package/dist/src/hooks/tool-result-persist/handler.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../../src/hooks/tool-result-persist/handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AASH,OAAO,EAAE,~~qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AACzE,OAAO,EAAE,~~IAAI,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AAE/D,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;~~AAkB3C~~;;GAEG;AACH,SAAS,iBAAiB;IACxB,OAAO~~;QACL~~,~~KAAK,~~EAAE,~~IAAI;KACZ~~,CAAC;~~AACJ~~,CAAC;AAED~~;;GAEG~~;AACH,SAAS,iBAAiB,CACxB,UAAwD;IAExD,OAAO;QACL,~~KAAK~~,EAAE,~~KAAK~~;~~QACZ~~,UAAU;~~KACX~~,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAC3B,cAAuB,EACvB,UAAwD;IAExD,OAAO;QACL,~~KAAK~~,EAAE~~,IAAI~~;~~QACX~~,cAAc;~~QACd~~,UAAU;~~KACX~~,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,MAAe;IACrC,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED~~;;;;;;;;;;;;;;;;;;;GAmBG~~;AACH,MAAM,UAAU,8BAA8B,CAC5C,MAAqB,EACrB,OAAyC;~~IAEzC~~,MAAM,~~aAAa~~,GAAG,~~OAAO,EAAE,~~MAAM,IAAI,~~IAAI~~,CAAC~~;IAC9C~~,~~MAAM~~,~~qBAAqB,GAAG,OAAO,~~EAAE,~~cAAc,~~IAAI,~~IAAI~~,CAAC;~~IAE9D~~,~~sCAAsC;IACtC,~~MAAM,~~eAAe~~,GAAG,~~qBAAqB,CAAC;QAC5C,~~OAAO,EAAE,MAAM,~~CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,~~IAAI,IAAI~~;QAC/C~~,~~QAAQ,EAAE,MAAM,~~CAAC~~,KAAK,EAAE,OAAO,EAAE,QAAQ,IAAI,UAAU~~;~~QACvD~~,MAAM,~~EAAE~~,~~MAAM~~,~~CAAC,KAAK,EAAE,~~OAAO,EAAE,~~MAAM~~,IAAI,~~OAAO;KACjD~~,CAAC,~~CAAC~~;~~IAEH~~,gDAAgD;IAChD,MAAM,kBAAkB,GAAG,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC;IACtD,MAAM,aAAa,GAAkB;QACnC,OAAO,EAAE,kBAAkB,EAAE,OAAO,IAAI,IAAI;QAC5C,UAAU,EAAE;YACV,mBAAmB,EAAE,kBAAkB,EAAE,UAAU,EAAE,mBAAmB,IAAI,IAAI;YAChF,UAAU,EAAE,kBAAkB,EAAE,UAAU,EAAE,UAAU,IAAI,IAAI;YAC9D,SAAS,EAAE,kBAAkB,EAAE,UAAU,EAAE,SAAS,IAAI,IAAI;YAC5D,cAAc,EAAE,kBAAkB,EAAE,UAAU,EAAE,cAAc,IAAI,IAAI;SACvE;QACD,aAAa,EAAE,kBAAkB,EAAE,aAAa,IAAI,GAAG;QACvD,aAAa,EAAE,kBAAkB,EAAE,aAAa,IAAI,KAAK;KAC1D,CAAC;IAEF,OAAO,~~KAAK~~,EAAE,~~OAA0B~~,~~EAAoC~~,EAAE;~~QAC5E~~,0CAA0C;QAC1C,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,iBAAiB,EAAE,CAAC;QAC7B,CAAC;QAED,wCAAwC;QACxC,MAAM,gBAAgB,GAAG,cAAc,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE5D,6CAA6C;QAC7C,IAAI,qBAAqB,IAAI,kBAAkB,EAAE,OAAO,KAAK,KAAK,IAAI,gBAAgB,EAAE,CAAC;YACvF,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;YAEzD,IAAI,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC5B,MAAM,mBAAmB,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;oBAC3D,IAAI,EAAE,aAAa,KAAK,CAAC,QAAQ,EAAE;oBACnC,WAAW,EAAE,8BAA8B,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;iBACjH,CAAC,CAAC,CAAC;gBAEJ,mDAAmD;gBACnD,IAAI,kBAAkB,EAAE,MAAM,KAAK,OAAO,EAAE,CAAC;oBAC3C,OAAO,iBAAiB,CAAC,mBAAmB,CAAC,CAAC;gBAChD,CAAC;gBAED,mDAAmD;gBACnD,IAAI,kBAAkB,EAAE,aAAa,EAAE,CAAC;oBACtC,MAAM,eAAe,GAAG,QAAQ,CAAC,gBAAgB,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;oBACvE,OAAO,oBAAoB,CAAC,eAAe,EAAE,mBAAmB,CAAC,CAAC;gBACpE,CAAC;gBAED,wCAAwC;gBACxC,iDAAiD;YACnD,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YAC/D,OAAO,iBAAiB,EAAE,CAAC;QAC7B,CAAC;QAED,~~6CAA6C~~;~~QAC7C~~,~~IAAI,UAAU,GAA6B,EAAE,CAAC~~;~~QAC9C~~,~~IAAI,CAAC~~;~~YACH~~,~~UAAU,~~GAAG,~~MAAM,eAAe,~~CAAC,~~SAAS~~,CAAC~~;gBAC3C~~,~~QAAQ~~,~~EAAE,OAAO,~~CAAC,~~QAAQ;gBAC1B,SAAS,EAAE,OAAO,~~CAAC~~,SAAS~~;~~gBAC5B~~,~~UAAU,EAAE,gBAAgB;aAC7B,CAAC,CAAC;QACL,CAAC;QAAC,~~MAAM,~~CAAC;YACP~~,~~iEAAiE;YACjE,+DAA+D;YAC/D~~,~~OAAO,iBAAiB,~~EAAE,CAAC;~~QAC7B~~,~~CAAC;QAED,~~sFAAsF;QACtF,MAAM,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAElE,sDAAsD;QACtD,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;YAC9B,OAAO,iBAAiB,EAAE,CAAC;QAC7B,CAAC;QAED,oDAAoD;QACpD,OAAO,oBAAoB,CACzB,YAAY,CAAC,cAAc,EAC3B,YAAY,CAAC,UAAU,CACxB,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qCAAqC;IACnD,MAAM,aAAa,GAAkB;QACnC,OAAO,EAAE,KAAK;QACd,MAAM,EAAE;YACN,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,MAAM;SACjB;QACD,GAAG,EAAE;YACH,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,IAAI;SACZ;QACD,KAAK,EAAE;YACL,QAAQ,EAAE;gBACR,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,OAAO;gBACf,WAAW,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE;gBAChD,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,EAAE;aAC9C;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE,EAAE;gBACb,SAAS,EAAE,EAAE;aACd;YACD,WAAW,EAAE;gBACX,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBACxB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBACxB,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;aACxB;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,OAAO;aAChB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;aAChB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;gBACf,aAAa,EAAE,GAAG;gBAClB,aAAa,EAAE,KAAK;gBACpB,UAAU,EAAE;oBACV,mBAAmB,EAAE,IAAI;oBACzB,UAAU,EAAE,IAAI;oBAChB,SAAS,EAAE,IAAI;oBACf,cAAc,EAAE,IAAI;iBACrB;aACF;SACF;QACD,QAAQ,EAAE;YACR,MAAM,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE;YACvC,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,kBAAkB,EAAE;YAClE,OAAO,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;SACtE;KACF,CAAC;IAEF,OAAO,8BAA8B,CAAC,aAAa,CAAC,CAAC;AACvD,CAAC"}
1	+ {"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../../src/hooks/tool-result-persist/handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AASH,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AAE/D,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAe,MAAM,uBAAuB,CAAC;AAkBlE;;GAEG;AACH,SAAS,iBAAiB;IACxB,OAAO,EAAE,CAAC,CAAC,oDAAoD;AACjE,CAAC;AAED;;;;GAIG;AACH,SAAS,iBAAiB,CACxB,UAAwD;IAExD,OAAO;QACL,OAAO,EAAE;YACP,OAAO,EAAE,6CAA6C;YACtD,UAAU;SACX;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAC3B,cAAuB,EACvB,UAAwD;IAExD,OAAO;QACL,OAAO,EAAE;YACP,OAAO,EAAE,cAAc;YACvB,UAAU;SACX;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,MAAe;IACrC,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,8BAA8B,CAC5C,MAAqB,EACrB,OAAyC,EACzC,MAAe;IAEf,MAAM,GAAG,GAAG,MAAM,IAAI,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC/C,MAAM,aAAa,GAAG,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC;IAC9C,MAAM,qBAAqB,GAAG,OAAO,EAAE,cAAc,IAAI,IAAI,CAAC;IAE9D,0EAA0E;IAC1E,wFAAwF;IAExF,gDAAgD;IAChD,MAAM,kBAAkB,GAAG,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC;IACtD,MAAM,aAAa,GAAkB;QACnC,OAAO,EAAE,kBAAkB,EAAE,OAAO,IAAI,IAAI;QAC5C,UAAU,EAAE;YACV,mBAAmB,EAAE,kBAAkB,EAAE,UAAU,EAAE,mBAAmB,IAAI,IAAI;YAChF,UAAU,EAAE,kBAAkB,EAAE,UAAU,EAAE,UAAU,IAAI,IAAI;YAC9D,SAAS,EAAE,kBAAkB,EAAE,UAAU,EAAE,SAAS,IAAI,IAAI;YAC5D,cAAc,EAAE,kBAAkB,EAAE,UAAU,EAAE,cAAc,IAAI,IAAI;SACvE;QACD,aAAa,EAAE,kBAAkB,EAAE,aAAa,IAAI,GAAG;QACvD,aAAa,EAAE,kBAAkB,EAAE,aAAa,IAAI,KAAK;KAC1D,CAAC;IAEF,OAAO,CAAC,OAA0B,EAA2B,EAAE;QAC7D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,GAAG,CAAC,KAAK,CAAC,0CAA0C,QAAQ,EAAE,CAAC,CAAC;QAEhE,0CAA0C;QAC1C,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YACrC,GAAG,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;YACzE,OAAO,iBAAiB,EAAE,CAAC;QAC7B,CAAC;QAED,wCAAwC;QACxC,MAAM,gBAAgB,GAAG,cAAc,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE5D,6CAA6C;QAC7C,IAAI,qBAAqB,IAAI,kBAAkB,EAAE,OAAO,KAAK,KAAK,IAAI,gBAAgB,EAAE,CAAC;YACvF,GAAG,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;YACvE,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;YAEzD,IAAI,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC5B,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;gBACzE,GAAG,CAAC,IAAI,CAAC,oEAAoE,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;gBAE3I,MAAM,mBAAmB,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;oBAC3D,IAAI,EAAE,aAAa,KAAK,CAAC,QAAQ,EAAE;oBACnC,WAAW,EAAE,8BAA8B,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;iBACjH,CAAC,CAAC,CAAC;gBAEJ,mDAAmD;gBACnD,IAAI,kBAAkB,EAAE,MAAM,KAAK,OAAO,EAAE,CAAC;oBAC3C,GAAG,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;oBACxE,OAAO,iBAAiB,CAAC,mBAAmB,CAAC,CAAC;gBAChD,CAAC;gBAED,mDAAmD;gBACnD,IAAI,kBAAkB,EAAE,aAAa,EAAE,CAAC;oBACtC,GAAG,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;oBACrE,MAAM,eAAe,GAAG,QAAQ,CAAC,gBAAgB,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;oBACvE,OAAO,oBAAoB,CAAC,eAAe,EAAE,mBAAmB,CAAC,CAAC;gBACpE,CAAC;gBAED,wCAAwC;gBACxC,iDAAiD;YACnD,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YAC/D,OAAO,iBAAiB,EAAE,CAAC;QAC7B,CAAC;QAED,wFAAwF;QACxF,mEAAmE;QACnE,0EAA0E;QAC1E,GAAG,CAAC,KAAK,CAAC,2EAA2E,CAAC,CAAC;QACvF,MAAM,UAAU,GAA6B,EAAE,CAAC;QAEhD,sFAAsF;QACtF,MAAM,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAElE,sDAAsD;QACtD,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;YAC9B,GAAG,CAAC,KAAK,CAAC,yCAAyC,QAAQ,uBAAuB,CAAC,CAAC;YACpF,OAAO,iBAAiB,EAAE,CAAC;QAC7B,CAAC;QAED,oDAAoD;QACpD,GAAG,CAAC,IAAI,CAAC,yCAAyC,QAAQ,gBAAgB,YAAY,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5G,OAAO,oBAAoB,CACzB,YAAY,CAAC,cAAc,EAC3B,YAAY,CAAC,UAAU,CACxB,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qCAAqC;IACnD,MAAM,aAAa,GAAkB;QACnC,OAAO,EAAE,KAAK;QACd,MAAM,EAAE;YACN,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,MAAM;SACjB;QACD,GAAG,EAAE;YACH,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,IAAI;SACZ;QACD,KAAK,EAAE;YACL,QAAQ,EAAE;gBACR,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,OAAO;gBACf,WAAW,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE;gBAChD,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,EAAE;aAC9C;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE,EAAE;gBACb,SAAS,EAAE,EAAE;aACd;YACD,WAAW,EAAE;gBACX,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBACxB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBACxB,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;aACxB;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,OAAO;aAChB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;aAChB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;gBACf,aAAa,EAAE,GAAG;gBAClB,aAAa,EAAE,KAAK;gBACpB,UAAU,EAAE;oBACV,mBAAmB,EAAE,IAAI;oBACzB,UAAU,EAAE,IAAI;oBAChB,SAAS,EAAE,IAAI;oBACf,cAAc,EAAE,IAAI;iBACrB;aACF;SACF;QACD,QAAQ,EAAE;YACR,MAAM,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE;YACvC,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,kBAAkB,EAAE;YAClE,OAAO,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;SACtE;KACF,CAAC;IAEF,OAAO,8BAA8B,CAAC,aAAa,CAAC,CAAC;AACvD,CAAC"}

package/dist/src/index.d.ts CHANGED Viewed

@@ -5,6 +5,7 @@
 export declare const VERSION = "0.0.1";
 export declare const PLUGIN_ID = "clawsec";
 export declare const PLUGIN_NAME = "Clawsec Security Plugin";
+import { type Logger } from './utils/logger.js';
 /**
  * Severity levels for security detections
  */
@@ -16,12 +17,12 @@ export type Action = 'block' | 'confirm' | 'agent-confirm' | 'warn' | 'log';
 /**
  * Categories of security threats
  */
-export type ThreatCategory = 'purchase' | 'website' | 'destructive' | 'secrets' | 'exfiltration';
+export type ThreatCategory = 'purchase' | 'website' | 'destructive' | 'secrets' | 'exfiltration' | 'unknown';
 /**
  * Base context provided to all hooks
  */
 export interface HookContext {
-    sessionId: string;
+    sessionId?: string;
     userId?: string;
     timestamp: number;
 }
@@ -30,22 +31,23 @@ export interface HookContext {
  */
 export interface ToolCallContext extends HookContext {
     toolName: string;
-    toolInput: Record<string, unknown>;
+    toolInput?: Record<string, unknown>;
+    params?: Record<string, unknown>;
     conversationHistory?: Array<{
         role: 'user' | 'assistant';
         content: string;
     }>;
 }
 /**
- * Result from before-tool-call hook
+ * Result from before-tool-call hook (modern API)
  */
 export interface BeforeToolCallResult {
-    /** Whether to allow the tool call to proceed */
-    allow: boolean;
-    /** Modified tool input (if transformed) */
-    modifiedInput?: Record<string, unknown>;
-    /** Message to display when blocked */
-    blockMessage?: string;
+    /** Whether to block the tool call (default: false = allow) */
+    block?: boolean;
+    /** Reason for blocking (if blocked) */
+    blockReason?: string;
+    /** Modified tool parameters (if transformed) */
+    params?: Record<string, unknown>;
     /** Metadata about the detection */
     metadata?: {
         category?: ThreatCategory;
@@ -64,13 +66,22 @@ export type BeforeToolCallHandler = (context: ToolCallContext) => Promise<Before
 export interface AgentStartContext extends HookContext {
     systemPrompt?: string;
     agentConfig?: Record<string, unknown>;
+    prompt?: string;
+    messages?: Array<{
+        role: 'user' | 'assistant' | 'toolResult' | string;
+        content: unknown;
+        timestamp?: number;
+        [key: string]: unknown;
+    }>;
 }
 /**
- * Result from before-agent-start hook
+ * Result from before-agent-start hook (modern API)
  */
 export interface BeforeAgentStartResult {
-    /** Modified or injected system prompt content */
-    systemPromptAddition?: string;
+    /** System prompt replacement (replaces entire prompt) */
+    systemPrompt?: string;
+    /** Context to prepend before user message (OpenClaw's actual API field) */
+    prependContext?: string;
     /** Modified agent configuration */
     modifiedConfig?: Record<string, unknown>;
 }
@@ -87,49 +98,38 @@ export interface ToolResultContext extends HookContext {
     toolOutput: unknown;
 }
 /**
- * Result from tool-result-persist hook
+ * Result from tool-result-persist hook (modern API)
  */
 export interface ToolResultPersistResult {
-    /** Whether to allow the result to be persisted */
-    allow: boolean;
-    /** Filtered/redacted output */
-    filteredOutput?: unknown;
-    /** Metadata about any redactions */
-    redactions?: Array<{
-        type: string;
-        description: string;
-    }>;
+    /** Modified message object (if filtering/redacting) */
+    message?: {
+        content?: unknown;
+        redactions?: Array<{
+            type: string;
+            description: string;
+        }>;
+    };
 }
 /**
  * Handler type for tool-result-persist hook
+ * Note: This hook must be synchronous per OpenClaw requirements
  */
-export type ToolResultPersistHandler = (context: ToolResultContext) => Promise<ToolResultPersistResult>;
+export type ToolResultPersistHandler = (context: ToolResultContext) => ToolResultPersistResult;
 /**
  * OpenClaw plugin API interface
  */
 export interface OpenClawPluginAPI {
-    /** Register a hook handler */
-    registerHook: (hookName: string, handler: unknown, options?: HookOptions) => void;
-    /** Unregister a hook handler */
-    unregisterHook: (hookName: string, handlerId: string) => void;
-    /** Get plugin configuration */
-    getConfig: () => PluginConfig;
+    /** Register a hook handler (modern event-based API) */
+    on: (hookName: string, handler: unknown, options?: {
+        priority?: number;
+    }) => void;
+    /** Plugin configuration */
+    config: PluginConfig;
     /** Log a message */
     log: (level: 'debug' | 'info' | 'warn' | 'error', message: string, data?: unknown) => void;
     /** Request user approval */
     requestApproval: (request: ApprovalRequest) => Promise<ApprovalResponse>;
 }
-/**
- * Hook registration options
- */
-export interface HookOptions {
-    /** Unique identifier for this handler */
-    id?: string;
-    /** Priority (lower runs first) */
-    priority?: number;
-    /** Whether this hook is enabled */
-    enabled?: boolean;
-}
 /**
  * Plugin configuration from OpenClaw
  */
@@ -161,15 +161,13 @@ export interface ApprovalResponse {
     approvedBy?: string;
     timestamp: number;
 }
+import type { ClawsecConfig } from './config/schema.js';
 interface PluginState {
     api: OpenClawPluginAPI | null;
     config: PluginConfig | null;
+    clawsecConfig: ClawsecConfig | null;
     initialized: boolean;
-    handlers: {
-        beforeToolCall: BeforeToolCallHandler | null;
-        beforeAgentStart: BeforeAgentStartHandler | null;
-        toolResultPersist: ToolResultPersistHandler | null;
-    };
+    logger: Logger;
 }
 /**
  * Activates the Clawsec security plugin and registers all hooks.
@@ -221,7 +219,7 @@ export declare const pluginConfigSchema: {
  *
  * @param api - The OpenClaw plugin API
  */
-declare function register(api: OpenClawPluginAPI): void;
+declare function register(api: OpenClawPluginAPI): () => void;
 declare const _default: {
     id: string;
     name: string;