npm - clawsec - Versions diffs - 0.0.1 - Mend

clawsec 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (361) hide show

package/README.md +560 -0
package/dist/bin/clawsec.d.ts +7 -0
package/dist/bin/clawsec.d.ts.map +1 -0
package/dist/bin/clawsec.js +12 -0
package/dist/bin/clawsec.js.map +1 -0
package/dist/src/actions/block.d.ts +22 -0
package/dist/src/actions/block.d.ts.map +1 -0
package/dist/src/actions/block.js +83 -0
package/dist/src/actions/block.js.map +1 -0
package/dist/src/actions/confirm.d.ts +35 -0
package/dist/src/actions/confirm.d.ts.map +1 -0
package/dist/src/actions/confirm.js +156 -0
package/dist/src/actions/confirm.js.map +1 -0
package/dist/src/actions/executor.d.ts +64 -0
package/dist/src/actions/executor.d.ts.map +1 -0
package/dist/src/actions/executor.js +114 -0
package/dist/src/actions/executor.js.map +1 -0
package/dist/src/actions/index.d.ts +13 -0
package/dist/src/actions/index.d.ts.map +1 -0
package/dist/src/actions/index.js +15 -0
package/dist/src/actions/index.js.map +1 -0
package/dist/src/actions/log.d.ts +19 -0
package/dist/src/actions/log.d.ts.map +1 -0
package/dist/src/actions/log.js +63 -0
package/dist/src/actions/log.js.map +1 -0
package/dist/src/actions/types.d.ts +85 -0
package/dist/src/actions/types.d.ts.map +1 -0
package/dist/src/actions/types.js +78 -0
package/dist/src/actions/types.js.map +1 -0
package/dist/src/actions/warn.d.ts +22 -0
package/dist/src/actions/warn.d.ts.map +1 -0
package/dist/src/actions/warn.js +84 -0
package/dist/src/actions/warn.js.map +1 -0
package/dist/src/approval/agent-confirm.d.ts +104 -0
package/dist/src/approval/agent-confirm.d.ts.map +1 -0
package/dist/src/approval/agent-confirm.js +173 -0
package/dist/src/approval/agent-confirm.js.map +1 -0
package/dist/src/approval/index.d.ts +14 -0
package/dist/src/approval/index.d.ts.map +1 -0
package/dist/src/approval/index.js +9 -0
package/dist/src/approval/index.js.map +1 -0
package/dist/src/approval/native.d.ts +56 -0
package/dist/src/approval/native.d.ts.map +1 -0
package/dist/src/approval/native.js +196 -0
package/dist/src/approval/native.js.map +1 -0
package/dist/src/approval/store.d.ts +88 -0
package/dist/src/approval/store.d.ts.map +1 -0
package/dist/src/approval/store.js +192 -0
package/dist/src/approval/store.js.map +1 -0
package/dist/src/approval/types.d.ts +119 -0
package/dist/src/approval/types.d.ts.map +1 -0
package/dist/src/approval/types.js +6 -0
package/dist/src/approval/types.js.map +1 -0
package/dist/src/approval/webhook.d.ts +170 -0
package/dist/src/approval/webhook.d.ts.map +1 -0
package/dist/src/approval/webhook.js +362 -0
package/dist/src/approval/webhook.js.map +1 -0
package/dist/src/cli/commands/audit.d.ts +43 -0
package/dist/src/cli/commands/audit.d.ts.map +1 -0
package/dist/src/cli/commands/audit.js +115 -0
package/dist/src/cli/commands/audit.js.map +1 -0
package/dist/src/cli/commands/feedback.d.ts +27 -0
package/dist/src/cli/commands/feedback.d.ts.map +1 -0
package/dist/src/cli/commands/feedback.js +228 -0
package/dist/src/cli/commands/feedback.js.map +1 -0
package/dist/src/cli/commands/index.d.ts +11 -0
package/dist/src/cli/commands/index.d.ts.map +1 -0
package/dist/src/cli/commands/index.js +13 -0
package/dist/src/cli/commands/index.js.map +1 -0
package/dist/src/cli/commands/status.d.ts +20 -0
package/dist/src/cli/commands/status.d.ts.map +1 -0
package/dist/src/cli/commands/status.js +122 -0
package/dist/src/cli/commands/status.js.map +1 -0
package/dist/src/cli/commands/test.d.ts +23 -0
package/dist/src/cli/commands/test.d.ts.map +1 -0
package/dist/src/cli/commands/test.js +134 -0
package/dist/src/cli/commands/test.js.map +1 -0
package/dist/src/cli/commands/types.d.ts +81 -0
package/dist/src/cli/commands/types.d.ts.map +1 -0
package/dist/src/cli/commands/types.js +6 -0
package/dist/src/cli/commands/types.js.map +1 -0
package/dist/src/cli/index.d.ts +17 -0
package/dist/src/cli/index.d.ts.map +1 -0
package/dist/src/cli/index.js +267 -0
package/dist/src/cli/index.js.map +1 -0
package/dist/src/config/defaults.d.ts +20 -0
package/dist/src/config/defaults.d.ts.map +1 -0
package/dist/src/config/defaults.js +123 -0
package/dist/src/config/defaults.js.map +1 -0
package/dist/src/config/index.d.ts +8 -0
package/dist/src/config/index.d.ts.map +1 -0
package/dist/src/config/index.js +41 -0
package/dist/src/config/index.js.map +1 -0
package/dist/src/config/loader.d.ts +99 -0
package/dist/src/config/loader.d.ts.map +1 -0
package/dist/src/config/loader.js +242 -0
package/dist/src/config/loader.js.map +1 -0
package/dist/src/config/schema.d.ts +627 -0
package/dist/src/config/schema.d.ts.map +1 -0
package/dist/src/config/schema.js +585 -0
package/dist/src/config/schema.js.map +1 -0
package/dist/src/detectors/destructive/cloud-detector.d.ts +51 -0
package/dist/src/detectors/destructive/cloud-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/cloud-detector.js +556 -0
package/dist/src/detectors/destructive/cloud-detector.js.map +1 -0
package/dist/src/detectors/destructive/code-detector.d.ts +59 -0
package/dist/src/detectors/destructive/code-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/code-detector.js +558 -0
package/dist/src/detectors/destructive/code-detector.js.map +1 -0
package/dist/src/detectors/destructive/index.d.ts +54 -0
package/dist/src/detectors/destructive/index.d.ts.map +1 -0
package/dist/src/detectors/destructive/index.js +168 -0
package/dist/src/detectors/destructive/index.js.map +1 -0
package/dist/src/detectors/destructive/shell-detector.d.ts +43 -0
package/dist/src/detectors/destructive/shell-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/shell-detector.js +302 -0
package/dist/src/detectors/destructive/shell-detector.js.map +1 -0
package/dist/src/detectors/destructive/types.d.ts +143 -0
package/dist/src/detectors/destructive/types.d.ts.map +1 -0
package/dist/src/detectors/destructive/types.js +6 -0
package/dist/src/detectors/destructive/types.js.map +1 -0
package/dist/src/detectors/exfiltration/cloud-detector.d.ts +51 -0
package/dist/src/detectors/exfiltration/cloud-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/cloud-detector.js +427 -0
package/dist/src/detectors/exfiltration/cloud-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/http-detector.d.ts +47 -0
package/dist/src/detectors/exfiltration/http-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/http-detector.js +429 -0
package/dist/src/detectors/exfiltration/http-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/index.d.ts +44 -0
package/dist/src/detectors/exfiltration/index.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/index.js +118 -0
package/dist/src/detectors/exfiltration/index.js.map +1 -0
package/dist/src/detectors/exfiltration/network-detector.d.ts +55 -0
package/dist/src/detectors/exfiltration/network-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/network-detector.js +504 -0
package/dist/src/detectors/exfiltration/network-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/types.d.ts +139 -0
package/dist/src/detectors/exfiltration/types.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/types.js +6 -0
package/dist/src/detectors/exfiltration/types.js.map +1 -0
package/dist/src/detectors/purchase/domain-detector.d.ts +44 -0
package/dist/src/detectors/purchase/domain-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/domain-detector.js +296 -0
package/dist/src/detectors/purchase/domain-detector.js.map +1 -0
package/dist/src/detectors/purchase/form-detector.d.ts +27 -0
package/dist/src/detectors/purchase/form-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/form-detector.js +344 -0
package/dist/src/detectors/purchase/form-detector.js.map +1 -0
package/dist/src/detectors/purchase/index.d.ts +65 -0
package/dist/src/detectors/purchase/index.d.ts.map +1 -0
package/dist/src/detectors/purchase/index.js +216 -0
package/dist/src/detectors/purchase/index.js.map +1 -0
package/dist/src/detectors/purchase/spend-tracker.d.ts +132 -0
package/dist/src/detectors/purchase/spend-tracker.d.ts.map +1 -0
package/dist/src/detectors/purchase/spend-tracker.js +313 -0
package/dist/src/detectors/purchase/spend-tracker.js.map +1 -0
package/dist/src/detectors/purchase/types.d.ts +139 -0
package/dist/src/detectors/purchase/types.d.ts.map +1 -0
package/dist/src/detectors/purchase/types.js +6 -0
package/dist/src/detectors/purchase/types.js.map +1 -0
package/dist/src/detectors/purchase/url-detector.d.ts +31 -0
package/dist/src/detectors/purchase/url-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/url-detector.js +292 -0
package/dist/src/detectors/purchase/url-detector.js.map +1 -0
package/dist/src/detectors/secrets/api-key-detector.d.ts +30 -0
package/dist/src/detectors/secrets/api-key-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/api-key-detector.js +297 -0
package/dist/src/detectors/secrets/api-key-detector.js.map +1 -0
package/dist/src/detectors/secrets/index.d.ts +43 -0
package/dist/src/detectors/secrets/index.d.ts.map +1 -0
package/dist/src/detectors/secrets/index.js +261 -0
package/dist/src/detectors/secrets/index.js.map +1 -0
package/dist/src/detectors/secrets/pii-detector.d.ts +54 -0
package/dist/src/detectors/secrets/pii-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/pii-detector.js +286 -0
package/dist/src/detectors/secrets/pii-detector.js.map +1 -0
package/dist/src/detectors/secrets/token-detector.d.ts +51 -0
package/dist/src/detectors/secrets/token-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/token-detector.js +233 -0
package/dist/src/detectors/secrets/token-detector.js.map +1 -0
package/dist/src/detectors/secrets/types.d.ts +157 -0
package/dist/src/detectors/secrets/types.d.ts.map +1 -0
package/dist/src/detectors/secrets/types.js +6 -0
package/dist/src/detectors/secrets/types.js.map +1 -0
package/dist/src/detectors/website/category-detector.d.ts +22 -0
package/dist/src/detectors/website/category-detector.d.ts.map +1 -0
package/dist/src/detectors/website/category-detector.js +162 -0
package/dist/src/detectors/website/category-detector.js.map +1 -0
package/dist/src/detectors/website/index.d.ts +53 -0
package/dist/src/detectors/website/index.d.ts.map +1 -0
package/dist/src/detectors/website/index.js +232 -0
package/dist/src/detectors/website/index.js.map +1 -0
package/dist/src/detectors/website/pattern-matcher.d.ts +33 -0
package/dist/src/detectors/website/pattern-matcher.d.ts.map +1 -0
package/dist/src/detectors/website/pattern-matcher.js +121 -0
package/dist/src/detectors/website/pattern-matcher.js.map +1 -0
package/dist/src/detectors/website/types.d.ts +105 -0
package/dist/src/detectors/website/types.d.ts.map +1 -0
package/dist/src/detectors/website/types.js +6 -0
package/dist/src/detectors/website/types.js.map +1 -0
package/dist/src/engine/analyzer.d.ts +87 -0
package/dist/src/engine/analyzer.d.ts.map +1 -0
package/dist/src/engine/analyzer.js +427 -0
package/dist/src/engine/analyzer.js.map +1 -0
package/dist/src/engine/cache.d.ts +80 -0
package/dist/src/engine/cache.d.ts.map +1 -0
package/dist/src/engine/cache.js +167 -0
package/dist/src/engine/cache.js.map +1 -0
package/dist/src/engine/index.d.ts +11 -0
package/dist/src/engine/index.d.ts.map +1 -0
package/dist/src/engine/index.js +11 -0
package/dist/src/engine/index.js.map +1 -0
package/dist/src/engine/llm-client.d.ts +210 -0
package/dist/src/engine/llm-client.d.ts.map +1 -0
package/dist/src/engine/llm-client.js +506 -0
package/dist/src/engine/llm-client.js.map +1 -0
package/dist/src/engine/types.d.ts +163 -0
package/dist/src/engine/types.d.ts.map +1 -0
package/dist/src/engine/types.js +21 -0
package/dist/src/engine/types.js.map +1 -0
package/dist/src/feedback/index.d.ts +9 -0
package/dist/src/feedback/index.d.ts.map +1 -0
package/dist/src/feedback/index.js +8 -0
package/dist/src/feedback/index.js.map +1 -0
package/dist/src/feedback/learner.d.ts +222 -0
package/dist/src/feedback/learner.d.ts.map +1 -0
package/dist/src/feedback/learner.js +401 -0
package/dist/src/feedback/learner.js.map +1 -0
package/dist/src/feedback/store.d.ts +113 -0
package/dist/src/feedback/store.d.ts.map +1 -0
package/dist/src/feedback/store.js +228 -0
package/dist/src/feedback/store.js.map +1 -0
package/dist/src/feedback/types.d.ts +126 -0
package/dist/src/feedback/types.d.ts.map +1 -0
package/dist/src/feedback/types.js +6 -0
package/dist/src/feedback/types.js.map +1 -0
package/dist/src/hooks/before-agent-start/handler.d.ts +37 -0
package/dist/src/hooks/before-agent-start/handler.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/handler.js +109 -0
package/dist/src/hooks/before-agent-start/handler.js.map +1 -0
package/dist/src/hooks/before-agent-start/index.d.ts +8 -0
package/dist/src/hooks/before-agent-start/index.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/index.js +7 -0
package/dist/src/hooks/before-agent-start/index.js.map +1 -0
package/dist/src/hooks/before-agent-start/prompts.d.ts +48 -0
package/dist/src/hooks/before-agent-start/prompts.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/prompts.js +103 -0
package/dist/src/hooks/before-agent-start/prompts.js.map +1 -0
package/dist/src/hooks/before-tool-call/handler.d.ts +42 -0
package/dist/src/hooks/before-tool-call/handler.d.ts.map +1 -0
package/dist/src/hooks/before-tool-call/handler.js +226 -0
package/dist/src/hooks/before-tool-call/handler.js.map +1 -0
package/dist/src/hooks/before-tool-call/index.d.ts +7 -0
package/dist/src/hooks/before-tool-call/index.d.ts.map +1 -0
package/dist/src/hooks/before-tool-call/index.js +6 -0
package/dist/src/hooks/before-tool-call/index.js.map +1 -0
package/dist/src/hooks/tool-result-persist/filter.d.ts +72 -0
package/dist/src/hooks/tool-result-persist/filter.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/filter.js +305 -0
package/dist/src/hooks/tool-result-persist/filter.js.map +1 -0
package/dist/src/hooks/tool-result-persist/handler.d.ts +49 -0
package/dist/src/hooks/tool-result-persist/handler.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/handler.js +217 -0
package/dist/src/hooks/tool-result-persist/handler.js.map +1 -0
package/dist/src/hooks/tool-result-persist/index.d.ts +11 -0
package/dist/src/hooks/tool-result-persist/index.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/index.js +11 -0
package/dist/src/hooks/tool-result-persist/index.js.map +1 -0
package/dist/src/index.d.ts +256 -0
package/dist/src/index.d.ts.map +1 -0
package/dist/src/index.js +222 -0
package/dist/src/index.js.map +1 -0
package/dist/src/notifications/discord.d.ts +10 -0
package/dist/src/notifications/discord.d.ts.map +1 -0
package/dist/src/notifications/discord.js +218 -0
package/dist/src/notifications/discord.js.map +1 -0
package/dist/src/notifications/index.d.ts +37 -0
package/dist/src/notifications/index.d.ts.map +1 -0
package/dist/src/notifications/index.js +68 -0
package/dist/src/notifications/index.js.map +1 -0
package/dist/src/notifications/slack.d.ts +10 -0
package/dist/src/notifications/slack.d.ts.map +1 -0
package/dist/src/notifications/slack.js +218 -0
package/dist/src/notifications/slack.js.map +1 -0
package/dist/src/notifications/telegram.d.ts +10 -0
package/dist/src/notifications/telegram.d.ts.map +1 -0
package/dist/src/notifications/telegram.js +242 -0
package/dist/src/notifications/telegram.js.map +1 -0
package/dist/src/notifications/types.d.ts +119 -0
package/dist/src/notifications/types.d.ts.map +1 -0
package/dist/src/notifications/types.js +6 -0
package/dist/src/notifications/types.js.map +1 -0
package/dist/src/proxy/index.d.ts +8 -0
package/dist/src/proxy/index.d.ts.map +1 -0
package/dist/src/proxy/index.js +9 -0
package/dist/src/proxy/index.js.map +1 -0
package/dist/src/proxy/middleware.d.ts +55 -0
package/dist/src/proxy/middleware.d.ts.map +1 -0
package/dist/src/proxy/middleware.js +215 -0
package/dist/src/proxy/middleware.js.map +1 -0
package/dist/src/proxy/server.d.ts +57 -0
package/dist/src/proxy/server.d.ts.map +1 -0
package/dist/src/proxy/server.js +298 -0
package/dist/src/proxy/server.js.map +1 -0
package/dist/src/proxy/types.d.ts +136 -0
package/dist/src/proxy/types.d.ts.map +1 -0
package/dist/src/proxy/types.js +6 -0
package/dist/src/proxy/types.js.map +1 -0
package/dist/src/sanitization/index.d.ts +10 -0
package/dist/src/sanitization/index.d.ts.map +1 -0
package/dist/src/sanitization/index.js +9 -0
package/dist/src/sanitization/index.js.map +1 -0
package/dist/src/sanitization/patterns.d.ts +51 -0
package/dist/src/sanitization/patterns.d.ts.map +1 -0
package/dist/src/sanitization/patterns.js +266 -0
package/dist/src/sanitization/patterns.js.map +1 -0
package/dist/src/sanitization/scanner.d.ts +29 -0
package/dist/src/sanitization/scanner.d.ts.map +1 -0
package/dist/src/sanitization/scanner.js +328 -0
package/dist/src/sanitization/scanner.js.map +1 -0
package/dist/src/sanitization/types.d.ts +57 -0
package/dist/src/sanitization/types.d.ts.map +1 -0
package/dist/src/sanitization/types.js +5 -0
package/dist/src/sanitization/types.js.map +1 -0
package/openclaw.plugin.json +114 -0
package/package.json +63 -0
package/rules/builtin/README.md +139 -0
package/rules/builtin/ai-services.yaml +70 -0
package/rules/builtin/api-keys.yaml +64 -0
package/rules/builtin/authentication.yaml +56 -0
package/rules/builtin/aws-security.yaml +57 -0
package/rules/builtin/azure-security.yaml +58 -0
package/rules/builtin/cicd-security.yaml +64 -0
package/rules/builtin/cloud-storage.yaml +64 -0
package/rules/builtin/container-registry.yaml +55 -0
package/rules/builtin/crypto-wallets.yaml +71 -0
package/rules/builtin/database-nosql.yaml +58 -0
package/rules/builtin/database-sql.yaml +62 -0
package/rules/builtin/development-env.yaml +67 -0
package/rules/builtin/docker.yaml +57 -0
package/rules/builtin/filesystem.yaml +71 -0
package/rules/builtin/financial-pci.yaml +61 -0
package/rules/builtin/gcp-security.yaml +57 -0
package/rules/builtin/git-operations.yaml +68 -0
package/rules/builtin/healthcare-hipaa.yaml +64 -0
package/rules/builtin/kubernetes.yaml +60 -0
package/rules/builtin/messaging-services.yaml +53 -0
package/rules/builtin/minimal.yaml +47 -0
package/rules/builtin/mobile-development.yaml +61 -0
package/rules/builtin/monitoring.yaml +63 -0
package/rules/builtin/network-security.yaml +57 -0
package/rules/builtin/package-managers.yaml +74 -0
package/rules/builtin/payment-processing.yaml +66 -0
package/rules/builtin/pii-protection.yaml +48 -0
package/rules/builtin/production-strict.yaml +55 -0
package/rules/builtin/secrets-management.yaml +63 -0
package/rules/builtin/serverless.yaml +74 -0
package/rules/builtin/ssh-security.yaml +66 -0
package/rules/builtin/terraform.yaml +51 -0
package/rules/builtin/web-security.yaml +62 -0

package/dist/src/actions/types.js ADDED Viewed

@@ -0,0 +1,78 @@
+/**
+ * Action Executor Types
+ * Type definitions for the action execution system
+ */
+/**
+ * Default console logger implementation
+ */
+/* eslint-disable no-console */
+export const consoleLogger = {
+    debug: (message, data) => {
+        if (data) {
+            console.debug(`[clawsec] ${message}`, data);
+        }
+        else {
+            console.debug(`[clawsec] ${message}`);
+        }
+    },
+    info: (message, data) => {
+        if (data) {
+            console.info(`[clawsec] ${message}`, data);
+        }
+        else {
+            console.info(`[clawsec] ${message}`);
+        }
+    },
+    warn: (message, data) => {
+        if (data) {
+            console.warn(`[clawsec] ${message}`, data);
+        }
+        else {
+            console.warn(`[clawsec] ${message}`);
+        }
+    },
+    error: (message, data) => {
+        if (data) {
+            console.error(`[clawsec] ${message}`, data);
+        }
+        else {
+            console.error(`[clawsec] ${message}`);
+        }
+    },
+};
+/* eslint-enable no-console */
+/**
+ * No-op logger for testing or silent mode
+ */
+export const noOpLogger = {
+    debug: () => { },
+    info: () => { },
+    warn: () => { },
+    error: () => { },
+};
+/**
+ * Create a logger based on log level
+ */
+export function createLogger(logLevel) {
+    const levels = ['debug', 'info', 'warn', 'error'];
+    const minLevel = levels.indexOf(logLevel);
+    return {
+        debug: (message, data) => {
+            if (minLevel <= 0)
+                consoleLogger.debug(message, data);
+        },
+        info: (message, data) => {
+            if (minLevel <= 1)
+                consoleLogger.info(message, data);
+        },
+        warn: (message, data) => {
+            if (minLevel <= 2)
+                consoleLogger.warn(message, data);
+        },
+        error: (message, data) => {
+            if (minLevel <= 3)
+                consoleLogger.error(message, data);
+        },
+    };
+}
+//# sourceMappingURL=types.js.map

package/dist/src/actions/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/actions/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA8EH;;GAEG;AACH,+BAA+B;AAC/B,MAAM,CAAC,MAAM,aAAa,GAAiB;IACzC,KAAK,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;QACvB,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,aAAa,OAAO,EAAE,EAAE,IAAI,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,aAAa,OAAO,EAAE,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IACD,IAAI,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,CAAC,IAAI,CAAC,aAAa,OAAO,EAAE,EAAE,IAAI,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,aAAa,OAAO,EAAE,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IACD,IAAI,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,CAAC,IAAI,CAAC,aAAa,OAAO,EAAE,EAAE,IAAI,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,aAAa,OAAO,EAAE,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IACD,KAAK,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;QACvB,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,aAAa,OAAO,EAAE,EAAE,IAAI,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,aAAa,OAAO,EAAE,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;CACF,CAAC;AACF,8BAA8B;AAE9B;;GAEG;AACH,MAAM,CAAC,MAAM,UAAU,GAAiB;IACtC,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;IACf,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;IACd,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;IACd,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;CAChB,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAA6C;IACxE,MAAM,MAAM,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE1C,OAAO;QACL,KAAK,EAAE,CAAC,OAAe,EAAE,IAA8B,EAAQ,EAAE;YAC/D,IAAI,QAAQ,IAAI,CAAC;gBAAE,aAAa,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,EAAE,CAAC,OAAe,EAAE,IAA8B,EAAQ,EAAE;YAC9D,IAAI,QAAQ,IAAI,CAAC;gBAAE,aAAa,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,EAAE,CAAC,OAAe,EAAE,IAA8B,EAAQ,EAAE;YAC9D,IAAI,QAAQ,IAAI,CAAC;gBAAE,aAAa,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACvD,CAAC;QACD,KAAK,EAAE,CAAC,OAAe,EAAE,IAA8B,EAAQ,EAAE;YAC/D,IAAI,QAAQ,IAAI,CAAC;gBAAE,aAAa,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACxD,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/src/actions/warn.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * Warn Action Handler
+ * Handles warning about potentially risky tool calls while still allowing them
+ */
+import type { ActionContext, ActionHandler, ActionResult, ActionLogger } from './types.js';
+/**
+ * Generate a warning message about the detected threat
+ */
+export declare function generateWarnMessage(context: ActionContext): string;
+/**
+ * Warn action handler implementation
+ */
+export declare class WarnHandler implements ActionHandler {
+    private logger;
+    constructor(logger?: ActionLogger);
+    execute(context: ActionContext): Promise<ActionResult>;
+}
+/**
+ * Create a warn action handler with the given logger
+ */
+export declare function createWarnHandler(logger?: ActionLogger): WarnHandler;
+//# sourceMappingURL=warn.d.ts.map

package/dist/src/actions/warn.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"warn.d.ts","sourceRoot":"","sources":["../../../src/actions/warn.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAwB3F;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,aAAa,GAAG,MAAM,CA4BlE;AAED;;GAEG;AACH,qBAAa,WAAY,YAAW,aAAa;IAC/C,OAAO,CAAC,MAAM,CAAe;gBAEjB,MAAM,GAAE,YAAyB;IAIvC,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;CAmB7D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,YAAY,GAAG,WAAW,CAEpE"}

package/dist/src/actions/warn.js ADDED Viewed

@@ -0,0 +1,84 @@
+/**
+ * Warn Action Handler
+ * Handles warning about potentially risky tool calls while still allowing them
+ */
+import { noOpLogger } from './types.js';
+/**
+ * Format a severity level for display
+ */
+function formatSeverity(severity) {
+    return severity.toUpperCase();
+}
+/**
+ * Format a threat category for display
+ */
+function formatCategory(category) {
+    const categoryNames = {
+        purchase: 'Purchase/Payment',
+        website: 'Website Access',
+        destructive: 'Destructive Command',
+        secrets: 'Secrets/PII',
+        exfiltration: 'Data Transfer',
+    };
+    return categoryNames[category] || category;
+}
+/**
+ * Generate a warning message about the detected threat
+ */
+export function generateWarnMessage(context) {
+    const { analysis, toolCall } = context;
+    const { primaryDetection, detections } = analysis;
+    if (!primaryDetection) {
+        return `Warning: ${toolCall.toolName} executed with security notice.`;
+    }
+    const category = formatCategory(primaryDetection.category);
+    const severity = formatSeverity(primaryDetection.severity);
+    const reason = primaryDetection.reason;
+    let message = `[${severity}] Warning: ${category} detected\n`;
+    message += `Tool: ${toolCall.toolName}\n`;
+    message += `Reason: ${reason}\n`;
+    message += `\nAction allowed but logged for audit.`;
+    // Include additional detections if any
+    if (detections.length > 1) {
+        message += `\n\nAdditional warnings (${detections.length - 1}):`;
+        for (const detection of detections) {
+            if (detection !== primaryDetection) {
+                message += `\n- ${formatCategory(detection.category)}: ${detection.reason}`;
+            }
+        }
+    }
+    return message;
+}
+/**
+ * Warn action handler implementation
+ */
+export class WarnHandler {
+    logger;
+    constructor(logger = noOpLogger) {
+        this.logger = logger;
+    }
+    async execute(context) {
+        const { analysis, toolCall } = context;
+        const message = generateWarnMessage(context);
+        // Log the warning
+        this.logger.warn('Action executed with warning', {
+            toolName: toolCall.toolName,
+            category: analysis.primaryDetection?.category,
+            severity: analysis.primaryDetection?.severity,
+            reason: analysis.primaryDetection?.reason,
+            detectionCount: analysis.detections.length,
+        });
+        return {
+            allowed: true,
+            message,
+            logged: true,
+        };
+    }
+}
+/**
+ * Create a warn action handler with the given logger
+ */
+export function createWarnHandler(logger) {
+    return new WarnHandler(logger);
+}
+//# sourceMappingURL=warn.js.map

package/dist/src/actions/warn.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"warn.js","sourceRoot":"","sources":["../../../src/actions/warn.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC;;GAEG;AACH,SAAS,cAAc,CAAC,QAAgB;IACtC,OAAO,QAAQ,CAAC,WAAW,EAAE,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,aAAa,GAA2B;QAC5C,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,gBAAgB;QACzB,WAAW,EAAE,qBAAqB;QAClC,OAAO,EAAE,aAAa;QACtB,YAAY,EAAE,eAAe;KAC9B,CAAC;IACF,OAAO,aAAa,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAsB;IACxD,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IACvC,MAAM,EAAE,gBAAgB,EAAE,UAAU,EAAE,GAAG,QAAQ,CAAC;IAElD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,OAAO,YAAY,QAAQ,CAAC,QAAQ,iCAAiC,CAAC;IACxE,CAAC;IAED,MAAM,QAAQ,GAAG,cAAc,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC3D,MAAM,QAAQ,GAAG,cAAc,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC3D,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAEvC,IAAI,OAAO,GAAG,IAAI,QAAQ,cAAc,QAAQ,aAAa,CAAC;IAC9D,OAAO,IAAI,SAAS,QAAQ,CAAC,QAAQ,IAAI,CAAC;IAC1C,OAAO,IAAI,WAAW,MAAM,IAAI,CAAC;IACjC,OAAO,IAAI,wCAAwC,CAAC;IAEpD,uCAAuC;IACvC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAI,4BAA4B,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC;QACjE,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,IAAI,SAAS,KAAK,gBAAgB,EAAE,CAAC;gBACnC,OAAO,IAAI,OAAO,cAAc,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,SAAS,CAAC,MAAM,EAAE,CAAC;YAC9E,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,WAAW;IACd,MAAM,CAAe;IAE7B,YAAY,SAAuB,UAAU;QAC3C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAsB;QAClC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;QACvC,MAAM,OAAO,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAE7C,kBAAkB;QAClB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;YAC/C,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,QAAQ,EAAE,QAAQ,CAAC,gBAAgB,EAAE,QAAQ;YAC7C,QAAQ,EAAE,QAAQ,CAAC,gBAAgB,EAAE,QAAQ;YAC7C,MAAM,EAAE,QAAQ,CAAC,gBAAgB,EAAE,MAAM;YACzC,cAAc,EAAE,QAAQ,CAAC,UAAU,CAAC,MAAM;SAC3C,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO;YACP,MAAM,EAAE,IAAI;SACb,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAqB;IACrD,OAAO,IAAI,WAAW,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC"}

package/dist/src/approval/agent-confirm.d.ts ADDED Viewed

@@ -0,0 +1,104 @@
+/**
+ * Agent Confirm Handler
+ * Handles agent-side confirmation via _clawsec_confirm parameter
+ *
+ * When a tool call is flagged for confirmation, the agent can acknowledge
+ * the risk by retrying the call with a _clawsec_confirm parameter set to
+ * the approval ID.
+ */
+import type { ApprovalStore } from './types.js';
+/** Default parameter name for agent confirmation */
+export declare const DEFAULT_CONFIRM_PARAMETER = "_clawsec_confirm";
+/**
+ * Result of checking for agent confirmation
+ */
+export interface AgentConfirmResult {
+    /** Whether the tool input contains a confirmation parameter */
+    confirmed: boolean;
+    /** The approval ID from the confirmation parameter */
+    approvalId?: string;
+    /** Whether the approval ID is valid and the approval can proceed */
+    valid: boolean;
+    /** Error message if confirmation is invalid */
+    error?: string;
+}
+/**
+ * Interface for the agent confirm handler
+ */
+export interface AgentConfirmHandler {
+    /**
+     * Check if tool input contains a valid confirmation
+     * @param toolInput - The tool input object
+     * @param parameterName - Custom parameter name (defaults to _clawsec_confirm)
+     * @returns Result indicating if confirmation is present and valid
+     */
+    checkConfirmation(toolInput: Record<string, unknown>, parameterName?: string): AgentConfirmResult;
+    /**
+     * Remove the confirm parameter from tool input for clean execution
+     * @param toolInput - The tool input object
+     * @param parameterName - Custom parameter name (defaults to _clawsec_confirm)
+     * @returns Tool input without the confirm parameter
+     */
+    stripConfirmParameter(toolInput: Record<string, unknown>, parameterName?: string): Record<string, unknown>;
+    /**
+     * Process agent confirmation: validate and approve if valid
+     * @param toolInput - The tool input object
+     * @param parameterName - Custom parameter name (defaults to _clawsec_confirm)
+     * @returns Result indicating if confirmation succeeded
+     */
+    processConfirmation(toolInput: Record<string, unknown>, parameterName?: string): AgentConfirmResult;
+}
+/**
+ * Configuration for the agent confirm handler
+ */
+export interface AgentConfirmHandlerConfig {
+    /** The approval store to use (defaults to the default singleton) */
+    store?: ApprovalStore;
+    /** Whether agent confirmation is enabled */
+    enabled?: boolean;
+    /** Custom parameter name for confirmation */
+    parameterName?: string;
+}
+/**
+ * Default implementation of the agent confirm handler
+ */
+export declare class DefaultAgentConfirmHandler implements AgentConfirmHandler {
+    private store;
+    private enabled;
+    private defaultParameterName;
+    constructor(config?: AgentConfirmHandlerConfig);
+    /**
+     * Check if tool input contains a valid confirmation
+     */
+    checkConfirmation(toolInput: Record<string, unknown>, parameterName?: string): AgentConfirmResult;
+    /**
+     * Remove the confirm parameter from tool input
+     */
+    stripConfirmParameter(toolInput: Record<string, unknown>, parameterName?: string): Record<string, unknown>;
+    /**
+     * Process agent confirmation: validate and approve if valid
+     * This combines checkConfirmation with actually approving the record
+     */
+    processConfirmation(toolInput: Record<string, unknown>, parameterName?: string): AgentConfirmResult;
+    /**
+     * Check if agent confirmation is enabled
+     */
+    isEnabled(): boolean;
+    /**
+     * Get the default parameter name
+     */
+    getParameterName(): string;
+}
+/**
+ * Create an agent confirm handler with the given configuration
+ */
+export declare function createAgentConfirmHandler(config?: AgentConfirmHandlerConfig): DefaultAgentConfirmHandler;
+/**
+ * Get the default agent confirm handler singleton
+ */
+export declare function getDefaultAgentConfirmHandler(): DefaultAgentConfirmHandler;
+/**
+ * Reset the default handler (mainly for testing)
+ */
+export declare function resetDefaultAgentConfirmHandler(): void;
+//# sourceMappingURL=agent-confirm.d.ts.map

package/dist/src/approval/agent-confirm.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"agent-confirm.d.ts","sourceRoot":"","sources":["../../../src/approval/agent-confirm.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGhD,oDAAoD;AACpD,eAAO,MAAM,yBAAyB,qBAAqB,CAAC;AAE5D;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,+DAA+D;IAC/D,SAAS,EAAE,OAAO,CAAC;IACnB,sDAAsD;IACtD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,KAAK,EAAE,OAAO,CAAC;IACf,+CAA+C;IAC/C,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;;;OAKG;IACH,iBAAiB,CACf,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,aAAa,CAAC,EAAE,MAAM,GACrB,kBAAkB,CAAC;IAEtB;;;;;OAKG;IACH,qBAAqB,CACnB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,aAAa,CAAC,EAAE,MAAM,GACrB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE3B;;;;;OAKG;IACH,mBAAmB,CACjB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,aAAa,CAAC,EAAE,MAAM,GACrB,kBAAkB,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,oEAAoE;IACpE,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,4CAA4C;IAC5C,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,6CAA6C;IAC7C,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,qBAAa,0BAA2B,YAAW,mBAAmB;IACpE,OAAO,CAAC,KAAK,CAAgB;IAC7B,OAAO,CAAC,OAAO,CAAU;IACzB,OAAO,CAAC,oBAAoB,CAAS;gBAEzB,MAAM,GAAE,yBAA8B;IAMlD;;OAEG;IACH,iBAAiB,CACf,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,aAAa,CAAC,EAAE,MAAM,GACrB,kBAAkB;IAiFrB;;OAEG;IACH,qBAAqB,CACnB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,aAAa,CAAC,EAAE,MAAM,GACrB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAY1B;;;OAGG;IACH,mBAAmB,CACjB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,aAAa,CAAC,EAAE,MAAM,GACrB,kBAAkB;IA4BrB;;OAEG;IACH,SAAS,IAAI,OAAO;IAIpB;;OAEG;IACH,gBAAgB,IAAI,MAAM;CAG3B;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,CAAC,EAAE,yBAAyB,GACjC,0BAA0B,CAE5B;AAOD;;GAEG;AACH,wBAAgB,6BAA6B,IAAI,0BAA0B,CAK1E;AAED;;GAEG;AACH,wBAAgB,+BAA+B,IAAI,IAAI,CAEtD"}

package/dist/src/approval/agent-confirm.js ADDED Viewed

@@ -0,0 +1,173 @@
+/**
+ * Agent Confirm Handler
+ * Handles agent-side confirmation via _clawsec_confirm parameter
+ *
+ * When a tool call is flagged for confirmation, the agent can acknowledge
+ * the risk by retrying the call with a _clawsec_confirm parameter set to
+ * the approval ID.
+ */
+import { getDefaultApprovalStore } from './store.js';
+/** Default parameter name for agent confirmation */
+export const DEFAULT_CONFIRM_PARAMETER = '_clawsec_confirm';
+/**
+ * Default implementation of the agent confirm handler
+ */
+export class DefaultAgentConfirmHandler {
+    store;
+    enabled;
+    defaultParameterName;
+    constructor(config = {}) {
+        this.store = config.store ?? getDefaultApprovalStore();
+        this.enabled = config.enabled ?? true;
+        this.defaultParameterName = config.parameterName ?? DEFAULT_CONFIRM_PARAMETER;
+    }
+    /**
+     * Check if tool input contains a valid confirmation
+     */
+    checkConfirmation(toolInput, parameterName) {
+        const paramName = parameterName ?? this.defaultParameterName;
+        // Check if confirmation is disabled
+        if (!this.enabled) {
+            return {
+                confirmed: false,
+                valid: false,
+                error: 'Agent confirmation is disabled',
+            };
+        }
+        // Check if parameter exists
+        if (!(paramName in toolInput)) {
+            return {
+                confirmed: false,
+                valid: false,
+            };
+        }
+        const approvalId = toolInput[paramName];
+        // Validate the approval ID is a non-empty string
+        if (typeof approvalId !== 'string' || approvalId.trim() === '') {
+            return {
+                confirmed: true,
+                valid: false,
+                error: 'Invalid approval ID: must be a non-empty string',
+            };
+        }
+        const trimmedId = approvalId.trim();
+        // Look up the approval record
+        const record = this.store.get(trimmedId);
+        if (!record) {
+            return {
+                confirmed: true,
+                approvalId: trimmedId,
+                valid: false,
+                error: `Approval not found: No pending approval with ID "${trimmedId}"`,
+            };
+        }
+        // Check the record status
+        if (record.status === 'expired') {
+            return {
+                confirmed: true,
+                approvalId: trimmedId,
+                valid: false,
+                error: `Approval expired: The approval "${trimmedId}" has expired`,
+            };
+        }
+        if (record.status === 'approved') {
+            return {
+                confirmed: true,
+                approvalId: trimmedId,
+                valid: false,
+                error: `Already approved: The approval "${trimmedId}" was already approved`,
+            };
+        }
+        if (record.status === 'denied') {
+            return {
+                confirmed: true,
+                approvalId: trimmedId,
+                valid: false,
+                error: `Already denied: The approval "${trimmedId}" was denied`,
+            };
+        }
+        // Valid pending approval
+        return {
+            confirmed: true,
+            approvalId: trimmedId,
+            valid: true,
+        };
+    }
+    /**
+     * Remove the confirm parameter from tool input
+     */
+    stripConfirmParameter(toolInput, parameterName) {
+        const paramName = parameterName ?? this.defaultParameterName;
+        if (!(paramName in toolInput)) {
+            return toolInput;
+        }
+        // Create a shallow copy without the confirm parameter
+        const { [paramName]: _, ...cleanedInput } = toolInput;
+        return cleanedInput;
+    }
+    /**
+     * Process agent confirmation: validate and approve if valid
+     * This combines checkConfirmation with actually approving the record
+     */
+    processConfirmation(toolInput, parameterName) {
+        const result = this.checkConfirmation(toolInput, parameterName);
+        // If not valid, return the check result as-is
+        if (!result.valid || !result.approvalId) {
+            return result;
+        }
+        // Attempt to approve the record
+        const success = this.store.approve(result.approvalId, 'agent');
+        if (!success) {
+            // This could happen if the record expired between check and approve
+            return {
+                confirmed: true,
+                approvalId: result.approvalId,
+                valid: false,
+                error: `Failed to approve: Unable to approve "${result.approvalId}"`,
+            };
+        }
+        return {
+            confirmed: true,
+            approvalId: result.approvalId,
+            valid: true,
+        };
+    }
+    /**
+     * Check if agent confirmation is enabled
+     */
+    isEnabled() {
+        return this.enabled;
+    }
+    /**
+     * Get the default parameter name
+     */
+    getParameterName() {
+        return this.defaultParameterName;
+    }
+}
+/**
+ * Create an agent confirm handler with the given configuration
+ */
+export function createAgentConfirmHandler(config) {
+    return new DefaultAgentConfirmHandler(config);
+}
+/**
+ * Default singleton handler instance
+ */
+let defaultHandler = null;
+/**
+ * Get the default agent confirm handler singleton
+ */
+export function getDefaultAgentConfirmHandler() {
+    if (!defaultHandler) {
+        defaultHandler = createAgentConfirmHandler();
+    }
+    return defaultHandler;
+}
+/**
+ * Reset the default handler (mainly for testing)
+ */
+export function resetDefaultAgentConfirmHandler() {
+    defaultHandler = null;
+}
+//# sourceMappingURL=agent-confirm.js.map

package/dist/src/approval/agent-confirm.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"agent-confirm.js","sourceRoot":"","sources":["../../../src/approval/agent-confirm.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAErD,oDAAoD;AACpD,MAAM,CAAC,MAAM,yBAAyB,GAAG,kBAAkB,CAAC;AAkE5D;;GAEG;AACH,MAAM,OAAO,0BAA0B;IAC7B,KAAK,CAAgB;IACrB,OAAO,CAAU;IACjB,oBAAoB,CAAS;IAErC,YAAY,SAAoC,EAAE;QAChD,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,uBAAuB,EAAE,CAAC;QACvD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC;QACtC,IAAI,CAAC,oBAAoB,GAAG,MAAM,CAAC,aAAa,IAAI,yBAAyB,CAAC;IAChF,CAAC;IAED;;OAEG;IACH,iBAAiB,CACf,SAAkC,EAClC,aAAsB;QAEtB,MAAM,SAAS,GAAG,aAAa,IAAI,IAAI,CAAC,oBAAoB,CAAC;QAE7D,oCAAoC;QACpC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,gCAAgC;aACxC,CAAC;QACJ,CAAC;QAED,4BAA4B;QAC5B,IAAI,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,EAAE,CAAC;YAC9B,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,KAAK,EAAE,KAAK;aACb,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;QAExC,iDAAiD;QACjD,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC/D,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,iDAAiD;aACzD,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;QAEpC,8BAA8B;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,UAAU,EAAE,SAAS;gBACrB,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,oDAAoD,SAAS,GAAG;aACxE,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,UAAU,EAAE,SAAS;gBACrB,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,mCAAmC,SAAS,eAAe;aACnE,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACjC,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,UAAU,EAAE,SAAS;gBACrB,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,mCAAmC,SAAS,wBAAwB;aAC5E,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,UAAU,EAAE,SAAS;gBACrB,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,iCAAiC,SAAS,cAAc;aAChE,CAAC;QACJ,CAAC;QAED,yBAAyB;QACzB,OAAO;YACL,SAAS,EAAE,IAAI;YACf,UAAU,EAAE,SAAS;YACrB,KAAK,EAAE,IAAI;SACZ,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,qBAAqB,CACnB,SAAkC,EAClC,aAAsB;QAEtB,MAAM,SAAS,GAAG,aAAa,IAAI,IAAI,CAAC,oBAAoB,CAAC;QAE7D,IAAI,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,EAAE,CAAC;YAC9B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,sDAAsD;QACtD,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,GAAG,YAAY,EAAE,GAAG,SAAS,CAAC;QACtD,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;;OAGG;IACH,mBAAmB,CACjB,SAAkC,EAClC,aAAsB;QAEtB,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QAEhE,8CAA8C;QAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YACxC,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,gCAAgC;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAE/D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,oEAAoE;YACpE,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,yCAAyC,MAAM,CAAC,UAAU,GAAG;aACrE,CAAC;QACJ,CAAC;QAED,OAAO;YACL,SAAS,EAAE,IAAI;YACf,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,KAAK,EAAE,IAAI;SACZ,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,OAAO,IAAI,CAAC,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CACvC,MAAkC;IAElC,OAAO,IAAI,0BAA0B,CAAC,MAAM,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,IAAI,cAAc,GAAsC,IAAI,CAAC;AAE7D;;GAEG;AACH,MAAM,UAAU,6BAA6B;IAC3C,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,yBAAyB,EAAE,CAAC;IAC/C,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,+BAA+B;IAC7C,cAAc,GAAG,IAAI,CAAC;AACxB,CAAC"}

package/dist/src/approval/index.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Approval Module
+ * Re-exports for the approval system
+ */
+export type { ApprovalStatus, PendingApprovalRecord, PendingApprovalInput, ApprovalStore, ApprovalResult, NativeApprovalHandler, } from './types.js';
+export type { ApprovalStoreConfig } from './store.js';
+export { InMemoryApprovalStore, createApprovalStore, getDefaultApprovalStore, resetDefaultApprovalStore, } from './store.js';
+export type { NativeApprovalHandlerConfig } from './native.js';
+export { DefaultNativeApprovalHandler, createNativeApprovalHandler, getDefaultNativeApprovalHandler, resetDefaultNativeApprovalHandler, } from './native.js';
+export type { AgentConfirmResult, AgentConfirmHandler, AgentConfirmHandlerConfig, } from './agent-confirm.js';
+export { DEFAULT_CONFIRM_PARAMETER, DefaultAgentConfirmHandler, createAgentConfirmHandler, getDefaultAgentConfirmHandler, resetDefaultAgentConfirmHandler, } from './agent-confirm.js';
+export type { WebhookApprovalRequest, WebhookApprovalResponse, WebhookApprovalResult, WebhookApprovalClient, HttpClient, HttpResponse, WebhookApprovalClientConfig, } from './webhook.js';
+export { FetchHttpClient, DefaultWebhookApprovalClient, createWebhookApprovalClient, getDefaultWebhookApprovalClient, configureDefaultWebhookApprovalClient, resetDefaultWebhookApprovalClient, createWebhookRequest, } from './webhook.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/approval/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/approval/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,YAAY,EACV,cAAc,EACd,qBAAqB,EACrB,oBAAoB,EACpB,aAAa,EACb,cAAc,EACd,qBAAqB,GACtB,MAAM,YAAY,CAAC;AAGpB,YAAY,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,YAAY,CAAC;AAGpB,YAAY,EAAE,2BAA2B,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EACL,4BAA4B,EAC5B,2BAA2B,EAC3B,+BAA+B,EAC/B,iCAAiC,GAClC,MAAM,aAAa,CAAC;AAGrB,YAAY,EACV,kBAAkB,EAClB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,yBAAyB,EACzB,0BAA0B,EAC1B,yBAAyB,EACzB,6BAA6B,EAC7B,+BAA+B,GAChC,MAAM,oBAAoB,CAAC;AAG5B,YAAY,EACV,sBAAsB,EACtB,uBAAuB,EACvB,qBAAqB,EACrB,qBAAqB,EACrB,UAAU,EACV,YAAY,EACZ,2BAA2B,GAC5B,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,eAAe,EACf,4BAA4B,EAC5B,2BAA2B,EAC3B,+BAA+B,EAC/B,qCAAqC,EACrC,iCAAiC,EACjC,oBAAoB,GACrB,MAAM,cAAc,CAAC"}

package/dist/src/approval/index.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Approval Module
+ * Re-exports for the approval system
+ */
+export { InMemoryApprovalStore, createApprovalStore, getDefaultApprovalStore, resetDefaultApprovalStore, } from './store.js';
+export { DefaultNativeApprovalHandler, createNativeApprovalHandler, getDefaultNativeApprovalHandler, resetDefaultNativeApprovalHandler, } from './native.js';
+export { DEFAULT_CONFIRM_PARAMETER, DefaultAgentConfirmHandler, createAgentConfirmHandler, getDefaultAgentConfirmHandler, resetDefaultAgentConfirmHandler, } from './agent-confirm.js';
+export { FetchHttpClient, DefaultWebhookApprovalClient, createWebhookApprovalClient, getDefaultWebhookApprovalClient, configureDefaultWebhookApprovalClient, resetDefaultWebhookApprovalClient, createWebhookRequest, } from './webhook.js';
+//# sourceMappingURL=index.js.map

package/dist/src/approval/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/approval/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAcH,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,YAAY,CAAC;AAIpB,OAAO,EACL,4BAA4B,EAC5B,2BAA2B,EAC3B,+BAA+B,EAC/B,iCAAiC,GAClC,MAAM,aAAa,CAAC;AAQrB,OAAO,EACL,yBAAyB,EACzB,0BAA0B,EAC1B,yBAAyB,EACzB,6BAA6B,EAC7B,+BAA+B,GAChC,MAAM,oBAAoB,CAAC;AAY5B,OAAO,EACL,eAAe,EACf,4BAA4B,EAC5B,2BAA2B,EAC3B,+BAA+B,EAC/B,qCAAqC,EACrC,iCAAiC,EACjC,oBAAoB,GACrB,MAAM,cAAc,CAAC"}

package/dist/src/approval/native.d.ts ADDED Viewed

@@ -0,0 +1,56 @@
+/**
+ * Native Approval Handler
+ * Handles the /approve and /deny commands for OpenClaw native approval flow
+ */
+import type { ApprovalResult, NativeApprovalHandler, PendingApprovalRecord, ApprovalStore } from './types.js';
+/**
+ * Configuration for the native approval handler
+ */
+export interface NativeApprovalHandlerConfig {
+    /** The approval store to use (defaults to the default singleton) */
+    store?: ApprovalStore;
+}
+/**
+ * Default implementation of the native approval handler
+ */
+export declare class DefaultNativeApprovalHandler implements NativeApprovalHandler {
+    private store;
+    constructor(config?: NativeApprovalHandlerConfig);
+    /**
+     * Handle an /approve command
+     */
+    handleApprove(id: string, userId?: string): ApprovalResult;
+    /**
+     * Handle a deny/reject command
+     */
+    handleDeny(id: string): ApprovalResult;
+    /**
+     * Check if a specific approval has been granted
+     */
+    isApproved(id: string): boolean;
+    /**
+     * Get all pending approval records
+     */
+    getPendingApprovals(): PendingApprovalRecord[];
+    /**
+     * Format a success message for an approved action
+     */
+    private formatApprovalMessage;
+    /**
+     * Format a threat category for display
+     */
+    private formatCategory;
+}
+/**
+ * Create a native approval handler with the given configuration
+ */
+export declare function createNativeApprovalHandler(config?: NativeApprovalHandlerConfig): DefaultNativeApprovalHandler;
+/**
+ * Get the default native approval handler singleton
+ */
+export declare function getDefaultNativeApprovalHandler(): DefaultNativeApprovalHandler;
+/**
+ * Reset the default handler (mainly for testing)
+ */
+export declare function resetDefaultNativeApprovalHandler(): void;
+//# sourceMappingURL=native.d.ts.map

package/dist/src/approval/native.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"native.d.ts","sourceRoot":"","sources":["../../../src/approval/native.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,qBAAqB,EACrB,qBAAqB,EACrB,aAAa,EACd,MAAM,YAAY,CAAC;AAGpB;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,oEAAoE;IACpE,KAAK,CAAC,EAAE,aAAa,CAAC;CACvB;AAED;;GAEG;AACH,qBAAa,4BAA6B,YAAW,qBAAqB;IACxE,OAAO,CAAC,KAAK,CAAgB;gBAEjB,MAAM,GAAE,2BAAgC;IAIpD;;OAEG;IACH,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,cAAc;IAoE1D;;OAEG;IACH,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,cAAc;IAmEtC;;OAEG;IACH,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;IAS/B;;OAEG;IACH,mBAAmB,IAAI,qBAAqB,EAAE;IAI9C;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAO7B;;OAEG;IACH,OAAO,CAAC,cAAc;CAUvB;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CACzC,MAAM,CAAC,EAAE,2BAA2B,GACnC,4BAA4B,CAE9B;AAOD;;GAEG;AACH,wBAAgB,+BAA+B,IAAI,4BAA4B,CAK9E;AAED;;GAEG;AACH,wBAAgB,iCAAiC,IAAI,IAAI,CAExD"}