clawsecure 1.0.0

package/src/daemon.js

@@ -0,0 +1,452 @@
+'use strict';
+
+const chalk = require('chalk');
+const path = require('path');
+const configParser = require('./config-parser');
+const componentScanner = require('./component-scanner');
+const sessionParser = require('./session-parser');
+const { stripToolCallData } = require('./metadata-stripper');
+const { createWatcher } = require('./watcher');
+const syncManager = require('./sync-manager');
+const processManager = require('./process-manager');
+const logger = require('./logger');
+const { installSkill } = require('./skill-installer');
+
+// Module-level state for the running daemon
+let activeWatcher = null;
+let currentSnapshot = new Map();
+let sessionOffsets = new Map();
+let currentTier = 'shield';
+let totalToolCalls = 0;
+let cachedInventory = null;
+let cachedSkillDirs = null;
+let cachedOpenclawDir = null;
+let isRunning = false;
+
+const PRIVACY_STATEMENT = 'Your API keys and credentials never leave your machine.';
+
+/**
+ * Start the ClawSecure daemon.
+ * Phase 1: reads config, prints component inventory.
+ * Phase 2+: starts file watcher, connects to API.
+ * @param {{ profile?: string | null }} opts
+ */
+async function start(opts) {
+  console.log('');
+  console.log(chalk.bold.blue('  ClawSecure') + ' - AI-Powered Runtime Monitoring');
+  console.log(chalk.green(`  ${PRIVACY_STATEMENT}`));
+  console.log('');
+
+  // Check for existing daemon instance
+  const existing = processManager.checkExisting();
+  if (existing.running) {
+    logger.error(`ClawSecure daemon is already running (PID ${existing.pid}). Use "clawsecure stop" first.`);
+    return;
+  }
+
+  // Check and install/update Claw security skill
+  await installSkill();
+
+  // Resolve and parse config
+  const configPath = configParser.findConfigPath(opts);
+  logger.info(`Reading OpenClaw config: ${configPath}`);
+
+  let config;
+  try {
+    config = configParser.parseConfig(configPath);
+  } catch (err) {
+    logger.error(err.message);
+    return;
+  }
+
+  logger.success('Config parsed successfully');
+
+  // Extract component inventory
+  const inventory = configParser.extractComponents(config);
+  const totalCount = configParser.countComponents(inventory);
+  const skillDirs = configParser.extractSkillDirs(config);
+
+  // Print inventory summary
+  console.log('');
+  console.log(chalk.bold('  Environment Inventory'));
+  console.log(`  ${'─'.repeat(40)}`);
+  printCategory('Skills', inventory.skills);
+  printCategory('MCP Servers', inventory.mcpServers);
+  printCategory('CLI Tools', inventory.cliTools);
+  printCategory('Agents', inventory.agents);
+  printCategory('Plugins', inventory.plugins);
+  printCategory('Repos', inventory.repos);
+  console.log(`  ${'─'.repeat(40)}`);
+  console.log(`  ${chalk.bold('Total components:')} ${totalCount}`);
+  console.log('');
+
+  // Run initial full scan
+  logger.info('Running initial environment scan...');
+  const scanResult = componentScanner.scanAll(inventory, skillDirs);
+  currentSnapshot = scanResult.snapshot;
+
+  // Print discovered on-disk skills
+  const diskSkills = scanResult.components.filter((c) => c.type === 'skill' && c.hash);
+  if (diskSkills.length > 0) {
+    console.log(chalk.bold('  On-Disk Skills Discovered'));
+    console.log(`  ${'─'.repeat(40)}`);
+    for (const skill of diskSkills) {
+      const hashShort = skill.hash ? skill.hash.substring(0, 12) : 'no hash';
+      console.log(`    ${chalk.green('●')} ${chalk.white(skill.name)} ${chalk.gray(`[${hashShort}]`)}`);
+    }
+    console.log(`  ${'─'.repeat(40)}`);
+    console.log('');
+  }
+
+  // Build list of directories to watch
+  const openclawDir = configParser.getOpenClawDir();
+  const watchDirs = [openclawDir, ...skillDirs];
+
+  // Cache for use in change handlers
+  cachedInventory = inventory;
+  cachedSkillDirs = skillDirs;
+  cachedOpenclawDir = openclawDir;
+
+  // Connect to ClawSecure API
+  const apiResult = await syncManager.connect();
+  currentTier = apiResult.tier;
+  const isOnline = apiResult.online;
+
+  // Print tier
+  console.log(`  ${chalk.bold('Tier:')} ${currentTier === 'sentinel' ? chalk.magenta('Sentinel') : chalk.cyan('Shield')}`);
+  console.log(`  ${chalk.bold('API:')}  ${isOnline ? chalk.green('connected') : chalk.yellow('offline mode')}`);
+  console.log('');
+
+  // Sentinel tier: scan session logs for tool call activity
+  if (currentTier === 'sentinel') {
+    logger.info('Sentinel tier active: scanning session logs...');
+    const sessionResult = sessionParser.scanAllSessions(openclawDir, sessionOffsets);
+    sessionOffsets = sessionResult.offsets;
+    totalToolCalls = sessionResult.stats.toolCalls;
+
+    // Strip and log tool call summary
+    if (sessionResult.toolCalls.length > 0) {
+      const safeToolCalls = stripToolCallData(sessionResult.toolCalls);
+      printToolCallSummary(safeToolCalls);
+    }
+
+    // Add session directories to watch list
+    const sessionDirs = sessionParser.getSessionDirs(openclawDir);
+    for (const dir of sessionDirs) {
+      if (!watchDirs.includes(dir)) {
+        watchDirs.push(dir);
+      }
+    }
+  } else {
+    logger.debug('Shield tier: session log parsing disabled');
+  }
+
+  // Start file watcher
+  activeWatcher = createWatcher(watchDirs);
+  activeWatcher.onFileChange((events) => {
+    handleFileChanges(events);
+  });
+
+  isRunning = true;
+  processManager.writePid();
+
+  // Register graceful shutdown handlers
+  const shutdown = async () => {
+    logger.info('Shutting down ClawSecure...');
+    await cleanup();
+    process.exit(0);
+  };
+  process.on('SIGINT', shutdown);
+  process.on('SIGTERM', shutdown);
+
+  // Pull threat intelligence
+  await syncManager.loadThreats();
+
+  // Send initial environment sync to API
+  await syncManager.sendInitialSync(scanResult.components, currentSnapshot);
+
+  // Start heartbeat
+  syncManager.startHeartbeat(() => ({
+    filesTracked: currentSnapshot.size,
+    tier: currentTier,
+    toolCalls: totalToolCalls
+  }));
+
+  logger.success('ClawSecure daemon is running. Press Ctrl+C to stop.');
+  logger.info(`Monitoring ${currentSnapshot.size} files across ${watchDirs.length} directories`);
+}
+
+/**
+ * Print a category of components.
+ * @param {string} label Category label
+ * @param {Array<object>} items Component list
+ */
+function printCategory(label, items) {
+  const count = items.length;
+  const color = count > 0 ? chalk.white : chalk.gray;
+  console.log(`  ${color(label + ':')} ${count}`);
+
+  if (count > 0) {
+    for (const item of items) {
+      const status = item.enabled ? chalk.green('●') : chalk.gray('○');
+      const name = chalk.white(item.name);
+      const source = item.source && item.source !== 'local' && item.source !== 'unknown'
+        ? chalk.gray(` (${item.source})`)
+        : '';
+      console.log(`    ${status} ${name}${source}`);
+    }
+  }
+}
+
+/**
+ * Handle batched file change events from the watcher.
+ * Routes to environment scan or session log parse based on file type.
+ * @param {Array<object>} events Debounced change events
+ */
+function handleFileChanges(events) {
+  const configFile = path.join(cachedOpenclawDir, 'openclaw.json');
+
+  // Separate session log events from environment events
+  const sessionEvents = events.filter((e) => e.path.endsWith('.jsonl'));
+  const envEvents = events.filter((e) => !e.path.endsWith('.jsonl'));
+
+  // Handle environment changes (config, skills, etc.)
+  if (envEvents.length > 0) {
+    const configChanged = envEvents.some((e) => e.path === configFile);
+    if (configChanged) {
+      logger.info('OpenClaw config changed, re-reading...');
+      try {
+        const newConfig = configParser.parseConfig(configFile);
+        cachedInventory = configParser.extractComponents(newConfig);
+        cachedSkillDirs = configParser.extractSkillDirs(newConfig);
+        const scanResult = componentScanner.scanAll(cachedInventory, cachedSkillDirs);
+        const delta = componentScanner.computeDelta(currentSnapshot, scanResult.snapshot);
+        currentSnapshot = scanResult.snapshot;
+        logDelta(delta);
+      } catch (err) {
+        logger.error(`Failed to re-read config: ${err.message}`);
+      }
+    } else {
+      const scanResult = componentScanner.scanAll(cachedInventory, cachedSkillDirs);
+      const delta = componentScanner.computeDelta(currentSnapshot, scanResult.snapshot);
+      currentSnapshot = scanResult.snapshot;
+      logDelta(delta);
+    }
+  }
+
+  // Handle session log changes (Sentinel tier only)
+  if (sessionEvents.length > 0 && currentTier === 'sentinel') {
+    handleSessionLogChanges(sessionEvents);
+  }
+}
+
+/**
+ * Handle session log file changes (Sentinel tier).
+ * Re-parses changed session files from last known offset.
+ * @param {Array<object>} events Session log change events
+ */
+function handleSessionLogChanges(events) {
+  let newCalls = [];
+
+  for (const evt of events) {
+    if (evt.type === 'unlink') continue; // Session file deleted, skip
+
+    const prevOffset = sessionOffsets.get(evt.path) || 0;
+    const result = sessionParser.parseSessionFile(evt.path, prevOffset);
+    sessionOffsets.set(evt.path, result.newOffset);
+
+    if (result.toolCalls.length > 0) {
+      // Extract agentId and sessionId from file path
+      // Pattern: .../agents/<agentId>/sessions/<sessionId>.jsonl
+      const parts = evt.path.split(path.sep);
+      const sessionsIdx = parts.lastIndexOf('sessions');
+      const agentId = sessionsIdx > 0 ? parts[sessionsIdx - 1] : 'unknown';
+      const sessionId = path.basename(evt.path, '.jsonl');
+
+      for (const tc of result.toolCalls) {
+        newCalls.push({
+          toolName: tc.toolName,
+          timestamp: tc.timestamp,
+          agentId: agentId,
+          sessionId: sessionId
+        });
+      }
+    }
+  }
+
+  if (newCalls.length === 0) return;
+
+  // Strip to safe fields only
+  const safeCalls = stripToolCallData(newCalls);
+  totalToolCalls += safeCalls.length;
+
+  logger.info(
+    `${chalk.magenta('Sentinel')} ${safeCalls.length} new tool call${safeCalls.length === 1 ? '' : 's'} detected`
+  );
+  for (const tc of safeCalls) {
+    logger.debug(`  Tool: ${tc.toolName} | Agent: ${tc.agentId} | ${tc.timestamp || 'no timestamp'}`);
+  }
+
+  // Send tool calls to API
+  syncManager.sendToolCalls(safeCalls);
+}
+
+/**
+ * Log a file delta summary.
+ * @param {{ added: string[], changed: string[], removed: string[] }} delta
+ */
+function logDelta(delta) {
+  const total = delta.added.length + delta.changed.length + delta.removed.length;
+  if (total === 0) {
+    logger.debug('No meaningful changes detected');
+    return;
+  }
+
+  if (delta.added.length > 0) {
+    logger.info(`${chalk.green('+')} ${delta.added.length} file${delta.added.length === 1 ? '' : 's'} added`);
+    for (const f of delta.added) logger.debug(`  + ${f}`);
+  }
+  if (delta.changed.length > 0) {
+    logger.info(`${chalk.yellow('~')} ${delta.changed.length} file${delta.changed.length === 1 ? '' : 's'} changed`);
+    for (const f of delta.changed) logger.debug(`  ~ ${f}`);
+  }
+  if (delta.removed.length > 0) {
+    logger.info(`${chalk.red('-')} ${delta.removed.length} file${delta.removed.length === 1 ? '' : 's'} removed`);
+    for (const f of delta.removed) logger.debug(`  - ${f}`);
+  }
+
+  // Send delta to API
+  syncManager.syncEnvironment({ delta });
+}
+
+/**
+ * Print a summary of discovered tool calls.
+ * @param {Array<object>} toolCalls Stripped tool call data
+ */
+function printToolCallSummary(toolCalls) {
+  const counts = new Map();
+  for (const tc of toolCalls) {
+    const current = counts.get(tc.toolName) || 0;
+    counts.set(tc.toolName, current + 1);
+  }
+
+  console.log(chalk.bold('  Tool Call Activity'));
+  console.log(`  ${'─'.repeat(40)}`);
+
+  const sorted = Array.from(counts.entries()).sort((a, b) => b[1] - a[1]);
+  const displayMax = 10;
+  const shown = sorted.slice(0, displayMax);
+
+  for (const [name, count] of shown) {
+    console.log(`    ${chalk.magenta(count.toString().padStart(4))}x  ${chalk.white(name)}`);
+  }
+  if (sorted.length > displayMax) {
+    console.log(chalk.gray(`    ... and ${sorted.length - displayMax} more tools`));
+  }
+
+  console.log(`  ${'─'.repeat(40)}`);
+  console.log(`  ${chalk.bold('Total tool calls:')} ${toolCalls.length}`);
+  console.log('');
+}
+
+/**
+ * Gracefully clean up all resources.
+ */
+async function cleanup() {
+  syncManager.cleanup();
+  if (activeWatcher) {
+    await activeWatcher.close();
+    activeWatcher = null;
+  }
+  processManager.removePid();
+  isRunning = false;
+  currentSnapshot = new Map();
+  sessionOffsets = new Map();
+  totalToolCalls = 0;
+  cachedInventory = null;
+  cachedSkillDirs = null;
+  cachedOpenclawDir = null;
+  logger.success('ClawSecure stopped');
+}
+
+/**
+ * Stop the ClawSecure daemon.
+ */
+async function stop() {
+  // Check if a daemon is running via PID file (for CLI "clawsecure stop")
+  const existing = processManager.checkExisting();
+  if (existing.running && existing.pid !== process.pid) {
+    logger.info(`Stopping ClawSecure daemon (PID ${existing.pid})...`);
+    const stopped = processManager.stopProcess(existing.pid);
+    if (stopped) {
+      // Wait briefly for process to exit
+      await new Promise((r) => setTimeout(r, 1000));
+      processManager.removePid();
+      logger.success('ClawSecure daemon stopped');
+    }
+    return;
+  }
+
+  if (!isRunning && !activeWatcher) {
+    logger.info('ClawSecure daemon is not currently running.');
+    return;
+  }
+  await cleanup();
+}
+
+/**
+ * Show daemon status and environment summary.
+ */
+async function status() {
+  const configPath = configParser.findConfigPath({});
+  const existing = processManager.checkExisting();
+  const token = processManager.getToken();
+
+  console.log('');
+  console.log(chalk.bold('  ClawSecure Status'));
+  console.log(`  ${'─'.repeat(40)}`);
+  console.log(`  Config:  ${configPath}`);
+  console.log(`  Token:   ${token ? chalk.green('configured') : chalk.yellow('not set (run "clawsecure setup")')}`);
+  console.log(`  Daemon:  ${existing.running ? chalk.green(`running (PID ${existing.pid})`) : chalk.yellow('not running')}`);
+
+  if (existing.running) {
+    const syncState = syncManager.getState();
+    console.log(`  Files tracked: ${currentSnapshot.size}`);
+    console.log(`  Offline queue: ${syncState.queueSize}`);
+  }
+
+  try {
+    const config = configParser.parseConfig(configPath);
+    const inv = configParser.extractComponents(config);
+    const totalCount = configParser.countComponents(inv);
+    console.log(`  Components: ${totalCount} discovered`);
+  } catch (err) {
+    console.log(`  Components: ${chalk.gray('config not readable')}`);
+  }
+
+  console.log(`  ${'─'.repeat(40)}`);
+  console.log('');
+}
+
+/**
+ * Set up the daemon token interactively.
+ * @param {string} token
+ */
+async function setup(token) {
+  if (!token || !token.trim()) {
+    logger.error('Token is required. Usage: clawsecure setup <token>');
+    return;
+  }
+  const saved = processManager.saveToken(token.trim());
+  if (saved) {
+    logger.success('Token saved to ~/.clawsecure/config.json (permissions: owner-only)');
+    logger.info('You can now run "clawsecure start" to begin monitoring.');
+  }
+}
+
+module.exports = {
+  start,
+  stop,
+  status,
+  setup
+};

package/src/logger.js

@@ -0,0 +1,60 @@
+'use strict';
+
+const chalk = require('chalk');
+
+let config = {
+  verbose: false,
+  quiet: false
+};
+
+/**
+ * Configure logger verbosity.
+ * @param {{ verbose?: boolean, quiet?: boolean }} opts
+ */
+function configure(opts) {
+  if (opts.verbose !== undefined) config.verbose = opts.verbose;
+  if (opts.quiet !== undefined) config.quiet = opts.quiet;
+}
+
+/**
+ * Format a log message with timestamp.
+ * @param {string} level
+ * @param {string} msg
+ * @returns {string}
+ */
+function format(level, msg) {
+  const ts = new Date().toISOString();
+  return `[${ts}] [${level}] ${msg}`;
+}
+
+function info(msg) {
+  if (config.quiet) return;
+  console.log(format(chalk.blue('INFO'), msg));
+}
+
+function warn(msg) {
+  console.warn(format(chalk.yellow('WARN'), msg));
+}
+
+function error(msg) {
+  console.error(format(chalk.red('ERROR'), msg));
+}
+
+function debug(msg) {
+  if (!config.verbose) return;
+  console.log(format(chalk.gray('DEBUG'), msg));
+}
+
+function success(msg) {
+  if (config.quiet) return;
+  console.log(format(chalk.green('OK'), msg));
+}
+
+module.exports = {
+  configure,
+  info,
+  warn,
+  error,
+  debug,
+  success
+};

package/src/metadata-stripper.js

@@ -0,0 +1,181 @@
+'use strict';
+
+const logger = require('./logger');
+
+/**
+ * Patterns that identify sensitive keys.
+ * Any key matching these (case-insensitive) is stripped before transmission.
+ * Exported for transparency and testability.
+ */
+const SENSITIVE_PATTERNS = [
+  'apikey',
+  'api_key',
+  'apikeys',
+  'token',
+  'secret',
+  'password',
+  'passwd',
+  'credential',
+  'credentials',
+  'oauth',
+  'oauthsecret',
+  'oauthtoken',
+  'connectionstring',
+  'connection_string',
+  'private_key',
+  'privatekey',
+  'accesskey',
+  'access_key',
+  'secretkey',
+  'secret_key',
+  'auth_token',
+  'authtoken',
+  'bearer',
+  'jwt',
+  'cookie',
+  'session_id',
+  'sessionid',
+  'encryption_key',
+  'encryptionkey',
+  'signing_key',
+  'signingkey',
+  'webhook_secret',
+  'webhooksecret',
+  'database_url',
+  'databaseurl',
+  'db_password',
+  'dbpassword',
+  'smtp_password',
+  'smtppassword'
+];
+
+// Pre-compile lowercase set for fast lookup
+const SENSITIVE_SET = new Set(SENSITIVE_PATTERNS);
+
+/**
+ * Check if a key name is sensitive.
+ * Uses exact match on lowercase and also checks if any sensitive
+ * pattern is a substring of the key.
+ * @param {string} key
+ * @returns {boolean}
+ */
+function isSensitiveKey(key) {
+  const lower = key.toLowerCase().replace(/[-_.]/g, '');
+  // Exact match
+  if (SENSITIVE_SET.has(lower)) return true;
+  // Substring match for compound keys (e.g., "myApiKey", "githubToken")
+  for (const pattern of SENSITIVE_PATTERNS) {
+    if (lower.includes(pattern)) return true;
+  }
+  return false;
+}
+
+/**
+ * Check if a value looks like it could be a credential or secret.
+ * Catches env var references and common secret patterns.
+ * @param {*} value
+ * @returns {boolean}
+ */
+function isSensitiveValue(value) {
+  if (typeof value !== 'string') return false;
+  // Environment variable references (${VAR} or $VAR)
+  if (/^\$\{?.+\}?$/.test(value)) return true;
+  // Common token/key patterns (long hex, base64, bearer tokens)
+  if (/^(sk-|pk-|ghp_|gho_|github_pat_|xox[bpas]-|Bearer\s)/.test(value)) return true;
+  return false;
+}
+
+/**
+ * Deep-clone an object and strip all sensitive fields.
+ * This is the PRIMARY security gate. It runs BEFORE every API call.
+ *
+ * NEVER sends: API keys, tokens, OAuth secrets, credentials,
+ * source code, file contents, database connection strings,
+ * raw config values, personal messages, PII.
+ *
+ * @param {*} obj Input object (will not be mutated)
+ * @returns {*} Clean deep copy with sensitive fields removed
+ */
+function stripSensitiveFields(obj) {
+  if (obj === null || obj === undefined) return obj;
+  if (typeof obj !== 'object') return obj;
+
+  if (Array.isArray(obj)) {
+    return obj.map((item) => stripSensitiveFields(item));
+  }
+
+  const clean = {};
+  let strippedCount = 0;
+
+  for (const [key, value] of Object.entries(obj)) {
+    // Strip sensitive keys entirely
+    if (isSensitiveKey(key)) {
+      strippedCount++;
+      continue;
+    }
+
+    // Strip env var references in values (replace with "[REDACTED]")
+    if (isSensitiveValue(value)) {
+      clean[key] = '[REDACTED]';
+      strippedCount++;
+      continue;
+    }
+
+    // Recurse into nested objects
+    if (typeof value === 'object' && value !== null) {
+      clean[key] = stripSensitiveFields(value);
+    } else {
+      clean[key] = value;
+    }
+  }
+
+  if (strippedCount > 0) {
+    logger.debug(`Stripped ${strippedCount} sensitive field(s)`);
+  }
+
+  return clean;
+}
+
+/**
+ * Strip tool call data down to only safe transmission fields.
+ * This is the security gate for Sentinel session log data.
+ *
+ * ONLY passes through: toolName, timestamp, agentId, sessionId
+ * NEVER passes through: conversation content, arguments, results,
+ * user messages, assistant responses, file contents, or any other field.
+ *
+ * @param {Array<object>} toolCalls Raw extracted tool calls
+ * @returns {Array<{ toolName: string, timestamp: string, agentId: string, sessionId: string }>}
+ */
+function stripToolCallData(toolCalls) {
+  if (!Array.isArray(toolCalls)) return [];
+
+  const stripped = [];
+  for (const tc of toolCalls) {
+    if (!tc || typeof tc !== 'object') continue;
+    if (!tc.toolName) continue;
+
+    stripped.push({
+      toolName: String(tc.toolName),
+      timestamp: tc.timestamp ? String(tc.timestamp) : null,
+      agentId: tc.agentId ? String(tc.agentId) : null,
+      sessionId: tc.sessionId ? String(tc.sessionId) : null
+    });
+  }
+
+  if (toolCalls.length !== stripped.length) {
+    logger.debug(
+      `Stripped ${toolCalls.length - stripped.length} invalid tool call entries`
+    );
+  }
+
+  return stripped;
+}
+
+module.exports = {
+  SENSITIVE_PATTERNS,
+  isSensitiveKey,
+  isSensitiveValue,
+  stripSensitiveFields,
+  stripToolCallData
+};