fastgrc-openclaw 1.0.0 → 1.0.2

package/README.md

@@ -1,83 +1,83 @@
-# fastgrc-openclaw
-
-FastGRC compliance plugin for [OpenClaw](https://openclaw.ai). Evaluates every agent tool call against your policy before it executes — blocking, flagging, or logging violations in real time.
-
-## Install
-
-```bash
-npm install fastgrc-openclaw
-```
-
-## Setup (2 lines)
-
-```typescript
-// openclaw.config.ts
-import { FastGRCPlugin } from 'fastgrc-openclaw';
-
-export default {
-  plugins: [
-    FastGRCPlugin({
-      apiKey: process.env.FASTGRC_API_KEY,  // fgrc_k1_...
-    }),
-  ],
-};
-```
-
-Set your environment variable:
-
-```bash
-FASTGRC_API_KEY=fgrc_k1_your_key_here
-```
-
-Get your API key at [fastgrc.ai/connect?source=openclaw](https://fastgrc.ai/connect?source=openclaw) — free, no credit card.
-
-## Options
-
-```typescript
-FastGRCPlugin({
-  apiKey: string;           // Required. Your FastGRC API key.
-  policyId?: string;        // Optional. Target a specific policy. Omit for org-wide default.
-  onBlock?: 'throw'         // (default) Throw FastGRCBlockedError — OpenClaw surfaces it as an agent error
-           | 'warn'         // console.warn and allow through
-           | 'silent';      // Allow through silently
-  timeoutMs?: number;       // Max ms to wait for FastGRC API. Default: 3000. Fail-open on timeout.
-  baseUrl?: string;         // Override FastGRC base URL. Default: https://app.fastgrc.ai
-})
-```
-
-## How it works
-
-The plugin registers a `before_tool_call` hook. For every tool invocation:
-
-1. Calls `POST /api/v1/policy-router/evaluate` with the tool name and arguments
-2. On `decision: block` → throws `FastGRCBlockedError` (OpenClaw surfaces this as an agent error with explanation)
-3. On `decision: require_approval` → throws `FastGRCApprovalRequiredError` with a link to your dashboard
-4. On `decision: allow | uncertain` → passes through silently
-5. On timeout or network error → **fail-open** (allows through, logs a warning) — FastGRC never breaks your agent due to infra issues
-
-## Error types
-
-```typescript
-import { FastGRCBlockedError, FastGRCApprovalRequiredError } from 'fastgrc-openclaw';
-
-// Catch in your agent error handler:
-if (err instanceof FastGRCBlockedError) {
-  console.log(err.matchedRule);  // Which policy rule triggered
-  console.log(err.reasoning);    // Human-readable explanation
-  console.log(err.policyId);     // Policy that made the decision
-}
-
-if (err instanceof FastGRCApprovalRequiredError) {
-  console.log(err.dashboardUrl); // Link to approve in FastGRC dashboard
-}
-```
-
-## Policy modes
-
-Policies start in **Observability Mode** — violations are logged but never blocked. Switch to enforcement from your [FastGRC dashboard](https://app.fastgrc.ai/dashboard/agent-policies) when ready.
-
-## Links
-
-- [FastGRC docs](https://docs.fastgrc.ai/integrations/openclaw)
-- [Get your API key](https://fastgrc.ai/connect?source=openclaw)
-- [Dashboard](https://app.fastgrc.ai)
+# fastgrc-openclaw
+
+FastGRC compliance plugin for [OpenClaw](https://openclaw.ai). Evaluates every agent tool call against your policy before it executes — blocking, flagging, or logging violations in real time.
+
+## Install
+
+```bash
+npm install fastgrc-openclaw
+```
+
+## Setup (2 lines)
+
+```typescript
+// openclaw.config.ts
+import { FastGRCPlugin } from 'fastgrc-openclaw';
+
+export default {
+  plugins: [
+    FastGRCPlugin({
+      apiKey: process.env.FASTGRC_API_KEY,  // fgrc_k1_...
+    }),
+  ],
+};
+```
+
+Set your environment variable:
+
+```bash
+FASTGRC_API_KEY=fgrc_k1_your_key_here
+```
+
+Get your API key at [fastgrc.ai/connect?source=openclaw](https://fastgrc.ai/connect?source=openclaw) — free, no credit card.
+
+## Options
+
+```typescript
+FastGRCPlugin({
+  apiKey: string;           // Required. Your FastGRC API key.
+  policyId?: string;        // Optional. Target a specific policy. Omit for org-wide default.
+  onBlock?: 'throw'         // (default) Throw FastGRCBlockedError — OpenClaw surfaces it as an agent error
+           | 'warn'         // console.warn and allow through
+           | 'silent';      // Allow through silently
+  timeoutMs?: number;       // Max ms to wait for FastGRC API. Default: 3000. Fail-open on timeout.
+  baseUrl?: string;         // Override FastGRC base URL. Default: https://app.fastgrc.ai
+})
+```
+
+## How it works
+
+The plugin registers a `before_tool_call` hook. For every tool invocation:
+
+1. Calls `POST /api/v1/policy-router/evaluate` with the tool name and arguments
+2. On `decision: block` → throws `FastGRCBlockedError` (OpenClaw surfaces this as an agent error with explanation)
+3. On `decision: require_approval` → throws `FastGRCApprovalRequiredError` with a link to your dashboard
+4. On `decision: allow | uncertain` → passes through silently
+5. On timeout or network error → **fail-open** (allows through, logs a warning) — FastGRC never breaks your agent due to infra issues
+
+## Error types
+
+```typescript
+import { FastGRCBlockedError, FastGRCApprovalRequiredError } from 'fastgrc-openclaw';
+
+// Catch in your agent error handler:
+if (err instanceof FastGRCBlockedError) {
+  console.log(err.matchedRule);  // Which policy rule triggered
+  console.log(err.reasoning);    // Human-readable explanation
+  console.log(err.policyId);     // Policy that made the decision
+}
+
+if (err instanceof FastGRCApprovalRequiredError) {
+  console.log(err.dashboardUrl); // Link to approve in FastGRC dashboard
+}
+```
+
+## Policy modes
+
+Policies start in **Observability Mode** — violations are logged but never blocked. Switch to enforcement from your [FastGRC dashboard](https://app.fastgrc.ai/dashboard/agent-policies) when ready.
+
+## Links
+
+- [FastGRC docs](https://docs.fastgrc.ai/integrations/openclaw)
+- [Get your API key](https://fastgrc.ai/connect?source=openclaw)
+- [Dashboard](https://app.fastgrc.ai)

package/dist/bin.js

@@ -99,7 +99,7 @@ async function main() {
   if (!result) {
     process.exit(0);
   }
-  const { decision, reasoning, policyContext } = result;
+  const { decision, reasoning, policyContext, reasonTags } = result;
   const matchedRule = policyContext?.matchedRule;
   if (decision === "block") {
     const msg = matchedRule ? `FastGRC blocked: [${matchedRule}] ${reasoning}` : `FastGRC blocked: ${reasoning}`;
@@ -115,6 +115,10 @@ Review at: ${baseUrl}/dashboard/agent-policies
     );
     process.exit(2);
   }
+  if (Array.isArray(reasonTags) && reasonTags.includes("override_block_active")) {
+    const msg = matchedRule ? `[FastGRC] Observability mode \u2014 would have blocked: [${matchedRule}] ${reasoning}` : `[FastGRC] Observability mode \u2014 would have blocked: ${reasoning}`;
+    process.stderr.write(msg + "\n");
+  }
   process.exit(0);
 }
 main().catch((err) => {

package/dist/bin.mjs

@@ -98,7 +98,7 @@ async function main() {
   if (!result) {
     process.exit(0);
   }
-  const { decision, reasoning, policyContext } = result;
+  const { decision, reasoning, policyContext, reasonTags } = result;
   const matchedRule = policyContext?.matchedRule;
   if (decision === "block") {
     const msg = matchedRule ? `FastGRC blocked: [${matchedRule}] ${reasoning}` : `FastGRC blocked: ${reasoning}`;
@@ -114,6 +114,10 @@ Review at: ${baseUrl}/dashboard/agent-policies
     );
     process.exit(2);
   }
+  if (Array.isArray(reasonTags) && reasonTags.includes("override_block_active")) {
+    const msg = matchedRule ? `[FastGRC] Observability mode \u2014 would have blocked: [${matchedRule}] ${reasoning}` : `[FastGRC] Observability mode \u2014 would have blocked: ${reasoning}`;
+    process.stderr.write(msg + "\n");
+  }
   process.exit(0);
 }
 main().catch((err) => {

package/package.json

@@ -1,32 +1,44 @@
-{
-  "name": "fastgrc-openclaw",
-  "version": "1.0.0",
-  "description": "FastGRC agent compliance plugin for OpenClaw — evaluates every tool call against your policy before it executes",
-  "main": "./dist/index.js",
-  "module": "./dist/index.mjs",
-  "types": "./dist/index.d.ts",
-  "exports": {
-    ".": {
-      "types": "./dist/index.d.ts",
-      "import": "./dist/index.mjs",
-      "require": "./dist/index.js"
-    }
-  },
-  "bin": {
-    "fastgrc-hook": "./dist/bin.js"
-  },
-  "files": ["dist", "README.md"],
-  "scripts": {
-    "build": "tsup",
-    "dev": "tsup --watch",
-    "typecheck": "tsc --noEmit"
-  },
-  "keywords": ["fastgrc", "openclaw", "ai-agent", "compliance", "policy", "security"],
-  "author": "FastGRC <support@fastgrc.ai>",
-  "license": "MIT",
-  "devDependencies": {
-    "tsup": "^8.0.0",
-    "typescript": "^5.0.0"
-  },
-  "engines": { "node": ">=18" }
-}
+{
+  "name": "fastgrc-openclaw",
+  "version": "1.0.2",
+  "description": "FastGRC agent compliance plugin for OpenClaw — evaluates every tool call against your policy before it executes",
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "bin": {
+    "fastgrc-hook": "./dist/bin.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsup && node -e \"require('fs').chmodSync('dist/bin.js', '755')\"",
+    "dev": "tsup --watch",
+    "typecheck": "tsc --noEmit"
+  },
+  "keywords": [
+    "fastgrc",
+    "openclaw",
+    "ai-agent",
+    "compliance",
+    "policy",
+    "security"
+  ],
+  "author": "FastGRC <support@fastgrc.ai>",
+  "license": "MIT",
+  "devDependencies": {
+    "tsup": "^8.0.0",
+    "typescript": "^5.0.0"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}