limits-openclaw 0.0.11 → 0.0.12

package/README.md

@@ -1,10 +1,10 @@
-# limits-openclaw 
+# limits-openclaw
 
-[![npm version](https://img.shields.io/npm/v/limits-openclaw .svg?style=flat-square)](https://www.npmjs.com/package/limits-openclaw )
+[![npm version](https://img.shields.io/npm/v/limits-openclaw.svg?style=flat-square)](https://www.npmjs.com/package/limits-openclaw)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?style=flat-square)](https://opensource.org/licenses/MIT)
 [![TypeScript](https://img.shields.io/badge/TypeScript-5.x-3178C6?style=flat-square&logo=typescript&logoColor=white)](https://www.typescriptlang.org/)
 [![Node.js](https://img.shields.io/badge/Node.js-18%2B-339933?style=flat-square&logo=node.js&logoColor=white)](https://nodejs.org/)
-[![GitHub](https://img.shields.io/badge/GitHub-limitsdev%2Flimits--openclaw-181717?style=flat-square&logo=github)](https://github.com/limitsdev/limits-openclaw )
+[![GitHub](https://img.shields.io/badge/GitHub-limitsdev%2Flimits--openclaw-181717?style=flat-square&logo=github)](https://github.com/limitsdev/limits-openclaw)
 
 **Official** OpenClaw plugin for the [Limits](https://limits.dev) platform. Delegates policy enforcement via HTTP. Every decision is made by calling `POST {baseUrl}/openclaw/enforce` before and after each tool call. Optional policy-generator tools let the agent create and update policies from natural language.
 
@@ -31,23 +31,43 @@
 ## Installation
 
 ```bash
-npm install limits-openclaw 
+npm install limits-openclaw
 ```
 
 ```bash
-yarn add limits-openclaw 
+yarn add limits-openclaw
 ```
 
 ```bash
-pnpm add limits-openclaw 
+pnpm add limits-openclaw
 ```
 
 Then register the plugin with OpenClaw:
 
 ```bash
-openclaw plugins install ./node_modules/limits-openclaw 
+openclaw plugins install ./node_modules/limits-openclaw
 openclaw gateway restart
-openclaw plugins enable "limits-openclaw "
+```
+
+**Add `limits-openclaw` to the Plugin Allowlist** (required before enabling):
+
+**Option A — Dashboard:**
+
+1. Open the OpenClaw dashboard and go to **Config → Plugins → Plugin Allowlist**.
+2. Click **Add** and type `limits-openclaw`, then save and apply.
+
+**Option B — CLI:**
+
+```bash
+current=$(openclaw config get plugins.allow 2>/dev/null | grep -v '^\[.\+\] ')
+updated=$(echo "${current:-[]}" | jq -c '(. // []) + ["limits-openclaw"] | unique')
+openclaw config set plugins.allow "$updated" --json
+```
+
+Then enable the plugin:
+
+```bash
+openclaw plugins enable "limits-openclaw"
 ```
 
 ---
@@ -64,7 +84,7 @@ openclaw limits configure
 If you see **`error: unknown command 'limits'`**, the OpenClaw CLI may not load plugin commands in your environment. Run the configure script directly (from a directory where the package is installed):
 
 ```bash
-node node_modules/limits-openclaw /scripts/configure.js
+node node_modules/limits-openclaw/scripts/configure.js
 ```
 
 Or set config manually:
@@ -73,7 +93,7 @@ Or set config manually:
 {
   "plugins": {
     "entries": {
-      "limits-openclaw ": {
+      "limits-openclaw": {
         "enabled": true,
         "config": {
           "apiToken": "sk_your_organization_api_key"
@@ -92,7 +112,7 @@ Or set config manually:
     "list": [
       {
         "id": "main",
-        "tools": { "allow": ["limits-openclaw "] }
+        "tools": { "allow": ["limits-openclaw"] }
       }
     ]
   }
@@ -127,7 +147,7 @@ flowchart LR
 1. **Before each tool call** (`before_tool_call`): the plugin POSTs `phase: "pre"` with tool name and args. Limits returns `ALLOW`, `BLOCK`, or `REWRITE` (with `rewriteArgs`). The plugin blocks the call, allows it, or replaces the tool arguments accordingly.
 2. **After each tool call** (`after_tool_call`): the plugin POSTs `phase: "post"` with tool name, args, and result. Limits returns `ALLOW`, `BLOCK`, `REDACT`, or `REWRITE` (with `redactedResult` or `rewrittenResult`). The plugin leaves the result unchanged, replaces it with a safe blocked response, or replaces it with the redacted/rewritten value.
 
-**Compatibility:** This plugin requires an OpenClaw build where tool hooks are wired into the execution path. If you see **`[limits-openclaw ] before_tool_call observed`** in logs once after a tool runs, hooks are working. See [OpenClaw #6535](https://github.com/openclaw/openclaw/issues/6535) if hooks never fire.
+**Compatibility:** This plugin requires an OpenClaw build where tool hooks are wired into the execution path. If you see **`[limits-openclaw] before_tool_call observed`** in logs once after a tool runs, hooks are working. See [OpenClaw #6535](https://github.com/openclaw/openclaw/issues/6535) if hooks never fire.
 
 ---
 
@@ -150,16 +170,16 @@ Optionally, you can copy it manually. The example below is for Unix; on Windows
 
 ```bash
 mkdir -p ~/.openclaw/workspace/skills/limits-policy-generator
-cp -r ./node_modules/limits-openclaw /skills/limits-policy-generator/. ~/.openclaw/workspace/skills/limits-policy-generator/
+cp -r ./node_modules/limits-openclaw/skills/limits-policy-generator/. ~/.openclaw/workspace/skills/limits-policy-generator/
 ```
 
 ### Expose tools to the agent
 
-The plugin registers these tools as **optional**. Add the plugin to the agent's tool allowlist (see [Quick Start](#quick-start)) so the agent can call them. Use `"limits-openclaw "` to allow all tools from this plugin, or allow by name: `["limits_generate_create_policy", "limits_generate_update_policy"]`.
+The plugin registers these tools as **optional**. Add the plugin to the agent's tool allowlist (see [Quick Start](#quick-start)) so the agent can call them. Use `"limits-openclaw"` to allow all tools from this plugin, or allow by name: `["limits_generate_create_policy", "limits_generate_update_policy"]`.
 
 ### Sandboxed agents
 
-If the agent runs in a **sandbox**, add `"limits-openclaw "` (or the tool names) to `tools.sandbox.tools.allow` as well so the sandboxed agent can call the policy tools. Otherwise the agent can have the skill but cannot invoke the tools from inside the sandbox.
+If the agent runs in a **sandbox**, add `"limits-openclaw"` (or the tool names) to `tools.sandbox.tools.allow` as well so the sandboxed agent can call the policy tools. Otherwise the agent can have the skill but cannot invoke the tools from inside the sandbox.
 
 ---
 
@@ -190,7 +210,7 @@ If the agent runs in a **sandbox**, add `"limits-openclaw "` (or the tool names)
 {
   "plugins": {
     "entries": {
-      "limits-openclaw ": {
+      "limits-openclaw": {
         "enabled": true,
         "config": {
           "apiToken": "sk_your_organization_api_key",
@@ -253,12 +273,12 @@ Policies are scoped to OpenClaw tool calls using **tags** in the Limits dashboar
 |---------|-------------|
 | `openclaw plugins install <path>` | Install plugin from path. |
 | `openclaw plugins install -l <path>` | Link plugin (no copy, for development). |
-| `openclaw plugins enable "limits-openclaw "` | Enable the plugin. |
+| `openclaw plugins enable "limits-openclaw"` | Enable the plugin. |
 | `openclaw plugins list` | List installed plugins. |
 | `openclaw plugins doctor` | Check plugin health. |
 | `openclaw limits configure` | Interactive wizard to set API token and sandbox allowlist. |
-| `openclaw config get 'plugins.entries["limits-openclaw "]'` | Show plugin config. |
-| `openclaw config set 'plugins.entries["limits-openclaw "].config.apiToken' "sk_..."` | Set apiToken manually. |
+| `openclaw config get 'plugins.entries["limits-openclaw"]'` | Show plugin config. |
+| `openclaw config set 'plugins.entries["limits-openclaw"].config.apiToken' "sk_..."` | Set apiToken manually. |
 
 ---
 
@@ -283,29 +303,29 @@ If you were using the plugin under the old name **limits-enforcer**, update your
 
 | Before | After |
 |--------|-------|
-| Plugin ID / allowlist: `"limits-enforcer"` | `"limits-openclaw "` |
-| Config path: `plugins.entries.limits-enforcer` | `plugins.entries["limits-openclaw "]` |
+| Plugin ID / allowlist: `"limits-enforcer"` | `"limits-openclaw"` |
+| Config path: `plugins.entries.limits-enforcer` | `plugins.entries["limits-openclaw"]` |
 | CLI command: `openclaw limits-enforcer configure` | `openclaw limits configure` |
-| Log prefix: `[limits-enforcer]` | `[limits-openclaw ]` |
+| Log prefix: `[limits-enforcer]` | `[limits-openclaw]` |
 
-After renaming, reinstall the plugin and enable `"limits-openclaw "`.
+After renaming, reinstall the plugin and enable `"limits-openclaw"`.
 
 ---
 
 ## Troubleshooting
 
-- **Config warning "plugin id mismatch (manifest uses 'limits-openclaw ', entry hints 'openclaw')"**  
-  Some OpenClaw gateways install scoped packages under `extensions/openclaw` instead of `extensions/limits-openclaw `. The gateway then infers the plugin id from the folder name (`openclaw`), which does not match the manifest id `limits-openclaw `, so the plugin may not load and `openclaw limits configure` shows **unknown command 'limits'**.
+- **Config warning "plugin id mismatch (manifest uses 'limits-openclaw', entry hints 'openclaw')"**  
+  Some OpenClaw gateways install scoped packages under `extensions/openclaw` instead of `extensions/limits-openclaw`. The gateway then infers the plugin id from the folder name (`openclaw`), which does not match the manifest id `limits-openclaw`, so the plugin may not load and `openclaw limits configure` shows **unknown command 'limits'**.
 
   **Workaround — install under the scoped path so the gateway matches the config entry:**
   ```bash
   # Create the scope directory and install the package there (adjust if you use npm -g or another path)
   mkdir -p ~/.openclaw/extensions/@limits
-  cp -r ./node_modules/limits-openclaw  ~/.openclaw/extensions/@limits/
+  cp -r ./node_modules/limits-openclaw ~/.openclaw/extensions/@limits/
 
   # Tell OpenClaw to load the plugin from that path
-  openclaw plugins install ~/.openclaw/extensions/limits-openclaw 
-  openclaw plugins enable "limits-openclaw "
+  openclaw plugins install ~/.openclaw/extensions/limits-openclaw
+  openclaw plugins enable "limits-openclaw"
   openclaw gateway restart
   ```
   Then run `openclaw limits configure`.
@@ -313,7 +333,7 @@ After renaming, reinstall the plugin and enable `"limits-openclaw "`.
 - **`error: unknown command 'limits'`**  
   The plugin did not load (often due to the id mismatch above). Use the workaround above, or run the configure wizard without the OpenClaw CLI:
   ```bash
-  node node_modules/limits-openclaw /scripts/configure.js
+  node node_modules/limits-openclaw/scripts/configure.js
   ```
   Or from the plugin repo: `npm run configure`.
 
@@ -322,4 +342,4 @@ After renaming, reinstall the plugin and enable `"limits-openclaw "`.
 
 ## License
 
-MIT — [Limits](https://limits.dev) — [GitHub](https://github.com/limitsdev/limits-openclaw )
+MIT — [Limits](https://limits.dev) — [GitHub](https://github.com/limitsdev/limits-openclaw)

package/dist/config.js

@@ -10,7 +10,7 @@ const DEFAULTS = {
     redactLogs: true,
 };
 export function loadConfig(api) {
-    const raw = api.config?.plugins?.entries?.["limits-openclaw "]?.config ?? {};
+    const raw = api.config?.plugins?.entries?.["limits-openclaw"]?.config ?? {};
     // baseUrl defaults to static; not in wizard or schema so users don't edit it (config override only for tests/advanced)
     const baseUrl = raw.baseUrl ?? DEFAULTS.baseUrl;
     const timeoutMs = typeof process.env.LIMITS_ENFORCER_TIMEOUT_MS === "string"

package/dist/configure-wizard.js

@@ -1,10 +1,9 @@
 import { createInterface } from "node:readline";
-import { spawn } from "node:child_process";
 import { dirname, join } from "node:path";
 import { fileURLToPath } from "node:url";
 import fs from "node:fs";
 import os from "node:os";
-const CONFIG_PREFIX = 'plugins.entries["limits-openclaw "].config';
+const CONFIG_PREFIX = 'plugins.entries["limits-openclaw"].config';
 const SKILL_NAME = "limits-policy-generator";
 function getPluginRoot() {
     const currentDir = dirname(fileURLToPath(import.meta.url));
@@ -31,6 +30,71 @@ function copySkillToWorkspace() {
         console.error("\nFailed to copy skill:", err instanceof Error ? err.message : String(err));
     }
 }
+function getConfigFilePath() {
+    return process.env.OPENCLAW_CONFIG || join(os.homedir(), ".openclaw", "openclaw.json");
+}
+function readConfigFile() {
+    try {
+        return JSON.parse(fs.readFileSync(getConfigFilePath(), "utf8"));
+    }
+    catch {
+        return {};
+    }
+}
+function writeConfigFile(cfg) {
+    fs.writeFileSync(getConfigFilePath(), JSON.stringify(cfg, null, 2) + "\n", "utf8");
+}
+function parseConfigPath(path) {
+    const segments = [];
+    const re = /\[["']([^"']+)["']\]|\.?([^.[\]]+)/g;
+    let m;
+    while ((m = re.exec(path)) !== null) {
+        const seg = m[1] ?? m[2];
+        if (seg)
+            segments.push(seg);
+    }
+    return segments;
+}
+function configGet(cfg, path) {
+    let cur = cfg;
+    for (const seg of parseConfigPath(path)) {
+        if (cur == null || typeof cur !== "object")
+            return undefined;
+        cur = cur[seg];
+    }
+    return cur;
+}
+function configSet(cfg, path, value) {
+    const segments = parseConfigPath(path);
+    let cur = cfg;
+    for (let i = 0; i < segments.length - 1; i++) {
+        const seg = segments[i];
+        if (cur[seg] == null || typeof cur[seg] !== "object")
+            cur[seg] = {};
+        cur = cur[seg];
+    }
+    cur[segments[segments.length - 1]] = value;
+}
+function runConfigSet(key, jsonValue) {
+    const fullKey = `${CONFIG_PREFIX}.${key}`;
+    const cfg = readConfigFile();
+    configSet(cfg, fullKey, JSON.parse(jsonValue));
+    writeConfigFile(cfg);
+    console.log(`Updated ${fullKey}.`);
+    return Promise.resolve();
+}
+function runConfigGet(fullKey) {
+    const cfg = readConfigFile();
+    const val = configGet(cfg, fullKey);
+    return Promise.resolve(val !== undefined ? JSON.stringify(val) : "");
+}
+function runConfigSetFull(fullKey, jsonValue) {
+    const cfg = readConfigFile();
+    configSet(cfg, fullKey, JSON.parse(jsonValue));
+    writeConfigFile(cfg);
+    console.log(`Updated ${fullKey}.`);
+    return Promise.resolve();
+}
 export function ask(rl, question, defaultValue = "") {
     const prompt = defaultValue ? `${question} [${defaultValue}]: ` : `${question}: `;
     return new Promise((resolve) => {
@@ -39,41 +103,8 @@ export function ask(rl, question, defaultValue = "") {
         });
     });
 }
-function runConfigSet(key, value) {
-    return new Promise((resolve, reject) => {
-        const fullKey = `${CONFIG_PREFIX}.${key}`;
-        const child = spawn("openclaw", ["config", "set", fullKey, value], {
-            stdio: "inherit",
-            shell: true,
-        });
-        child.on("close", (code) => code === 0 ? resolve() : reject(new Error(`openclaw config set exited ${code}`)));
-        child.on("error", reject);
-    });
-}
-function runConfigGet(fullKey) {
-    return new Promise((resolve) => {
-        const child = spawn("openclaw", ["config", "get", fullKey], {
-            stdio: ["inherit", "pipe", "inherit"],
-            shell: true,
-        });
-        let out = "";
-        child.stdout?.on("data", (d) => (out += d.toString()));
-        child.on("close", () => resolve(out.trim()));
-        child.on("error", () => resolve(""));
-    });
-}
-function runConfigSetFull(fullKey, value) {
-    return new Promise((resolve, reject) => {
-        const child = spawn("openclaw", ["config", "set", fullKey, value], {
-            stdio: "inherit",
-            shell: true,
-        });
-        child.on("close", (code) => code === 0 ? resolve() : reject(new Error(`openclaw config set exited ${code}`)));
-        child.on("error", reject);
-    });
-}
 /**
- * Run the configure wizard (interactive prompts, then openclaw config set).
+ * Run the configure wizard (interactive prompts, then direct config file write).
  * Call this when the user runs `openclaw limits configure` or after link.
  */
 export async function runConfigureWizard() {
@@ -100,18 +131,18 @@ export async function runConfigureWizard() {
                 allow = [];
             }
         }
-        if (allow.includes("limits-openclaw ")) {
-            console.log("\nlimits-openclaw  is already in tools.sandbox.tools.allow, skipping.");
+        if (allow.includes("limits-openclaw")) {
+            console.log("\nlimits-openclaw is already in tools.sandbox.tools.allow, skipping.");
         }
         else {
-            allow.push("limits-openclaw ");
+            allow.push("limits-openclaw");
             await runConfigSetFull(SANDBOX_ALLOW_KEY, JSON.stringify(allow));
-            console.log("\nAdded limits-openclaw  to tools.sandbox.tools.allow.");
+            console.log("\nAdded limits-openclaw to tools.sandbox.tools.allow.");
         }
     }
     const addSkillYes = /^y(es)?$/i.test(addSkillAnswer.trim());
     if (addSkillYes)
         copySkillToWorkspace();
     console.log("\nDone. Restart the gateway if it is running.");
-    console.log('Verify: openclaw config get plugins.entries["limits-openclaw "]\n');
+    console.log('Verify: openclaw config get plugins.entries["limits-openclaw"]\n');
 }

package/dist/index.js

@@ -1,5 +1,5 @@
 /**
- * limits-openclaw : register(api) entrypoint — wires before_tool_call and after_tool_call.
+ * limits-openclaw: register(api) entrypoint — wires before_tool_call and after_tool_call.
  */
 import { loadConfig } from "./config.js";
 import { callEnforce } from "./enforcer.js";
@@ -182,7 +182,7 @@ function registerPolicyTools(api) {
     log("policy-generator tools registered (limits_generate_create_policy, limits_generate_update_policy)");
 }
 export function register(api) {
-    log("limits-openclaw  loaded");
+    log("limits-openclaw loaded");
     if (typeof api.on !== "function") {
         log("api.on not available, hooks not registered");
         return;

package/dist/logger.js

@@ -1,7 +1,7 @@
 /**
- * Safe logger for limits-openclaw . Never logs apiToken, request body, or tool args.
+ * Safe logger for limits-openclaw. Never logs apiToken, request body, or tool args.
  */
-const PREFIX = "[limits-openclaw ]";
+const PREFIX = "[limits-openclaw]";
 export function log(message, ...safeArgs) {
     const safe = safeArgs.map((a) => typeof a === "string" || typeof a === "number" || typeof a === "boolean"
         ? a

package/package.json

@@ -1,6 +1,6 @@
 {
-  "name": "limits-openclaw ",
-  "version": "0.0.11",
+  "name": "limits-openclaw",
+  "version": "0.0.12",
   "description": "Delegates policy enforcement to the Limits platform before and after every tool call.",
   "keywords": [
     "openclaw",