npm - nox-openclaw-hunter - Versions diffs - 1.0.0 - Mend

nox-openclaw-hunter 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (211) hide show

package/LICENSE +21 -0
package/README.md +140 -0
package/bin/nox.js +2 -0
package/dist/branding.d.ts +39 -0
package/dist/branding.d.ts.map +1 -0
package/dist/branding.js +66 -0
package/dist/branding.js.map +1 -0
package/dist/cli.d.ts +15 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +94 -0
package/dist/cli.js.map +1 -0
package/dist/commands/export.d.ts +21 -0
package/dist/commands/export.d.ts.map +1 -0
package/dist/commands/export.js +616 -0
package/dist/commands/export.js.map +1 -0
package/dist/commands/index.d.ts +8 -0
package/dist/commands/index.d.ts.map +1 -0
package/dist/commands/index.js +8 -0
package/dist/commands/index.js.map +1 -0
package/dist/commands/isolate.d.ts +30 -0
package/dist/commands/isolate.d.ts.map +1 -0
package/dist/commands/isolate.js +547 -0
package/dist/commands/isolate.js.map +1 -0
package/dist/commands/purge.d.ts +22 -0
package/dist/commands/purge.d.ts.map +1 -0
package/dist/commands/purge.js +295 -0
package/dist/commands/purge.js.map +1 -0
package/dist/commands/scan.d.ts +23 -0
package/dist/commands/scan.d.ts.map +1 -0
package/dist/commands/scan.js +155 -0
package/dist/commands/scan.js.map +1 -0
package/dist/detector/app-bundle.d.ts +13 -0
package/dist/detector/app-bundle.d.ts.map +1 -0
package/dist/detector/app-bundle.js +27 -0
package/dist/detector/app-bundle.js.map +1 -0
package/dist/detector/cli-binary.d.ts +12 -0
package/dist/detector/cli-binary.d.ts.map +1 -0
package/dist/detector/cli-binary.js +66 -0
package/dist/detector/cli-binary.js.map +1 -0
package/dist/detector/config.d.ts +21 -0
package/dist/detector/config.d.ts.map +1 -0
package/dist/detector/config.js +337 -0
package/dist/detector/config.js.map +1 -0
package/dist/detector/detection-config.d.ts +24 -0
package/dist/detector/detection-config.d.ts.map +1 -0
package/dist/detector/detection-config.js +242 -0
package/dist/detector/detection-config.js.map +1 -0
package/dist/detector/docker.d.ts +10 -0
package/dist/detector/docker.d.ts.map +1 -0
package/dist/detector/docker.js +94 -0
package/dist/detector/docker.js.map +1 -0
package/dist/detector/index.d.ts +50 -0
package/dist/detector/index.d.ts.map +1 -0
package/dist/detector/index.js +155 -0
package/dist/detector/index.js.map +1 -0
package/dist/detector/network.d.ts +34 -0
package/dist/detector/network.d.ts.map +1 -0
package/dist/detector/network.js +205 -0
package/dist/detector/network.js.map +1 -0
package/dist/detector/process.d.ts +16 -0
package/dist/detector/process.d.ts.map +1 -0
package/dist/detector/process.js +47 -0
package/dist/detector/process.js.map +1 -0
package/dist/detector/service.d.ts +17 -0
package/dist/detector/service.d.ts.map +1 -0
package/dist/detector/service.js +51 -0
package/dist/detector/service.js.map +1 -0
package/dist/enforcer/docker-cleaner.d.ts +30 -0
package/dist/enforcer/docker-cleaner.d.ts.map +1 -0
package/dist/enforcer/docker-cleaner.js +163 -0
package/dist/enforcer/docker-cleaner.js.map +1 -0
package/dist/enforcer/file-remover.d.ts +34 -0
package/dist/enforcer/file-remover.d.ts.map +1 -0
package/dist/enforcer/file-remover.js +137 -0
package/dist/enforcer/file-remover.js.map +1 -0
package/dist/enforcer/index.d.ts +33 -0
package/dist/enforcer/index.d.ts.map +1 -0
package/dist/enforcer/index.js +142 -0
package/dist/enforcer/index.js.map +1 -0
package/dist/enforcer/process-killer.d.ts +18 -0
package/dist/enforcer/process-killer.d.ts.map +1 -0
package/dist/enforcer/process-killer.js +80 -0
package/dist/enforcer/process-killer.js.map +1 -0
package/dist/enforcer/service-stopper.d.ts +23 -0
package/dist/enforcer/service-stopper.d.ts.map +1 -0
package/dist/enforcer/service-stopper.js +95 -0
package/dist/enforcer/service-stopper.js.map +1 -0
package/dist/index.d.ts +6 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +10 -0
package/dist/index.js.map +1 -0
package/dist/isolator/firewall.d.ts +25 -0
package/dist/isolator/firewall.d.ts.map +1 -0
package/dist/isolator/firewall.js +114 -0
package/dist/isolator/firewall.js.map +1 -0
package/dist/isolator/index.d.ts +63 -0
package/dist/isolator/index.d.ts.map +1 -0
package/dist/isolator/index.js +201 -0
package/dist/isolator/index.js.map +1 -0
package/dist/isolator/lockdown.d.ts +22 -0
package/dist/isolator/lockdown.d.ts.map +1 -0
package/dist/isolator/lockdown.js +401 -0
package/dist/isolator/lockdown.js.map +1 -0
package/dist/isolator/quarantine.d.ts +39 -0
package/dist/isolator/quarantine.d.ts.map +1 -0
package/dist/isolator/quarantine.js +364 -0
package/dist/isolator/quarantine.js.map +1 -0
package/dist/mdm/index.d.ts +93 -0
package/dist/mdm/index.d.ts.map +1 -0
package/dist/mdm/index.js +414 -0
package/dist/mdm/index.js.map +1 -0
package/dist/mdm/intune.d.ts +69 -0
package/dist/mdm/intune.d.ts.map +1 -0
package/dist/mdm/intune.js +409 -0
package/dist/mdm/intune.js.map +1 -0
package/dist/mdm/jamf.d.ts +58 -0
package/dist/mdm/jamf.d.ts.map +1 -0
package/dist/mdm/jamf.js +441 -0
package/dist/mdm/jamf.js.map +1 -0
package/dist/mdm/jumpcloud.d.ts +73 -0
package/dist/mdm/jumpcloud.d.ts.map +1 -0
package/dist/mdm/jumpcloud.js +470 -0
package/dist/mdm/jumpcloud.js.map +1 -0
package/dist/mdm/templates/detect.ps1.d.ts +30 -0
package/dist/mdm/templates/detect.ps1.d.ts.map +1 -0
package/dist/mdm/templates/detect.ps1.js +463 -0
package/dist/mdm/templates/detect.ps1.js.map +1 -0
package/dist/mdm/templates/detect.sh.d.ts +30 -0
package/dist/mdm/templates/detect.sh.d.ts.map +1 -0
package/dist/mdm/templates/detect.sh.js +474 -0
package/dist/mdm/templates/detect.sh.js.map +1 -0
package/dist/mdm/templates/enforce.ps1.d.ts +33 -0
package/dist/mdm/templates/enforce.ps1.d.ts.map +1 -0
package/dist/mdm/templates/enforce.ps1.js +681 -0
package/dist/mdm/templates/enforce.ps1.js.map +1 -0
package/dist/mdm/templates/enforce.sh.d.ts +33 -0
package/dist/mdm/templates/enforce.sh.d.ts.map +1 -0
package/dist/mdm/templates/enforce.sh.js +591 -0
package/dist/mdm/templates/enforce.sh.js.map +1 -0
package/dist/platform/darwin.d.ts +6 -0
package/dist/platform/darwin.d.ts.map +1 -0
package/dist/platform/darwin.js +192 -0
package/dist/platform/darwin.js.map +1 -0
package/dist/platform/index.d.ts +43 -0
package/dist/platform/index.d.ts.map +1 -0
package/dist/platform/index.js +27 -0
package/dist/platform/index.js.map +1 -0
package/dist/platform/linux.d.ts +6 -0
package/dist/platform/linux.d.ts.map +1 -0
package/dist/platform/linux.js +134 -0
package/dist/platform/linux.js.map +1 -0
package/dist/platform/windows.d.ts +6 -0
package/dist/platform/windows.d.ts.map +1 -0
package/dist/platform/windows.js +134 -0
package/dist/platform/windows.js.map +1 -0
package/dist/reporter/console.d.ts +27 -0
package/dist/reporter/console.d.ts.map +1 -0
package/dist/reporter/console.js +431 -0
package/dist/reporter/console.js.map +1 -0
package/dist/reporter/index.d.ts +11 -0
package/dist/reporter/index.d.ts.map +1 -0
package/dist/reporter/index.js +13 -0
package/dist/reporter/index.js.map +1 -0
package/dist/reporter/json.d.ts +61 -0
package/dist/reporter/json.d.ts.map +1 -0
package/dist/reporter/json.js +75 -0
package/dist/reporter/json.js.map +1 -0
package/dist/reporter/webhook.d.ts +57 -0
package/dist/reporter/webhook.d.ts.map +1 -0
package/dist/reporter/webhook.js +230 -0
package/dist/reporter/webhook.js.map +1 -0
package/dist/types/config.d.ts +116 -0
package/dist/types/config.d.ts.map +1 -0
package/dist/types/config.js +6 -0
package/dist/types/config.js.map +1 -0
package/dist/types/detection.d.ts +85 -0
package/dist/types/detection.d.ts.map +1 -0
package/dist/types/detection.js +5 -0
package/dist/types/detection.js.map +1 -0
package/dist/types/enforcement.d.ts +33 -0
package/dist/types/enforcement.d.ts.map +1 -0
package/dist/types/enforcement.js +5 -0
package/dist/types/enforcement.js.map +1 -0
package/dist/types/index.d.ts +8 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +8 -0
package/dist/types/index.js.map +1 -0
package/dist/types/isolation.d.ts +55 -0
package/dist/types/isolation.d.ts.map +1 -0
package/dist/types/isolation.js +5 -0
package/dist/types/isolation.js.map +1 -0
package/dist/utils/exec.d.ts +48 -0
package/dist/utils/exec.d.ts.map +1 -0
package/dist/utils/exec.js +103 -0
package/dist/utils/exec.js.map +1 -0
package/dist/utils/fs.d.ts +34 -0
package/dist/utils/fs.d.ts.map +1 -0
package/dist/utils/fs.js +111 -0
package/dist/utils/fs.js.map +1 -0
package/dist/utils/index.d.ts +7 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +7 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +14 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +48 -0
package/dist/utils/logger.js.map +1 -0
package/docs/intune.md +390 -0
package/docs/jamf.md +400 -0
package/docs/jumpcloud.md +510 -0
package/package.json +65 -0

package/dist/mdm/templates/enforce.ps1.js ADDED Viewed

@@ -0,0 +1,681 @@
+/**
+ * PowerShell enforcement script template for MDM deployment.
+ * Targets Windows systems.
+ */
+import { VERSION, COMPANY } from '../../branding.js';
+/**
+ * Escape a string for safe use in PowerShell scripts.
+ * Escapes characters that could enable script injection.
+ */
+function escapePowerShellString(str) {
+    // Remove null bytes
+    let escaped = str.replace(/\0/g, '');
+    // Escape backticks (PowerShell escape character)
+    escaped = escaped.replace(/`/g, '``');
+    // Escape dollar signs (variable interpolation)
+    escaped = escaped.replace(/\$/g, '`$');
+    // Escape double quotes
+    escaped = escaped.replace(/"/g, '`"');
+    return escaped;
+}
+/**
+ * Validate URL format for MDM scripts.
+ */
+function validateMdmUrl(url) {
+    try {
+        const parsed = new URL(url);
+        if (!['http:', 'https:'].includes(parsed.protocol)) {
+            throw new Error('Invalid protocol');
+        }
+        return escapePowerShellString(url);
+    }
+    catch {
+        throw new Error(`Invalid webhook URL: ${url}`);
+    }
+}
+/**
+ * Generate enforcement PowerShell script.
+ */
+export function generateEnforcePowerShellScript(options = {}) {
+    const { webhookUrl, webhookToken, gatewayPort = 18789, verbose = false, dryRun = false, quarantine = false, } = options;
+    // Validate and sanitize inputs to prevent script injection
+    const safeWebhookUrl = webhookUrl ? validateMdmUrl(webhookUrl) : undefined;
+    const safeWebhookToken = webhookToken ? escapePowerShellString(webhookToken) : undefined;
+    // Validate gateway port
+    if (gatewayPort < 1 || gatewayPort > 65535 || !Number.isInteger(gatewayPort)) {
+        throw new Error(`Invalid gateway port: ${gatewayPort}`);
+    }
+    const webhookSection = safeWebhookUrl
+        ? `
+# Webhook configuration
+$WebhookUrl = "${safeWebhookUrl}"
+$WebhookToken = "${safeWebhookToken || ''}"
+function Send-Webhook {
+    param(
+        [string]$Status,
+        [string]$Severity,
+        [string]$Details
+    )
+    $payload = @{
+        event = "openclaw.enforcement"
+        version = "1.0"
+        timestamp = (Get-Date).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
+        status = $Status
+        severity = $Severity
+        host = @{
+            hostname = $env:COMPUTERNAME
+            os = "Windows"
+            osVersion = [System.Environment]::OSVersion.VersionString
+            arch = $env:PROCESSOR_ARCHITECTURE
+            user = $env:USERNAME
+            domain = $env:USERDOMAIN
+        }
+        actions = $Details
+        dryRun = $${dryRun ? 'true' : 'false'}
+        source = @{
+            tool = "nox-openclaw-detector"
+            version = "${VERSION}"
+            vendor = "${COMPANY}"
+        }
+    } | ConvertTo-Json -Depth 10
+    try {
+        $headers = @{
+            "Content-Type" = "application/json"
+        }
+        if ($WebhookToken) {
+            $headers["Authorization"] = "Bearer $WebhookToken"
+        }
+        Invoke-RestMethod -Uri $WebhookUrl -Method Post -Headers $headers -Body $payload -TimeoutSec 30 -ErrorAction SilentlyContinue | Out-Null
+    } catch {
+        # Silently ignore webhook errors
+    }
+}
+`
+        : '';
+    const verboseLog = verbose
+        ? `
+function Write-VerboseLog {
+    param([string]$Message)
+    Write-Host "[DEBUG] $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') $Message" -ForegroundColor Gray
+}
+`
+        : `
+function Write-VerboseLog {
+    param([string]$Message)
+    # No-op when not verbose
+}
+`;
+    const quarantineSection = quarantine
+        ? `
+# Quarantine configuration
+$QuarantineBase = "C:\\ProgramData\\NoxQuarantine"
+$QuarantineId = "$(Get-Date -Format 'yyyyMMdd_HHmmss')_$env:USERNAME"
+$QuarantineDir = Join-Path $QuarantineBase $QuarantineId
+function Initialize-Quarantine {
+    if ($DryRun) {
+        Log-Action "[DRY RUN] Would create quarantine directory: $QuarantineDir"
+        return
+    }
+    New-Item -ItemType Directory -Path "$QuarantineDir\\binaries" -Force | Out-Null
+    New-Item -ItemType Directory -Path "$QuarantineDir\\config" -Force | Out-Null
+    New-Item -ItemType Directory -Path "$QuarantineDir\\services" -Force | Out-Null
+    New-Item -ItemType Directory -Path "$QuarantineDir\\registry" -Force | Out-Null
+    # Create manifest
+    $manifest = @{
+        id = $QuarantineId
+        timestamp = (Get-Date).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
+        hostname = $env:COMPUTERNAME
+        user = $env:USERNAME
+        artifacts = @()
+    } | ConvertTo-Json
+    $manifest | Out-File (Join-Path $QuarantineDir "manifest.json") -Encoding UTF8
+    Log-Action "Quarantine directory created: $QuarantineDir"
+}
+function Move-ToQuarantine {
+    param(
+        [string]$Source,
+        [string]$Category
+    )
+    $destDir = Join-Path $QuarantineDir $Category
+    $destPath = Join-Path $destDir (Split-Path $Source -Leaf)
+    if ($DryRun) {
+        Log-Action "[DRY RUN] Would quarantine: $Source -> $destPath"
+        return
+    }
+    if (Test-Path $Source) {
+        try {
+            Move-Item -Path $Source -Destination $destPath -Force -ErrorAction Stop
+            Log-Action "Quarantined: $Source -> $destPath"
+        } catch {
+            # If move fails, try copy and delete
+            Copy-Item -Path $Source -Destination $destPath -Recurse -Force -ErrorAction SilentlyContinue
+            Remove-Item -Path $Source -Recurse -Force -ErrorAction SilentlyContinue
+            Log-Action "Quarantined (via copy): $Source -> $destPath"
+        }
+    }
+}
+`
+        : `
+function Move-ToQuarantine {
+    param(
+        [string]$Source,
+        [string]$Category
+    )
+    # No quarantine, just remove
+    Remove-PathSafely -Path $Source
+}
+`;
+    // Build webhook notification section for main function
+    const webhookNotificationSection = safeWebhookUrl
+        ? `
+    if ($OpenClawDetected) {
+        if ($FailedActions.Count -eq 0) {
+            Send-Webhook -Status "success" -Severity "high" -Details $actionsString
+        } else {
+            Send-Webhook -Status "partial" -Severity "high" -Details $actionsString
+        }
+    } else {
+        Send-Webhook -Status "clean" -Severity "info" -Details "No OpenClaw installation found"
+    }
+    `
+        : '';
+    const dryRunMessage = dryRun
+        ? '    Write-Host "[DRY RUN MODE - No changes will be made]" -ForegroundColor Yellow'
+        : '';
+    const initQuarantine = quarantine ? '    Initialize-Quarantine' : '';
+    const quarantineLocation = quarantine
+        ? '        Write-Host "Quarantine location: $QuarantineDir"'
+        : '';
+    const quarantineOrRemove = quarantine
+        ? 'Move-ToQuarantine -Source $installPath -Category "binaries"'
+        : 'Remove-PathSafely -Path $installPath';
+    const quarantineOrRemoveConfig = quarantine
+        ? 'Move-ToQuarantine -Source $configPath -Category "config"'
+        : 'Remove-PathSafely -Path $configPath';
+    const quarantineOrRemoveOther = quarantine
+        ? 'Move-ToQuarantine -Source $otherConfig -Category "config"'
+        : 'Remove-PathSafely -Path $otherConfig';
+    const blockPortSection = quarantine
+        ? `
+# Block gateway port via Windows Firewall
+function Block-GatewayPort {
+    Log-Action "Blocking gateway port $GatewayPort..."
+    if ($DryRun) {
+        Log-Action "[DRY RUN] Would create firewall rule to block port $GatewayPort"
+        return
+    }
+    try {
+        # Remove existing rule if present
+        Remove-NetFirewallRule -DisplayName "Nox Block OpenClaw" -ErrorAction SilentlyContinue
+        # Create new blocking rule
+        New-NetFirewallRule -DisplayName "Nox Block OpenClaw" -Direction Outbound -Action Block -Protocol TCP -RemotePort $GatewayPort -ErrorAction Stop | Out-Null
+        Log-Action "Created firewall rule to block port $GatewayPort"
+    } catch {
+        Log-Failure "Could not create firewall rule: $_"
+    }
+}
+`
+        : `
+# Block gateway port (disabled - quarantine mode not enabled)
+function Block-GatewayPort {
+    # Port blocking only enabled in quarantine mode
+}
+`;
+    return `<#
+.SYNOPSIS
+    Nox OpenClaw Enforcement Script for Windows
+.DESCRIPTION
+    This script removes OpenClaw AI agent installations from Windows systems.
+    Generated by nox-openclaw-detector v${VERSION}
+    ${COMPANY} - https://nox.security
+    WARNING: This script will remove OpenClaw installations!
+    Run as Administrator for full enforcement capabilities.
+.OUTPUTS
+    Exit Code 0 - Enforcement successful
+    Exit Code 1 - Enforcement partially failed
+    Exit Code 2 - Script error
+    Exit Code 3 - Nothing to enforce (clean system)
+.EXAMPLE
+    .\\enforce-openclaw.ps1
+.NOTES
+    Version: ${VERSION}
+    Author: ${COMPANY}
+#>
+#Requires -Version 5.1
+#Requires -RunAsAdministrator
+[CmdletBinding()]
+param()
+$ErrorActionPreference = "SilentlyContinue"
+# Configuration
+$GatewayPort = ${gatewayPort}
+$DryRun = $${dryRun ? 'true' : 'false'}
+$OpenClawDetected = $false
+$EnforcementActions = [System.Collections.ArrayList]::new()
+$FailedActions = [System.Collections.ArrayList]::new()
+${verboseLog}
+${webhookSection}
+${quarantineSection}
+# Log enforcement action
+function Log-Action {
+    param([string]$Message)
+    $timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
+    Write-Host "[$timestamp] $Message"
+    [void]$script:EnforcementActions.Add($Message)
+}
+# Log failed action
+function Log-Failure {
+    param([string]$Message)
+    $timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
+    Write-Host "[$timestamp] FAILED: $Message" -ForegroundColor Red
+    [void]$script:FailedActions.Add($Message)
+}
+# Remove file or directory safely
+function Remove-PathSafely {
+    param([string]$Path)
+    if (-not (Test-Path $Path)) {
+        return $true
+    }
+    $script:OpenClawDetected = $true
+    if ($DryRun) {
+        Log-Action "[DRY RUN] Would remove: $Path"
+        return $true
+    }
+    try {
+        Remove-Item -Path $Path -Recurse -Force -ErrorAction Stop
+        Log-Action "Removed: $Path"
+        return $true
+    } catch {
+        Log-Failure "Could not remove: $Path - $_"
+        return $false
+    }
+}
+# Check if running as Administrator
+function Test-Administrator {
+    $isAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
+    if (-not $isAdmin) {
+        Write-Host "Warning: Not running as Administrator. Some enforcement actions may fail." -ForegroundColor Yellow
+        Write-Host "For complete enforcement, run PowerShell as Administrator." -ForegroundColor Yellow
+        Write-Host ""
+    }
+    return $isAdmin
+}
+# Kill OpenClaw processes
+function Stop-OpenClawProcesses {
+    Log-Action "Checking for OpenClaw processes..."
+    $processes = Get-Process -Name "*openclaw*" -ErrorAction SilentlyContinue
+    # Also check by command line
+    $wmiProcesses = Get-CimInstance Win32_Process |
+        Where-Object { $_.CommandLine -like "*openclaw*" -or $_.ExecutablePath -like "*openclaw*" }
+    $allPids = @()
+    if ($processes) { $allPids += $processes.Id }
+    if ($wmiProcesses) { $allPids += $wmiProcesses.ProcessId }
+    $allPids = $allPids | Select-Object -Unique
+    if ($allPids.Count -gt 0) {
+        $script:OpenClawDetected = $true
+        if ($DryRun) {
+            Log-Action "[DRY RUN] Would kill processes: $($allPids -join ', ')"
+            return
+        }
+        foreach ($pid in $allPids) {
+            try {
+                Stop-Process -Id $pid -Force -ErrorAction Stop
+                Log-Action "Killed process: $pid"
+            } catch {
+                Log-Failure "Could not kill process: $pid"
+            }
+        }
+    } else {
+        Write-VerboseLog "No OpenClaw processes found"
+    }
+}
+# Stop and remove Windows services
+function Remove-OpenClawServices {
+    Log-Action "Checking for Windows services..."
+    $serviceNames = @(
+        "openclaw",
+        "OpenClawGateway",
+        "bot.molt.gateway"
+    )
+    # Find by name patterns
+    $services = Get-Service -ErrorAction SilentlyContinue |
+        Where-Object { $_.DisplayName -like "*openclaw*" -or $_.Name -like "*openclaw*" -or $serviceNames -contains $_.Name }
+    foreach ($service in $services) {
+        $script:OpenClawDetected = $true
+        if ($DryRun) {
+            Log-Action "[DRY RUN] Would stop and remove service: $($service.Name)"
+            continue
+        }
+        try {
+            # Stop the service
+            if ($service.Status -ne 'Stopped') {
+                Stop-Service -Name $service.Name -Force -ErrorAction Stop
+                Log-Action "Stopped service: $($service.Name)"
+            }
+            # Delete the service
+            $result = sc.exe delete $service.Name 2>&1
+            if ($LASTEXITCODE -eq 0) {
+                Log-Action "Removed service: $($service.Name)"
+            } else {
+                Log-Failure "Could not remove service: $($service.Name)"
+            }
+        } catch {
+            Log-Failure "Error handling service $($service.Name): $_"
+        }
+    }
+}
+# Remove CLI binaries and installation directories
+function Remove-OpenClawBinaries {
+    Log-Action "Checking for CLI binaries..."
+    $installPaths = @(
+        "$env:LOCALAPPDATA\\Programs\\openclaw",
+        "$env:ProgramFiles\\OpenClaw",
+        "\${env:ProgramFiles(x86)}\\OpenClaw",
+        "$env:USERPROFILE\\AppData\\Local\\Programs\\openclaw",
+        "$env:USERPROFILE\\.local\\bin\\openclaw.exe"
+    )
+    foreach ($installPath in $installPaths) {
+        if (Test-Path $installPath) {
+            $script:OpenClawDetected = $true
+            ${quarantineOrRemove}
+        }
+    }
+}
+# Remove configuration directories
+function Remove-OpenClawConfig {
+    Log-Action "Checking for configuration directories..."
+    $configPaths = @(
+        "$env:USERPROFILE\\.openclaw",
+        "$env:APPDATA\\OpenClaw",
+        "$env:LOCALAPPDATA\\OpenClaw"
+    )
+    foreach ($configPath in $configPaths) {
+        if (Test-Path $configPath) {
+            $script:OpenClawDetected = $true
+            ${quarantineOrRemoveConfig}
+        }
+    }
+    # Check other user profiles (requires admin)
+    if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
+        $userProfiles = Get-ChildItem "C:\\Users" -Directory -ErrorAction SilentlyContinue |
+            Where-Object { $_.Name -notin @("Public", "Default", "Default User", "All Users") }
+        foreach ($profile in $userProfiles) {
+            $otherConfigPaths = @(
+                (Join-Path $profile.FullName ".openclaw"),
+                (Join-Path $profile.FullName "AppData\\Roaming\\OpenClaw"),
+                (Join-Path $profile.FullName "AppData\\Local\\OpenClaw")
+            )
+            foreach ($otherConfig in $otherConfigPaths) {
+                if ((Test-Path $otherConfig) -and ($otherConfig -ne "$env:USERPROFILE\\.openclaw")) {
+                    $script:OpenClawDetected = $true
+                    ${quarantineOrRemoveOther}
+                }
+            }
+        }
+    }
+}
+# Remove scheduled tasks
+function Remove-OpenClawScheduledTasks {
+    Log-Action "Checking for scheduled tasks..."
+    try {
+        $tasks = Get-ScheduledTask -ErrorAction SilentlyContinue |
+            Where-Object { $_.TaskName -like "*openclaw*" -or $_.TaskPath -like "*openclaw*" }
+        foreach ($task in $tasks) {
+            $script:OpenClawDetected = $true
+            if ($DryRun) {
+                Log-Action "[DRY RUN] Would remove scheduled task: $($task.TaskName)"
+                continue
+            }
+            try {
+                Unregister-ScheduledTask -TaskName $task.TaskName -Confirm:$false -ErrorAction Stop
+                Log-Action "Removed scheduled task: $($task.TaskName)"
+            } catch {
+                Log-Failure "Could not remove scheduled task: $($task.TaskName)"
+            }
+        }
+    } catch {
+        Write-VerboseLog "Error checking scheduled tasks: $_"
+    }
+}
+# Remove registry entries
+function Remove-OpenClawRegistry {
+    Log-Action "Checking for registry entries..."
+    $registryPaths = @(
+        "HKLM:\\SOFTWARE\\OpenClaw",
+        "HKCU:\\SOFTWARE\\OpenClaw",
+        "HKLM:\\SOFTWARE\\WOW6432Node\\OpenClaw"
+    )
+    foreach ($regPath in $registryPaths) {
+        if (Test-Path $regPath) {
+            $script:OpenClawDetected = $true
+            if ($DryRun) {
+                Log-Action "[DRY RUN] Would remove registry key: $regPath"
+                continue
+            }
+            try {
+                Remove-Item -Path $regPath -Recurse -Force -ErrorAction Stop
+                Log-Action "Removed registry key: $regPath"
+            } catch {
+                Log-Failure "Could not remove registry key: $regPath"
+            }
+        }
+    }
+    # Remove startup entries
+    $runKeys = @(
+        "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
+        "HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
+    )
+    foreach ($runKey in $runKeys) {
+        try {
+            $entries = Get-ItemProperty $runKey -ErrorAction SilentlyContinue
+            $entries.PSObject.Properties | Where-Object { $_.Value -like "*openclaw*" } | ForEach-Object {
+                $script:OpenClawDetected = $true
+                if ($DryRun) {
+                    Log-Action "[DRY RUN] Would remove startup entry: $($_.Name) from $runKey"
+                    return
+                }
+                try {
+                    Remove-ItemProperty -Path $runKey -Name $_.Name -Force -ErrorAction Stop
+                    Log-Action "Removed startup entry: $($_.Name)"
+                } catch {
+                    Log-Failure "Could not remove startup entry: $($_.Name)"
+                }
+            }
+        } catch {}
+    }
+}
+# Clean Docker artifacts
+function Remove-OpenClawDocker {
+    $dockerCmd = Get-Command "docker" -ErrorAction SilentlyContinue
+    if (-not $dockerCmd) {
+        return
+    }
+    Log-Action "Checking for Docker artifacts..."
+    try {
+        # Stop and remove containers
+        $containers = docker ps -a --filter "name=openclaw" --format "{{.ID}}" 2>$null
+        if ($containers) {
+            $script:OpenClawDetected = $true
+            if ($DryRun) {
+                Log-Action "[DRY RUN] Would remove Docker containers: $($containers -join ', ')"
+            } else {
+                foreach ($container in $containers) {
+                    docker stop $container 2>$null
+                    docker rm -f $container 2>$null
+                    Log-Action "Removed Docker container: $container"
+                }
+            }
+        }
+        # Remove images
+        $images = docker images --filter "reference=*openclaw*" --format "{{.ID}}" 2>$null
+        if ($images) {
+            $script:OpenClawDetected = $true
+            if ($DryRun) {
+                Log-Action "[DRY RUN] Would remove Docker images: $($images -join ', ')"
+            } else {
+                foreach ($image in $images) {
+                    docker rmi -f $image 2>$null
+                    Log-Action "Removed Docker image: $image"
+                }
+            }
+        }
+    } catch {
+        Write-VerboseLog "Error cleaning Docker artifacts: $_"
+    }
+}
+${blockPortSection}
+# Main enforcement routine
+function Invoke-Enforcement {
+    Write-Host "==============================================" -ForegroundColor Cyan
+    Write-Host "Nox OpenClaw Enforcement" -ForegroundColor Cyan
+    Write-Host "==============================================" -ForegroundColor Cyan
+${dryRunMessage}
+    Write-Host ""
+    Test-Administrator | Out-Null
+${initQuarantine}
+    # Execute enforcement actions in order
+    Stop-OpenClawProcesses
+    Remove-OpenClawServices
+    Remove-OpenClawBinaries
+    Remove-OpenClawConfig
+    Remove-OpenClawScheduledTasks
+    Remove-OpenClawRegistry
+    Remove-OpenClawDocker
+    Block-GatewayPort
+    # Compile results
+    $actionsString = if ($EnforcementActions.Count -gt 0) { $EnforcementActions -join "; " } else { "" }
+    Write-Host ""
+    Write-Host "==============================================" -ForegroundColor Cyan
+    Write-Host "Enforcement Summary" -ForegroundColor Cyan
+    Write-Host "==============================================" -ForegroundColor Cyan
+    # Send webhook notification
+${webhookNotificationSection}
+    if (-not $OpenClawDetected) {
+        Write-Host "No OpenClaw installation detected. System is clean." -ForegroundColor Green
+        exit 3
+    } elseif ($FailedActions.Count -gt 0) {
+        Write-Host "Enforcement partially completed with $($FailedActions.Count) failures:" -ForegroundColor Yellow
+        foreach ($failure in $FailedActions) {
+            Write-Host "  - $failure" -ForegroundColor Yellow
+        }
+        exit 1
+    } else {
+        Write-Host "Enforcement completed successfully." -ForegroundColor Green
+        Write-Host "Actions taken: $($EnforcementActions.Count)"
+${quarantineLocation}
+        exit 0
+    }
+}
+# Run main function
+try {
+    Invoke-Enforcement
+} catch {
+    Write-Host "Enforcement error: $_" -ForegroundColor Red
+    exit 2
+}
+`;
+}
+/**
+ * Get script metadata for documentation.
+ */
+export function getEnforcePowerShellMetadata() {
+    return {
+        filename: 'enforce-openclaw.ps1',
+        extension: '.ps1',
+        platform: 'windows',
+        description: 'PowerShell enforcement script for Windows',
+        requirements: ['PowerShell 5.1+', 'Administrator privileges', 'Windows 8/Server 2012 or later'],
+        exitCodes: {
+            0: 'Enforcement successful',
+            1: 'Enforcement partially failed',
+            2: 'Script error',
+            3: 'Nothing to enforce (clean system)',
+        },
+    };
+}
+//# sourceMappingURL=enforce.ps1.js.map

package/dist/mdm/templates/enforce.ps1.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"enforce.ps1.js","sourceRoot":"","sources":["../../../src/mdm/templates/enforce.ps1.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAWrD;;;GAGG;AACH,SAAS,sBAAsB,CAAC,GAAW;IACzC,oBAAoB;IACpB,IAAI,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACrC,iDAAiD;IACjD,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACtC,+CAA+C;IAC/C,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACvC,uBAAuB;IACvB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACtC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;QACD,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,+BAA+B,CAAC,UAAoC,EAAE;IACpF,MAAM,EACJ,UAAU,EACV,YAAY,EACZ,WAAW,GAAG,KAAK,EACnB,OAAO,GAAG,KAAK,EACf,MAAM,GAAG,KAAK,EACd,UAAU,GAAG,KAAK,GACnB,GAAG,OAAO,CAAC;IAEZ,2DAA2D;IAC3D,MAAM,cAAc,GAAG,UAAU,CAAC,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC3E,MAAM,gBAAgB,GAAG,YAAY,CAAC,CAAC,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEzF,wBAAwB;IACxB,IAAI,WAAW,GAAG,CAAC,IAAI,WAAW,GAAG,KAAK,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,yBAAyB,WAAW,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,cAAc,GAAG,cAAc;QACnC,CAAC,CAAC;;iBAEW,cAAc;mBACZ,gBAAgB,IAAI,EAAE;;;;;;;;;;;;;;;;;;;;;;;;oBAwBrB,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;;;yBAGpB,OAAO;wBACR,OAAO;;;;;;;;;;;;;;;;;CAiB9B;QACG,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,UAAU,GAAG,OAAO;QACxB,CAAC,CAAC;;;;;CAKL;QACG,CAAC,CAAC;;;;;CAKL,CAAC;IAEA,MAAM,iBAAiB,GAAG,UAAU;QAClC,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyDL;QACG,CAAC,CAAC;;;;;;;;;CASL,CAAC;IAEA,uDAAuD;IACvD,MAAM,0BAA0B,GAAG,cAAc;QAC/C,CAAC,CAAC;;;;;;;;;;KAUD;QACD,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,aAAa,GAAG,MAAM;QAC1B,CAAC,CAAC,mFAAmF;QACrF,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,cAAc,GAAG,UAAU,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,EAAE,CAAC;IAErE,MAAM,kBAAkB,GAAG,UAAU;QACnC,CAAC,CAAC,0DAA0D;QAC5D,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,kBAAkB,GAAG,UAAU;QACnC,CAAC,CAAC,6DAA6D;QAC/D,CAAC,CAAC,sCAAsC,CAAC;IAE3C,MAAM,wBAAwB,GAAG,UAAU;QACzC,CAAC,CAAC,0DAA0D;QAC5D,CAAC,CAAC,qCAAqC,CAAC;IAE1C,MAAM,uBAAuB,GAAG,UAAU;QACxC,CAAC,CAAC,2DAA2D;QAC7D,CAAC,CAAC,sCAAsC,CAAC;IAE3C,MAAM,gBAAgB,GAAG,UAAU;QACjC,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;CAsBL;QACG,CAAC,CAAC;;;;;CAKL,CAAC;IAEA,OAAO;;;;;;0CAMiC,OAAO;MAC3C,OAAO;;;;;;;;;;;;;;;eAeE,OAAO;cACR,OAAO;;;;;;;;;;;;iBAYJ,WAAW;aACf,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;;;;EAIpC,UAAU;EACV,cAAc;EACd,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAmJL,kBAAkB;;;;;;;;;;;;;;;;;;cAkBlB,wBAAwB;;;;;;;;;;;;;;;;;;;sBAmBhB,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuI3C,gBAAgB;;;;;;;EAOhB,aAAa;;;;;EAKb,cAAc;;;;;;;;;;;;;;;;;;;;;EAqBd,0BAA0B;;;;;;;;;;;;;;EAc1B,kBAAkB;;;;;;;;;;;;CAYnB,CAAC;AACF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B;IAC1C,OAAO;QACL,QAAQ,EAAE,sBAAsB;QAChC,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,2CAA2C;QACxD,YAAY,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,EAAE,gCAAgC,CAAC;QAC/F,SAAS,EAAE;YACT,CAAC,EAAE,wBAAwB;YAC3B,CAAC,EAAE,8BAA8B;YACjC,CAAC,EAAE,cAAc;YACjB,CAAC,EAAE,mCAAmC;SACvC;KACF,CAAC;AACJ,CAAC"}