openclaw-air-trust 0.2.0

package/LICENSE

@@ -0,0 +1,15 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,138 @@
+# openclaw-air-trust
+
+**The EU AI Act compliance plugin for OpenClaw** — tamper-evident audit trails, consent gating, data tokenization, and prompt injection detection for autonomous AI agents.
+
+[![npm](https://img.shields.io/npm/v/openclaw-air-trust)](https://www.npmjs.com/package/openclaw-air-trust)
+[![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+
+## Why This Exists
+
+OpenClaw agents can read your email, execute shell commands, send messages, and manage files — autonomously. When something goes wrong, there's no tamper-evident record of what happened, no approval gate for destructive actions, and no protection against prompt injection attacks.
+
+This plugin fixes that. EU AI Act enforcement begins **August 2026**. This is the compliance layer.
+
+## Install
+
+```bash
+npm install openclaw-air-trust
+```
+
+Then add to your OpenClaw config:
+
+```json
+{
+  "plugins": ["openclaw-air-trust"]
+}
+```
+
+## What It Does
+
+| Capability | What It Does | EU AI Act Article |
+|---|---|---|
+| **Audit Ledger** | HMAC-SHA256 tamper-evident chain of every action | Article 12 (Record-Keeping) |
+| **Consent Gate** | Blocks destructive tools until user approves | Article 14 (Human Oversight) |
+| **Data Vault** | Tokenizes API keys, PII, credentials before they reach the LLM | Article 10 (Data Governance) |
+| **Injection Detector** | Scores inbound messages for 15+ prompt injection patterns | Article 15 (Cybersecurity) |
+| **Risk Classifier** | Classifies every tool by risk level (CRITICAL/HIGH/MEDIUM/LOW) | Article 9 (Risk Management) |
+| **Compliance Scanner** | Checks agent code against all 6 EU AI Act articles | Articles 9-15 |
+
+## Plugin Tools
+
+Once installed, these tools are available to your OpenClaw agent:
+
+| Tool | Description |
+|---|---|
+| `air_audit_status` | Get audit chain length, validity, and time range |
+| `air_verify_chain` | Verify tamper-evident chain integrity |
+| `air_scan_injection` | Scan text for prompt injection patterns |
+| `air_classify_risk` | Classify a tool by EU AI Act risk level |
+| `air_export_audit` | Export the full audit chain as JSON |
+| `air_compliance_check` | Run EU AI Act compliance check on code |
+
+## How It Works
+
+### Audit Ledger (Article 12)
+
+Every tool call, LLM interaction, consent decision, and injection detection gets appended to a tamper-evident chain:
+
+```
+Entry 1 → hash₁ ──┐
+Entry 2 → hash₂ (prevHash = hash₁) ──┐
+Entry 3 → hash₃ (prevHash = hash₂) ──┐
+```
+
+Each entry is signed with HMAC-SHA256. Modifying any record breaks the entire chain downstream.
+
+### Consent Gate (Article 14)
+
+When the agent tries to call a destructive tool, the consent gate intercepts and sends an approval request. Risk classification is built-in: critical (code execution), high (file writes, deploys), medium (network/email), low (reads).
+
+### Data Vault (Article 10)
+
+Before tool arguments or context reaches the LLM, the vault scans for sensitive patterns and replaces them with opaque tokens. 14 built-in patterns: OpenAI/Anthropic/AWS/GitHub/Stripe keys, emails, phone numbers, SSNs, credit cards, connection strings, bearer tokens, private keys, and password assignments.
+
+### Injection Detector (Article 15)
+
+Scans inbound messages for 15+ prompt injection patterns: role override, identity hijacking, privilege escalation, safety bypass, jailbreak, data exfiltration, encoding evasion, and more. Three sensitivity levels (low/medium/high) control which patterns are active.
+
+## Configuration
+
+```json
+{
+  "plugins": {
+    "openclaw-air-trust": {
+      "enabled": true,
+      "gatewayUrl": "https://your-air-gateway.example.com",
+      "gatewayKey": "your-api-key",
+      "consentGateEnabled": true,
+      "consentAlwaysRequire": "exec,spawn,shell,deploy",
+      "consentRiskThreshold": "high",
+      "consentTimeoutMs": 30000,
+      "injectionEnabled": true,
+      "injectionSensitivity": "medium",
+      "injectionBlockThreshold": 0.8,
+      "vaultEnabled": true
+    }
+  }
+}
+```
+
+## Standalone Usage
+
+You can also use the components directly without OpenClaw:
+
+```typescript
+import { createAirTrustPlugin } from 'openclaw-air-trust/standalone';
+
+const trust = createAirTrustPlugin({
+  enabled: true,
+  consentGate: { enabled: true, alwaysRequire: ['exec', 'deploy'] },
+  injectionDetection: { enabled: true, sensitivity: 'medium', blockThreshold: 0.8 },
+});
+```
+
+## Part of the AIR Blackbox Ecosystem
+
+| Package | What It Does |
+|---|---|
+| [air-blackbox-mcp](https://github.com/airblackbox/air-blackbox-mcp) | MCP server for Claude Desktop — 10 compliance tools |
+| [air-langchain-trust](https://pypi.org/project/air-langchain-trust/) | Python trust layer for LangChain agents |
+| [air-crewai-trust](https://pypi.org/project/air-crewai-trust/) | Python trust layer for CrewAI agents |
+| [air-autogen-trust](https://pypi.org/project/air-autogen-trust/) | Python trust layer for AutoGen agents |
+| **openclaw-air-trust** | ← You are here |
+
+Learn more at [airblackbox.ai](https://airblackbox.ai)
+
+## Development
+
+```bash
+git clone https://github.com/airblackbox/openclaw-air-trust.git
+cd openclaw-air-trust
+npm install
+npm run build
+npm test
+```
+
+## License
+
+Apache 2.0

package/dist/audit-ledger.d.ts

@@ -0,0 +1,56 @@
+/**
+ * openclaw-air-trust — Audit Ledger
+ *
+ * Tamper-evident action log using HMAC-SHA256 chaining.
+ * Each entry includes the hash of the previous entry, creating
+ * a blockchain-style chain. Modifying any entry breaks the chain.
+ *
+ * Supports local persistence and non-blocking forwarding to
+ * the AIR Blackbox gateway.
+ */
+import { AuditEntry, AuditLedgerConfig, ChainVerification, RiskLevel } from './types';
+export declare class AuditLedger {
+    private entries;
+    private secret;
+    private lastHash;
+    private sequence;
+    private config;
+    private gatewayUrl?;
+    private gatewayKey?;
+    constructor(config: AuditLedgerConfig, gatewayUrl?: string, gatewayKey?: string);
+    /**
+     * Append an action to the audit chain.
+     * Returns the signed entry.
+     */
+    append(params: {
+        action: string;
+        toolName?: string;
+        riskLevel: RiskLevel;
+        consentRequired: boolean;
+        consentGranted?: boolean;
+        dataTokenized: boolean;
+        injectionDetected: boolean;
+        metadata?: Record<string, unknown>;
+    }): AuditEntry;
+    /**
+     * Verify the integrity of the entire chain.
+     * Walks entries in order, checking prevHash linkage and HMAC signatures.
+     */
+    verify(): ChainVerification;
+    /** Get the N most recent entries */
+    getRecent(n?: number): AuditEntry[];
+    /** Export all entries */
+    export(): AuditEntry[];
+    /** Chain stats */
+    stats(): {
+        totalEntries: number;
+        chainValid: boolean;
+        earliest?: string;
+        latest?: string;
+    };
+    private loadChain;
+    private saveChain;
+    private forwardEntry;
+    private ensureDir;
+}
+//# sourceMappingURL=audit-ledger.d.ts.map

package/dist/audit-ledger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-ledger.d.ts","sourceRoot":"","sources":["../src/audit-ledger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,EACL,UAAU,EACV,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,EACV,MAAM,SAAS,CAAC;AAIjB,qBAAa,WAAW;IACtB,OAAO,CAAC,OAAO,CAAoB;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,QAAQ,CAAwB;IACxC,OAAO,CAAC,QAAQ,CAAa;IAC7B,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,UAAU,CAAC,CAAS;IAC5B,OAAO,CAAC,UAAU,CAAC,CAAS;gBAG1B,MAAM,EAAE,iBAAiB,EACzB,UAAU,CAAC,EAAE,MAAM,EACnB,UAAU,CAAC,EAAE,MAAM;IAoBrB;;;OAGG;IACH,MAAM,CAAC,MAAM,EAAE;QACb,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,SAAS,CAAC;QACrB,eAAe,EAAE,OAAO,CAAC;QACzB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,EAAE,OAAO,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,GAAG,UAAU;IA+Dd;;;OAGG;IACH,MAAM,IAAI,iBAAiB;IAmE3B,oCAAoC;IACpC,SAAS,CAAC,CAAC,GAAE,MAAW,GAAG,UAAU,EAAE;IAIvC,yBAAyB;IACzB,MAAM,IAAI,UAAU,EAAE;IAItB,kBAAkB;IAClB,KAAK,IAAI;QACP,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,EAAE,OAAO,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB;IAYD,OAAO,CAAC,SAAS;IAiBjB,OAAO,CAAC,SAAS;YAWH,YAAY;IAa1B,OAAO,CAAC,SAAS;CAMlB"}

package/dist/audit-ledger.js

@@ -0,0 +1,230 @@
+"use strict";
+/**
+ * openclaw-air-trust — Audit Ledger
+ *
+ * Tamper-evident action log using HMAC-SHA256 chaining.
+ * Each entry includes the hash of the previous entry, creating
+ * a blockchain-style chain. Modifying any entry breaks the chain.
+ *
+ * Supports local persistence and non-blocking forwarding to
+ * the AIR Blackbox gateway.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditLedger = void 0;
+const crypto_1 = require("crypto");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const GENESIS_HASH = '0000000000000000000000000000000000000000000000000000000000000000';
+class AuditLedger {
+    entries = [];
+    secret;
+    lastHash = GENESIS_HASH;
+    sequence = 0;
+    config;
+    gatewayUrl;
+    gatewayKey;
+    constructor(config, gatewayUrl, gatewayKey) {
+        this.config = config;
+        this.gatewayUrl = gatewayUrl;
+        this.gatewayKey = gatewayKey;
+        // Load or generate HMAC key
+        const keyPath = config.localPath.replace(/\.json$/, '') + '.key';
+        if ((0, fs_1.existsSync)(keyPath)) {
+            this.secret = Buffer.from((0, fs_1.readFileSync)(keyPath, 'utf-8').trim(), 'hex');
+        }
+        else {
+            this.secret = (0, crypto_1.randomBytes)(32);
+            this.ensureDir(keyPath);
+            (0, fs_1.writeFileSync)(keyPath, this.secret.toString('hex'), { mode: 0o600 });
+        }
+        // Load existing chain
+        this.loadChain();
+    }
+    /**
+     * Append an action to the audit chain.
+     * Returns the signed entry.
+     */
+    append(params) {
+        this.sequence++;
+        const entry = {
+            id: (0, crypto_1.randomUUID)(),
+            sequence: this.sequence,
+            hash: '', // computed below
+            prevHash: this.lastHash,
+            signature: '', // computed below
+            timestamp: new Date().toISOString(),
+            action: params.action,
+            toolName: params.toolName,
+            riskLevel: params.riskLevel,
+            consentRequired: params.consentRequired,
+            consentGranted: params.consentGranted,
+            dataTokenized: params.dataTokenized,
+            injectionDetected: params.injectionDetected,
+            metadata: params.metadata ?? {},
+        };
+        // Compute content hash (everything except hash, signature, prevHash)
+        const contentForHash = JSON.stringify({
+            id: entry.id,
+            sequence: entry.sequence,
+            timestamp: entry.timestamp,
+            action: entry.action,
+            toolName: entry.toolName,
+            riskLevel: entry.riskLevel,
+            consentRequired: entry.consentRequired,
+            consentGranted: entry.consentGranted,
+            dataTokenized: entry.dataTokenized,
+            injectionDetected: entry.injectionDetected,
+            metadata: entry.metadata,
+        });
+        entry.hash = (0, crypto_1.createHash)('sha256').update(contentForHash).digest('hex');
+        // HMAC signature chains this entry to the previous one
+        const sigPayload = `${entry.sequence}|${entry.id}|${entry.hash}|${entry.prevHash}`;
+        entry.signature = (0, crypto_1.createHmac)('sha256', this.secret)
+            .update(sigPayload)
+            .digest('hex');
+        this.lastHash = entry.hash;
+        this.entries.push(entry);
+        // Trim if over max
+        if (this.config.maxEntries > 0 && this.entries.length > this.config.maxEntries) {
+            this.entries = this.entries.slice(-this.config.maxEntries);
+        }
+        // Persist locally
+        this.saveChain();
+        // Non-blocking forward to gateway
+        if (this.config.forwardToGateway && this.gatewayUrl) {
+            this.forwardEntry(entry).catch(() => {
+                // Silent fail — gateway forwarding is best-effort
+            });
+        }
+        return entry;
+    }
+    /**
+     * Verify the integrity of the entire chain.
+     * Walks entries in order, checking prevHash linkage and HMAC signatures.
+     */
+    verify() {
+        if (this.entries.length === 0) {
+            return { valid: true, totalEntries: 0 };
+        }
+        let expectedPrevHash = GENESIS_HASH;
+        for (const entry of this.entries) {
+            // Check prevHash linkage
+            if (entry.prevHash !== expectedPrevHash) {
+                return {
+                    valid: false,
+                    totalEntries: this.entries.length,
+                    brokenAtSequence: entry.sequence,
+                    brokenAtId: entry.id,
+                    reason: `prevHash mismatch at sequence ${entry.sequence}`,
+                };
+            }
+            // Recompute content hash
+            const contentForHash = JSON.stringify({
+                id: entry.id,
+                sequence: entry.sequence,
+                timestamp: entry.timestamp,
+                action: entry.action,
+                toolName: entry.toolName,
+                riskLevel: entry.riskLevel,
+                consentRequired: entry.consentRequired,
+                consentGranted: entry.consentGranted,
+                dataTokenized: entry.dataTokenized,
+                injectionDetected: entry.injectionDetected,
+                metadata: entry.metadata,
+            });
+            const computedHash = (0, crypto_1.createHash)('sha256').update(contentForHash).digest('hex');
+            if (entry.hash !== computedHash) {
+                return {
+                    valid: false,
+                    totalEntries: this.entries.length,
+                    brokenAtSequence: entry.sequence,
+                    brokenAtId: entry.id,
+                    reason: `Content hash mismatch at sequence ${entry.sequence}`,
+                };
+            }
+            // Verify HMAC signature
+            const sigPayload = `${entry.sequence}|${entry.id}|${entry.hash}|${entry.prevHash}`;
+            const expectedSig = (0, crypto_1.createHmac)('sha256', this.secret)
+                .update(sigPayload)
+                .digest('hex');
+            if (entry.signature !== expectedSig) {
+                return {
+                    valid: false,
+                    totalEntries: this.entries.length,
+                    brokenAtSequence: entry.sequence,
+                    brokenAtId: entry.id,
+                    reason: `Signature mismatch at sequence ${entry.sequence}`,
+                };
+            }
+            expectedPrevHash = entry.hash;
+        }
+        return { valid: true, totalEntries: this.entries.length };
+    }
+    /** Get the N most recent entries */
+    getRecent(n = 50) {
+        return this.entries.slice(-n);
+    }
+    /** Export all entries */
+    export() {
+        return [...this.entries];
+    }
+    /** Chain stats */
+    stats() {
+        const verification = this.verify();
+        return {
+            totalEntries: this.entries.length,
+            chainValid: verification.valid,
+            earliest: this.entries[0]?.timestamp,
+            latest: this.entries[this.entries.length - 1]?.timestamp,
+        };
+    }
+    // ─── Private Methods ────────────────────────────────────────
+    loadChain() {
+        if ((0, fs_1.existsSync)(this.config.localPath)) {
+            try {
+                const raw = (0, fs_1.readFileSync)(this.config.localPath, 'utf-8');
+                const data = JSON.parse(raw);
+                this.entries = data.entries ?? [];
+                this.sequence = data.sequence ?? 0;
+                this.lastHash = data.lastHash ?? GENESIS_HASH;
+            }
+            catch {
+                // Corrupted file — start fresh
+                this.entries = [];
+                this.sequence = 0;
+                this.lastHash = GENESIS_HASH;
+            }
+        }
+    }
+    saveChain() {
+        this.ensureDir(this.config.localPath);
+        const data = {
+            entries: this.entries,
+            sequence: this.sequence,
+            lastHash: this.lastHash,
+            savedAt: new Date().toISOString(),
+        };
+        (0, fs_1.writeFileSync)(this.config.localPath, JSON.stringify(data, null, 2));
+    }
+    async forwardEntry(entry) {
+        if (!this.gatewayUrl)
+            return;
+        const url = `${this.gatewayUrl}/v1/audit`;
+        await fetch(url, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                ...(this.gatewayKey ? { Authorization: `Bearer ${this.gatewayKey}` } : {}),
+            },
+            body: JSON.stringify(entry),
+        });
+    }
+    ensureDir(filePath) {
+        const dir = (0, path_1.dirname)(filePath);
+        if (!(0, fs_1.existsSync)(dir)) {
+            (0, fs_1.mkdirSync)(dir, { recursive: true });
+        }
+    }
+}
+exports.AuditLedger = AuditLedger;
+//# sourceMappingURL=audit-ledger.js.map

package/dist/audit-ledger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-ledger.js","sourceRoot":"","sources":["../src/audit-ledger.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAEH,mCAAyE;AACzE,2BAAwE;AACxE,+BAA+B;AAQ/B,MAAM,YAAY,GAAG,kEAAkE,CAAC;AAExF,MAAa,WAAW;IACd,OAAO,GAAiB,EAAE,CAAC;IAC3B,MAAM,CAAS;IACf,QAAQ,GAAW,YAAY,CAAC;IAChC,QAAQ,GAAW,CAAC,CAAC;IACrB,MAAM,CAAoB;IAC1B,UAAU,CAAU;IACpB,UAAU,CAAU;IAE5B,YACE,MAAyB,EACzB,UAAmB,EACnB,UAAmB;QAEnB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAE7B,4BAA4B;QAC5B,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC;QACjE,IAAI,IAAA,eAAU,EAAC,OAAO,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAA,iBAAY,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;QAC1E,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;YAC9B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YACxB,IAAA,kBAAa,EAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACvE,CAAC;QAED,sBAAsB;QACtB,IAAI,CAAC,SAAS,EAAE,CAAC;IACnB,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,MASN;QACC,IAAI,CAAC,QAAQ,EAAE,CAAC;QAEhB,MAAM,KAAK,GAAe;YACxB,EAAE,EAAE,IAAA,mBAAU,GAAE;YAChB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,IAAI,EAAE,EAAE,EAAE,iBAAiB;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,SAAS,EAAE,EAAE,EAAE,iBAAiB;YAChC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;YAC3C,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;SAChC,CAAC;QAEF,qEAAqE;QACrE,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC;YACpC,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,eAAe,EAAE,KAAK,CAAC,eAAe;YACtC,cAAc,EAAE,KAAK,CAAC,cAAc;YACpC,aAAa,EAAE,KAAK,CAAC,aAAa;YAClC,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;YAC1C,QAAQ,EAAE,KAAK,CAAC,QAAQ;SACzB,CAAC,CAAC;QACH,KAAK,CAAC,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEvE,uDAAuD;QACvD,MAAM,UAAU,GAAG,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,EAAE,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACnF,KAAK,CAAC,SAAS,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC;aAChD,MAAM,CAAC,UAAU,CAAC;aAClB,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjB,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEzB,mBAAmB;QACnB,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YAC/E,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC7D,CAAC;QAED,kBAAkB;QAClB,IAAI,CAAC,SAAS,EAAE,CAAC;QAEjB,kCAAkC;QAClC,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpD,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;gBAClC,kDAAkD;YACpD,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACH,MAAM;QACJ,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE,CAAC;QAC1C,CAAC;QAED,IAAI,gBAAgB,GAAG,YAAY,CAAC;QAEpC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,yBAAyB;YACzB,IAAI,KAAK,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;gBACxC,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;oBACjC,gBAAgB,EAAE,KAAK,CAAC,QAAQ;oBAChC,UAAU,EAAE,KAAK,CAAC,EAAE;oBACpB,MAAM,EAAE,iCAAiC,KAAK,CAAC,QAAQ,EAAE;iBAC1D,CAAC;YACJ,CAAC;YAED,yBAAyB;YACzB,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC;gBACpC,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,eAAe,EAAE,KAAK,CAAC,eAAe;gBACtC,cAAc,EAAE,KAAK,CAAC,cAAc;gBACpC,aAAa,EAAE,KAAK,CAAC,aAAa;gBAClC,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;gBAC1C,QAAQ,EAAE,KAAK,CAAC,QAAQ;aACzB,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAE/E,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAChC,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;oBACjC,gBAAgB,EAAE,KAAK,CAAC,QAAQ;oBAChC,UAAU,EAAE,KAAK,CAAC,EAAE;oBACpB,MAAM,EAAE,qCAAqC,KAAK,CAAC,QAAQ,EAAE;iBAC9D,CAAC;YACJ,CAAC;YAED,wBAAwB;YACxB,MAAM,UAAU,GAAG,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,EAAE,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnF,MAAM,WAAW,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC;iBAClD,MAAM,CAAC,UAAU,CAAC;iBAClB,MAAM,CAAC,KAAK,CAAC,CAAC;YAEjB,IAAI,KAAK,CAAC,SAAS,KAAK,WAAW,EAAE,CAAC;gBACpC,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;oBACjC,gBAAgB,EAAE,KAAK,CAAC,QAAQ;oBAChC,UAAU,EAAE,KAAK,CAAC,EAAE;oBACpB,MAAM,EAAE,kCAAkC,KAAK,CAAC,QAAQ,EAAE;iBAC3D,CAAC;YACJ,CAAC;YAED,gBAAgB,GAAG,KAAK,CAAC,IAAI,CAAC;QAChC,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;IAC5D,CAAC;IAED,oCAAoC;IACpC,SAAS,CAAC,IAAY,EAAE;QACtB,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAChC,CAAC;IAED,yBAAyB;IACzB,MAAM;QACJ,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED,kBAAkB;IAClB,KAAK;QAMH,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QACnC,OAAO;YACL,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;YACjC,UAAU,EAAE,YAAY,CAAC,KAAK;YAC9B,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,SAAS;YACpC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,SAAS;SACzD,CAAC;IACJ,CAAC;IAED,+DAA+D;IAEvD,SAAS;QACf,IAAI,IAAA,eAAU,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,iBAAY,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBACzD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC7B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;gBAClC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC;gBACnC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,YAAY,CAAC;YAChD,CAAC;YAAC,MAAM,CAAC;gBACP,+BAA+B;gBAC/B,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;gBAClB,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;gBAClB,IAAI,CAAC,QAAQ,GAAG,YAAY,CAAC;YAC/B,CAAC;QACH,CAAC;IACH,CAAC;IAEO,SAAS;QACf,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG;YACX,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SAClC,CAAC;QACF,IAAA,kBAAa,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACtE,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,KAAiB;QAC1C,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,OAAO;QAC7B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,UAAU,WAAW,CAAC;QAC1C,MAAM,KAAK,CAAC,GAAG,EAAE;YACf,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC3E;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;SAC5B,CAAC,CAAC;IACL,CAAC;IAEO,SAAS,CAAC,QAAgB;QAChC,MAAM,GAAG,GAAG,IAAA,cAAO,EAAC,QAAQ,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAA,eAAU,EAAC,GAAG,CAAC,EAAE,CAAC;YACrB,IAAA,cAAS,EAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;CACF;AA9PD,kCA8PC"}

package/dist/consent-gate.d.ts

@@ -0,0 +1,47 @@
+/**
+ * openclaw-air-trust — Consent Gate
+ *
+ * Intercepts destructive or sensitive tool calls and holds them
+ * pending user approval. Classifies tools by risk level and
+ * sends approval requests through OpenClaw's messaging channel.
+ *
+ * Flow:
+ * 1. before_tool_call fires
+ * 2. ConsentGate checks if tool requires consent
+ * 3. If yes: sends approval message, waits for response
+ * 4. If approved: tool executes normally
+ * 5. If rejected/timeout: tool call is blocked
+ * 6. All decisions are logged to the audit ledger
+ */
+import { ConsentGateConfig, ConsentRequest, RiskLevel, ToolCallEvent, ToolCallResult, PluginContext } from './types';
+import { AuditLedger } from './audit-ledger';
+export declare class ConsentGate {
+    private config;
+    private ledger;
+    private pendingRequests;
+    constructor(config: ConsentGateConfig, ledger: AuditLedger);
+    /**
+     * Classify risk level for a tool.
+     */
+    classifyRisk(toolName: string): RiskLevel;
+    /**
+     * Check if a tool call requires consent.
+     */
+    requiresConsent(toolName: string): boolean;
+    /**
+     * Intercept a tool call. If consent is needed, block until approved.
+     * Returns a ToolCallResult indicating whether the call should proceed.
+     */
+    intercept(event: ToolCallEvent, ctx: PluginContext): Promise<ToolCallResult>;
+    /**
+     * Handle a user response to a consent request.
+     * Call this when the user sends "approve <id>" or "reject <id>".
+     */
+    handleResponse(consentId: string, approved: boolean): boolean;
+    /**
+     * Format a human-readable consent message.
+     */
+    formatConsentMessage(request: ConsentRequest): string;
+    private waitForApproval;
+}
+//# sourceMappingURL=consent-gate.d.ts.map

package/dist/consent-gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"consent-gate.d.ts","sourceRoot":"","sources":["../src/consent-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,SAAS,EAET,aAAa,EACb,cAAc,EACd,aAAa,EACd,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAqC7C,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,eAAe,CAGR;gBAEH,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW;IAK1D;;OAEG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS;IAazC;;OAEG;IACH,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAY1C;;;OAGG;IACG,SAAS,CACb,KAAK,EAAE,aAAa,EACpB,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,cAAc,CAAC;IAwD1B;;;OAGG;IACH,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,GAAG,OAAO;IAS7D;;OAEG;IACH,oBAAoB,CAAC,OAAO,EAAE,cAAc,GAAG,MAAM;IAgCrD,OAAO,CAAC,eAAe;CAexB"}