openclaw-core 1.0.0

package/dist/harness/AgentEvaluator.js

@@ -0,0 +1,117 @@
+import * as acorn from "acorn";
+import { SAMLIntent } from "../common/protocols/SAML.js";
+function walkAST(node, callback) {
+    if (!node || typeof node !== "object")
+        return;
+    const n = node;
+    if (typeof n.type === "string") {
+        callback(n);
+    }
+    for (const key in n) {
+        if (Object.prototype.hasOwnProperty.call(n, key)) {
+            const child = n[key];
+            if (Array.isArray(child)) {
+                for (const item of child)
+                    walkAST(item, callback);
+            }
+            else if (child && typeof child === "object") {
+                walkAST(child, callback);
+            }
+        }
+    }
+}
+export class ByzantineFaultError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "ByzantineFaultError";
+    }
+}
+export class AgentEvaluator {
+    constructor() { }
+    async audit(request, enforceBoundary = true) {
+        console.log(`⚖️ [AgentEvaluator] Initiating Dual-Pass BFT Audit for spec: ${request.specHash}`);
+        if (request.harness && request.tools) {
+            console.log("🔍 [AgentEvaluator] Pass 1 (Dynamic): Executing behavioral dry-run...");
+            try {
+                const dryRunEnvelope = {
+                    version: "SAML/1.0",
+                    sender_did: "did:internal:evaluator",
+                    recipient_did: "did:internal:harness",
+                    vector: {
+                        intent: SAMLIntent.QUERY,
+                        budget_ceiling: 0,
+                        deadline_ts: Date.now() + 1000,
+                        slash_ratio: 0
+                    },
+                    payload: {},
+                    signature: "DRY_RUN_SIG",
+                    nonce: "DRY_RUN_NONCE",
+                    timestamp: Date.now()
+                };
+                const dryRunResult = await request.harness.execute(dryRunEnvelope, request.tools, request.generatedCode);
+                if (request.specHash.includes("buy") && !JSON.stringify(dryRunResult).toLowerCase().includes("tx")) {
+                    throw new Error("Behavioral anomaly detected: Intent was BUY but result lacks transaction data.");
+                }
+                console.log("✅ [AgentEvaluator] Pass 1 (Dynamic): Behavior Approved.");
+            }
+            catch (err) {
+                const errMsg = err instanceof Error ? err.message : String(err);
+                throw new ByzantineFaultError(`Dynamic Pass Failed: Behavioral Dry-Run Crashed (${errMsg}). Code is hallucinatory.`);
+            }
+        }
+        else if (request.testResults) {
+            if (!request.testResults.pass || request.testResults.coverage < 80) {
+                throw new ByzantineFaultError(`Dynamic Pass Failed: External tests failed or coverage too low (${request.testResults.coverage}%).`);
+            }
+            console.log("✅ [AgentEvaluator] Pass 1 (Dynamic): Approved via external results.");
+        }
+        else {
+            console.log("⚠️ [AgentEvaluator] Pass 1 (Dynamic): Skeletal Skip. No harness or evaluation context provided.");
+        }
+        let ast;
+        try {
+            ast = acorn.parse(request.generatedCode, {
+                ecmaVersion: 2022,
+                sourceType: "module",
+                allowReturnOutsideFunction: true,
+            });
+        }
+        catch (err) {
+            const errMsg = err instanceof Error ? err.message : String(err);
+            throw new ByzantineFaultError(`Static Pass Failed: Code parsing error (${errMsg}). Hallucination detected.`);
+        }
+        if (!ast || ast.body.length === 0) {
+            throw new ByzantineFaultError("Static Pass Failed: Empty AST structure, hallucination detected.");
+        }
+        const imports = [];
+        walkAST(ast, (node) => {
+            if (node.type === "ImportDeclaration" && typeof node.source?.value === "string") {
+                imports.push(node.source.value);
+            }
+            if (node.type === "CallExpression" && node.callee?.type === "Import" && Array.isArray(node.arguments) && node.arguments.length > 0) {
+                const arg = node.arguments[0];
+                if (arg?.type === "Literal" && typeof arg.value === "string") {
+                    imports.push(arg.value);
+                }
+            }
+            if (node.type === "CallExpression" && node.callee?.type === "Identifier" && node.callee.name === "require" && Array.isArray(node.arguments) && node.arguments.length > 0) {
+                const arg = node.arguments[0];
+                if (arg?.type === "Literal" && typeof arg.value === "string") {
+                    imports.push(arg.value);
+                }
+            }
+        });
+        if (enforceBoundary) {
+            const forbiddenDomains = ["shield", "finance", "brain", "resonance", "economy"];
+            for (const imp of imports) {
+                for (const fd of forbiddenDomains) {
+                    if (imp.includes(`/${fd}/`) || imp === fd) {
+                        throw new ByzantineFaultError(`Static Pass Failed: Boundary violation. Agent code cannot directly import physical domain: ${fd}.`);
+                    }
+                }
+            }
+        }
+        console.log("✅ [AgentEvaluator] Pass 2 (Static AST): Approved.");
+        return true;
+    }
+}

package/dist/harness/AgentEvaluator.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/harness/AgentEvaluator.test.js

@@ -0,0 +1,46 @@
+import { describe, it, expect } from "vitest";
+import { AgentEvaluator, ByzantineFaultError } from "./AgentEvaluator.js";
+const passingRequest = {
+    specHash: "abc123",
+    generatedCode: 'import { foo } from "openclaw-core"; console.log(foo);',
+    testResults: { pass: true, coverage: 85 }
+};
+describe("AgentEvaluator", () => {
+    it("应当对通过测试的高覆盖率代码批准审计", () => {
+        const evaluator = new AgentEvaluator();
+        const result = evaluator.audit(passingRequest);
+        expect(result).toBe(true);
+    });
+    it("应当对覆盖率低于 80% 的代码拒绝", () => {
+        const evaluator = new AgentEvaluator();
+        const request = { ...passingRequest, testResults: { pass: true, coverage: 70 } };
+        expect(() => evaluator.audit(request)).toThrow(ByzantineFaultError);
+    });
+    it("应当对测试失败的代码拒绝", () => {
+        const evaluator = new AgentEvaluator();
+        const request = { ...passingRequest, testResults: { pass: false, coverage: 90 } };
+        expect(() => evaluator.audit(request)).toThrow(ByzantineFaultError);
+    });
+    it("应当对越界导入物理域的代码拒绝", () => {
+        const evaluator = new AgentEvaluator();
+        const request = {
+            ...passingRequest,
+            generatedCode: 'import { AccessToken } from "../../shield/SovereignSandbox";\nconsole.log(AccessToken);'
+        };
+        expect(() => evaluator.audit(request)).toThrow(ByzantineFaultError);
+    });
+    it("应当在指定 enforceBoundary=false 时允许物理域导入", () => {
+        const evaluator = new AgentEvaluator();
+        const request = {
+            ...passingRequest,
+            generatedCode: 'import { AccessToken } from "../../shield/SovereignSandbox";\nconsole.log(AccessToken);'
+        };
+        const result = evaluator.audit(request, false);
+        expect(result).toBe(true);
+    });
+    it("应当对幻觉空 AST 拒绝", () => {
+        const evaluator = new AgentEvaluator();
+        const request = { ...passingRequest, generatedCode: '// nothing here' };
+        expect(() => evaluator.audit(request)).toThrow(ByzantineFaultError);
+    });
+});

package/dist/harness/AgenticHarness.d.ts

@@ -0,0 +1,14 @@
+import { SAMLEnvelope } from "../common/protocols/SAML.js";
+export interface HarnessContext {
+    intent: SAMLEnvelope;
+    tools: Record<string, unknown>;
+    memory: unknown[];
+}
+export declare class ScriptExecutionTimeout extends Error {
+    constructor(message: string);
+}
+export declare class AgenticHarness {
+    private sandbox;
+    constructor();
+    execute(intent: SAMLEnvelope, tools: Record<string, unknown>, generatedCode: string, maxRetries?: number): Promise<unknown>;
+}

package/dist/harness/AgenticHarness.js

@@ -0,0 +1,56 @@
+import vm from "node:vm";
+export class ScriptExecutionTimeout extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "ScriptExecutionTimeout";
+    }
+}
+export class AgenticHarness {
+    sandbox;
+    constructor() {
+        this.sandbox = vm.createContext({
+            console: {
+                log: (...args) => console.log("[Harness Sandbox]", ...args),
+                error: (...args) => console.error("[Harness Sandbox Error]", ...args),
+                warn: (...args) => console.warn("[Harness Sandbox Warn]", ...args)
+            },
+            Buffer: Buffer,
+        });
+    }
+    async execute(intent, tools, generatedCode, maxRetries = 3) {
+        let retries = 0;
+        let lastError = null;
+        let activeCode = generatedCode;
+        const executionContext = {
+            ...this.sandbox,
+            intent,
+            tools
+        };
+        vm.createContext(executionContext);
+        while (retries < maxRetries) {
+            try {
+                const scriptBody = `
+                    (async () => {
+                        ${activeCode}
+                    })();
+                `;
+                const script = new vm.Script(scriptBody);
+                const result = await script.runInContext(executionContext, { timeout: 5000 });
+                return result;
+            }
+            catch (err) {
+                const errMsg = err instanceof Error ? err.message : String(err);
+                retries++;
+                lastError = err instanceof Error ? err : new Error(errMsg);
+                console.warn(`⚠️ [AgenticHarness] Execution failed (Attempt ${retries}/${maxRetries}): ${errMsg}`);
+                if (errMsg.includes("Script execution timed out")) {
+                    throw new ScriptExecutionTimeout("Agent execution blocked by 5000ms timeout hardware kill.");
+                }
+                if (retries >= maxRetries)
+                    break;
+                throw err;
+            }
+        }
+        throw new Error(`AgenticHarness Autopoiesis Limit Reached. Last Error: ${lastError?.message}`);
+    }
+}

package/dist/harness/AgenticHarness.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/harness/AgenticHarness.test.js

@@ -0,0 +1,24 @@
+import { describe, it, expect } from "vitest";
+import { AgenticHarness } from "./AgenticHarness.js";
+describe("AgenticHarness", () => {
+    it("应当能在沙盒中调用注入的工具", async () => {
+        const harness = new AgenticHarness();
+        const log = [];
+        const tools = {
+            record: (msg) => log.push(msg),
+        };
+        const code = `tools.record("harness_test_ok");`;
+        await harness.execute({}, tools, code);
+        expect(log).toContain("harness_test_ok");
+    });
+    it("应当在 5000ms 超时时触发报错", async () => {
+        const harness = new AgenticHarness();
+        const code = `while(true) {}`;
+        await expect(harness.execute({}, {}, code)).rejects.toThrow();
+    }, 8000);
+    it("应当阻止沙盒访问 require", async () => {
+        const harness = new AgenticHarness();
+        const code = `const fs = require("fs");`;
+        await expect(harness.execute({}, {}, code)).rejects.toThrow();
+    });
+});

package/dist/index.d.ts

@@ -0,0 +1,24 @@
+export { BaseStateStore } from "./store/BaseStore.js";
+export type { AgentIdentityBase } from "./store/BaseStore.js";
+export { NullDLPManager, NullLedgerPlugin, NullVaultPlugin, NullEvolutionPlugin, NullAegisPlugin, NullEscrowPlugin, defaultPlugins, } from "./interfaces/index.js";
+export type { IDLPManager, ILedgerPlugin, IVaultPlugin, IEvolutionPlugin, IAegisPlugin, IEscrowPlugin, PluginName, PluginMap, DLPCheckResult, DLPSeverity, AegisAction, AegisDecision, EscrowContract, EscrowStatus, } from "./interfaces/index.js";
+export { SignalManager } from "./resonance/SignalManager.js";
+export type { Signal, TrustedPeer } from "./resonance/SignalManager.js";
+export { MemoryManager } from "./brain/MemoryManager.js";
+export type { MemoryFragment, MemoryQuery } from "./brain/MemoryManager.js";
+export { parseSAML, signSAML, verifySAML, buildSAMLEnvelope, SAMLIntent, } from "./common/protocols/SAML.js";
+export type { SAMLEnvelope, SAMLVector } from "./common/protocols/SAML.js";
+export { PeerRegistry } from "./services/PeerRegistry.js";
+export { PeerDiscovery } from "./services/PeerDiscovery.js";
+export type { PeerNode, HandshakePayload, HandshakeResponse, OutboxMessage, } from "./services/PeerRegistry.js";
+export type { DiscoveredNode } from "./services/PeerDiscovery.js";
+export { BoundaryChecker } from "./common/lib/BoundaryChecker.js";
+export { VectorStore } from "./common/lib/VectorStore.js";
+export type { VectorEntry } from "./common/lib/VectorStore.js";
+export { EmbeddingService, DevEmbeddingProvider } from "./common/lib/EmbeddingService.js";
+export type { IEmbeddingProvider } from "./common/lib/EmbeddingService.js";
+export { AgentEvaluator, ByzantineFaultError } from "./harness/AgentEvaluator.js";
+export type { CodeAuditRequest } from "./harness/AgentEvaluator.js";
+export { AgenticHarness } from "./harness/AgenticHarness.js";
+export type { HarnessContext } from "./harness/AgenticHarness.js";
+export declare const OPENCLAW_CORE_VERSION = "1.1.0";

package/dist/index.js

@@ -0,0 +1,13 @@
+export { BaseStateStore } from "./store/BaseStore.js";
+export { NullDLPManager, NullLedgerPlugin, NullVaultPlugin, NullEvolutionPlugin, NullAegisPlugin, NullEscrowPlugin, defaultPlugins, } from "./interfaces/index.js";
+export { SignalManager } from "./resonance/SignalManager.js";
+export { MemoryManager } from "./brain/MemoryManager.js";
+export { parseSAML, signSAML, verifySAML, buildSAMLEnvelope, SAMLIntent, } from "./common/protocols/SAML.js";
+export { PeerRegistry } from "./services/PeerRegistry.js";
+export { PeerDiscovery } from "./services/PeerDiscovery.js";
+export { BoundaryChecker } from "./common/lib/BoundaryChecker.js";
+export { VectorStore } from "./common/lib/VectorStore.js";
+export { EmbeddingService, DevEmbeddingProvider } from "./common/lib/EmbeddingService.js";
+export { AgentEvaluator, ByzantineFaultError } from "./harness/AgentEvaluator.js";
+export { AgenticHarness } from "./harness/AgenticHarness.js";
+export const OPENCLAW_CORE_VERSION = "1.1.0";

package/dist/interfaces/index.d.ts

@@ -0,0 +1,170 @@
+export type DLPSeverity = 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
+export interface DLPCheckResult {
+    clean: boolean;
+    violations: Array<{
+        pattern: string;
+        severity: DLPSeverity;
+        matchedText: string;
+    }>;
+    sanitizedContent?: string;
+}
+export interface IDLPManager {
+    check(content: string): Promise<DLPCheckResult>;
+    addKeyword(keyword: string, severity: DLPSeverity): Promise<void>;
+    addRegex(pattern: string, severity: DLPSeverity): Promise<void>;
+    addPathRule(path: string): Promise<void>;
+    removeRule(pattern: string): Promise<void>;
+    getRules(): Promise<{
+        keywords: string[];
+        regexes: string[];
+        paths: string[];
+    }>;
+    getViolations(limit: number): Promise<any[]>;
+}
+export declare class NullDLPManager implements IDLPManager {
+    check(_content: string): Promise<DLPCheckResult>;
+    addKeyword(): Promise<void>;
+    addRegex(): Promise<void>;
+    addPathRule(): Promise<void>;
+    removeRule(): Promise<void>;
+    getRules(): Promise<{
+        keywords: never[];
+        regexes: never[];
+        paths: never[];
+    }>;
+    getViolations(_limit: number): Promise<never[]>;
+}
+export interface ILedgerPlugin {
+    transfer(from: string, to: string, amount: number, reason: string): Promise<{
+        txId: string;
+    }>;
+    getBalance(did: string): Promise<number>;
+    initAccount(did: string, initialBalance: number): Promise<void>;
+}
+export declare class NullLedgerPlugin implements ILedgerPlugin {
+    transfer(_from: string, _to: string, _amount: number, _reason: string): Promise<{
+        txId: string;
+    }>;
+    getBalance(_did: string): Promise<number>;
+    initAccount(_did: string, _balance: number): Promise<void>;
+}
+export interface IVaultPlugin {
+    set(key: string, value: string): Promise<void>;
+    get(key: string): Promise<string | null>;
+    delete(key: string): Promise<void>;
+    rotate(key: string): Promise<string>;
+}
+export declare class NullVaultPlugin implements IVaultPlugin {
+    private store;
+    set(key: string, value: string): Promise<void>;
+    get(key: string): Promise<string | null>;
+    delete(key: string): Promise<void>;
+    rotate(_key: string): Promise<string>;
+}
+export interface IEvolutionPlugin {
+    reflect(agentDid: string): Promise<void>;
+    sedimentate(db: any, memory: {
+        agent_id: string;
+        content: string;
+        importance: number;
+        tags: string[];
+        type: string;
+        linked_ids: string[];
+    }): Promise<void>;
+    getEvolutionStats(agentDid: string): Promise<{
+        wisdom_level: number;
+        success_rate: number;
+    }>;
+}
+export declare class NullEvolutionPlugin implements IEvolutionPlugin {
+    reflect(_did: string): Promise<void>;
+    sedimentate(_db: any, _mem: any): Promise<void>;
+    getEvolutionStats(_did: string): Promise<{
+        wisdom_level: number;
+        success_rate: number;
+    }>;
+}
+export type AegisAction = 'ALLOW' | 'BLOCK' | 'THROTTLE';
+export interface AegisDecision {
+    action: AegisAction;
+    reason?: string;
+    score: number;
+}
+export interface IAegisPlugin {
+    inspect(signal: {
+        type: string;
+        payload: any;
+        sourceId: string;
+    }): Promise<AegisDecision>;
+    addRule(rule: {
+        pattern: string;
+        action: 'BLOCK' | 'THROTTLE';
+        priority: number;
+    }): Promise<void>;
+    removeRule(pattern: string): Promise<void>;
+    getRules(): Promise<Array<{
+        pattern: string;
+        action: string;
+        priority: number;
+    }>>;
+    getStats(): Promise<{
+        blocked: number;
+        throttled: number;
+        allowed: number;
+    }>;
+}
+export declare class NullAegisPlugin implements IAegisPlugin {
+    inspect(_signal: any): Promise<AegisDecision>;
+    addRule(): Promise<void>;
+    removeRule(): Promise<void>;
+    getRules(): Promise<never[]>;
+    getStats(): Promise<{
+        blocked: number;
+        throttled: number;
+        allowed: number;
+    }>;
+}
+export interface EscrowContract {
+    fromDid: string;
+    toDid: string;
+    amount: number;
+    conditions: string[];
+    expiresAt?: Date;
+}
+export interface EscrowStatus {
+    id: string;
+    status: 'LOCKED' | 'RELEASED' | 'DISPUTED' | 'EXPIRED';
+    txId?: string;
+    releasedAt?: Date;
+}
+export interface IEscrowPlugin {
+    lock(contract: EscrowContract): Promise<string>;
+    release(contractId: string, releaserDid: string): Promise<EscrowStatus>;
+    dispute(contractId: string, disputerDid: string, evidence: string): Promise<void>;
+    getContract(contractId: string): Promise<EscrowContract | null>;
+    listActiveContracts(did: string): Promise<Array<EscrowContract & {
+        id: string;
+    }>>;
+}
+export declare class NullEscrowPlugin implements IEscrowPlugin {
+    private contracts;
+    lock(contract: EscrowContract): Promise<string>;
+    release(contractId: string, _releaserDid: string): Promise<EscrowStatus>;
+    dispute(_contractId: string, _disputerDid: string, _evidence: string): Promise<void>;
+    getContract(contractId: string): Promise<(EscrowContract & {
+        id: string;
+    }) | null>;
+    listActiveContracts(did: string): Promise<(EscrowContract & {
+        id: string;
+    })[]>;
+}
+export type PluginName = 'dlp' | 'ledger' | 'vault' | 'evolution' | 'aegis' | 'escrow';
+export interface PluginMap {
+    dlp: IDLPManager;
+    ledger: ILedgerPlugin;
+    vault: IVaultPlugin;
+    evolution: IEvolutionPlugin;
+    aegis: IAegisPlugin;
+    escrow: IEscrowPlugin;
+}
+export declare const defaultPlugins: PluginMap;

package/dist/interfaces/index.js

@@ -0,0 +1,65 @@
+export class NullDLPManager {
+    async check(_content) {
+        return { clean: true, violations: [] };
+    }
+    async addKeyword() { }
+    async addRegex() { }
+    async addPathRule() { }
+    async removeRule() { }
+    async getRules() { return { keywords: [], regexes: [], paths: [] }; }
+    async getViolations(_limit) { return []; }
+}
+export class NullLedgerPlugin {
+    async transfer(_from, _to, _amount, _reason) {
+        console.warn('[OpenClaw] Economy plugin not installed. Install @lobster/economy-engine for real settlements.');
+        return { txId: `null-tx-${Date.now()}` };
+    }
+    async getBalance(_did) { return 0; }
+    async initAccount(_did, _balance) { }
+}
+export class NullVaultPlugin {
+    store = new Map();
+    async set(key, value) { this.store.set(key, value); }
+    async get(key) { return this.store.get(key) ?? null; }
+    async delete(key) { this.store.delete(key); }
+    async rotate(_key) { return ''; }
+}
+export class NullEvolutionPlugin {
+    async reflect(_did) { }
+    async sedimentate(_db, _mem) { }
+    async getEvolutionStats(_did) { return { wisdom_level: 1, success_rate: 1.0 }; }
+}
+export class NullAegisPlugin {
+    async inspect(_signal) {
+        return { action: 'ALLOW', score: 0 };
+    }
+    async addRule() { }
+    async removeRule() { }
+    async getRules() { return []; }
+    async getStats() { return { blocked: 0, throttled: 0, allowed: 0 }; }
+}
+export class NullEscrowPlugin {
+    contracts = new Map();
+    async lock(contract) {
+        const id = `null-escrow-${Date.now()}`;
+        this.contracts.set(id, { ...contract, id });
+        return id;
+    }
+    async release(contractId, _releaserDid) {
+        this.contracts.delete(contractId);
+        return { id: contractId, status: 'RELEASED', releasedAt: new Date() };
+    }
+    async dispute(_contractId, _disputerDid, _evidence) { }
+    async getContract(contractId) { return this.contracts.get(contractId) ?? null; }
+    async listActiveContracts(did) {
+        return Array.from(this.contracts.values()).filter(c => c.fromDid === did || c.toDid === did);
+    }
+}
+export const defaultPlugins = {
+    dlp: new NullDLPManager(),
+    ledger: new NullLedgerPlugin(),
+    vault: new NullVaultPlugin(),
+    evolution: new NullEvolutionPlugin(),
+    aegis: new NullAegisPlugin(),
+    escrow: new NullEscrowPlugin(),
+};

package/dist/resonance/SignalManager.d.ts

@@ -0,0 +1,39 @@
+import { EventEmitter } from "node:events";
+export interface Signal {
+    id: string;
+    from: string;
+    to: string;
+    type: string;
+    payload: unknown;
+    signature: string;
+    timestamp: number;
+    encrypted?: boolean;
+}
+export interface TrustedPeer {
+    did: string;
+    publicKey: string;
+    addedAt: number;
+}
+export interface ISignalDatabase {
+    query(sql: string, vars?: Record<string, unknown>): Promise<any>;
+}
+export declare class SignalManager extends EventEmitter {
+    private agentDid;
+    private privateKey;
+    private trustedPeers;
+    private groups;
+    private db;
+    private memory;
+    constructor(agentDid: string, memory?: unknown, db?: ISignalDatabase);
+    setAgentId(did: string): void;
+    setPrivateKey(pk: string): void;
+    private sign;
+    private verify;
+    sendTo(targetDid: string, type: string, payload: unknown): Promise<Signal>;
+    sendSecure(targetDid: string, content: string): Promise<Signal>;
+    addTrustedPeer(did: string, publicKey: string): Promise<void>;
+    removePeer(did: string): void;
+    joinGroup(groupId: string): Promise<void>;
+    sync(since: number): Promise<Signal[]>;
+    queryAuditLogs(limit?: number): Promise<unknown[]>;
+}