openclaw-guardian 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/llm-voter.d.ts +18 -5
- package/dist/src/llm-voter.d.ts.map +1 -1
- package/dist/src/llm-voter.js +67 -33
- package/dist/src/llm-voter.js.map +1 -1
- package/package.json +4 -3
package/dist/src/llm-voter.d.ts
CHANGED
|
@@ -2,9 +2,22 @@
|
|
|
2
2
|
* LLM voter — calls a lightweight model to check if user explicitly requested/confirmed
|
|
3
3
|
* the flagged operation. Single job: "Did the user ask for this?"
|
|
4
4
|
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
5
|
+
* v0.2.0: Uses OpenClaw's typed OpenClawConfig to read provider config.
|
|
6
|
+
*
|
|
7
|
+
* WHY NOT a standard SDK LLM interface:
|
|
8
|
+
* The OpenClaw plugin SDK (as of 2026-02) does NOT expose a high-level
|
|
9
|
+
* `api.llm()` or `api.createCompletion()` method for plugins. The plugin
|
|
10
|
+
* receives `api.config: OpenClawConfig`, which contains the typed
|
|
11
|
+
* `models.providers` map. We read provider credentials from that typed
|
|
12
|
+
* structure instead of doing raw `Record<string, any>` parsing.
|
|
13
|
+
*
|
|
14
|
+
* This approach:
|
|
15
|
+
* 1. Uses the SDK's own `ModelProviderConfig` type — fully typed, no guessing
|
|
16
|
+
* 2. Supports providers that put auth in `headers` (not just `apiKey`)
|
|
17
|
+
* 3. Supports providers using `authHeader: false` (e.g. custom header auth)
|
|
18
|
+
* 4. Falls back gracefully for AWS Bedrock or OAuth providers (logs skip reason)
|
|
7
19
|
*/
|
|
20
|
+
import type { OpenClawConfig } from "openclaw/plugin-sdk";
|
|
8
21
|
export type Vote = {
|
|
9
22
|
voter: number;
|
|
10
23
|
confirmed: boolean;
|
|
@@ -16,10 +29,10 @@ export type VoteResult = {
|
|
|
16
29
|
votes?: Vote[];
|
|
17
30
|
};
|
|
18
31
|
/**
|
|
19
|
-
* Initialize LLM config from OpenClaw's provider config.
|
|
20
|
-
* Called once at plugin setup.
|
|
32
|
+
* Initialize LLM config from OpenClaw's typed provider config.
|
|
33
|
+
* Called once at plugin setup. Receives `api.config` (OpenClawConfig).
|
|
21
34
|
*/
|
|
22
|
-
export declare function initLlm(config:
|
|
35
|
+
export declare function initLlm(config: OpenClawConfig): void;
|
|
23
36
|
export declare function readRecentContext(_sessionKey?: string): string;
|
|
24
37
|
export declare function singleVote(toolName: string, params: Record<string, any>, sessionKey?: string): Promise<VoteResult>;
|
|
25
38
|
export declare function multiVote(toolName: string, params: Record<string, any>, sessionKey?: string, count?: number, threshold?: number): Promise<VoteResult & {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"llm-voter.d.ts","sourceRoot":"","sources":["../../src/llm-voter.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"llm-voter.d.ts","sourceRoot":"","sources":["../../src/llm-voter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAI1D,MAAM,MAAM,IAAI,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AACzE,MAAM,MAAM,UAAU,GAAG;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,IAAI,EAAE,CAAA;CAAE,CAAC;AAuBhF;;;GAGG;AACH,wBAAgB,OAAO,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI,CAyCpD;AAoGD,wBAAgB,iBAAiB,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CAmC9D;AA6FD,wBAAsB,UAAU,CAC9B,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,UAAU,CAAC,EAAE,MAAM,GACjE,OAAO,CAAC,UAAU,CAAC,CAQrB;AAED,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,UAAU,CAAC,EAAE,MAAM,EAClE,KAAK,SAAI,EAAE,SAAS,SAAI,GACvB,OAAO,CAAC,UAAU,GAAG;IAAE,KAAK,EAAE,IAAI,EAAE,CAAA;CAAE,CAAC,CAkBzC"}
|
package/dist/src/llm-voter.js
CHANGED
|
@@ -2,8 +2,20 @@
|
|
|
2
2
|
* LLM voter — calls a lightweight model to check if user explicitly requested/confirmed
|
|
3
3
|
* the flagged operation. Single job: "Did the user ask for this?"
|
|
4
4
|
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
5
|
+
* v0.2.0: Uses OpenClaw's typed OpenClawConfig to read provider config.
|
|
6
|
+
*
|
|
7
|
+
* WHY NOT a standard SDK LLM interface:
|
|
8
|
+
* The OpenClaw plugin SDK (as of 2026-02) does NOT expose a high-level
|
|
9
|
+
* `api.llm()` or `api.createCompletion()` method for plugins. The plugin
|
|
10
|
+
* receives `api.config: OpenClawConfig`, which contains the typed
|
|
11
|
+
* `models.providers` map. We read provider credentials from that typed
|
|
12
|
+
* structure instead of doing raw `Record<string, any>` parsing.
|
|
13
|
+
*
|
|
14
|
+
* This approach:
|
|
15
|
+
* 1. Uses the SDK's own `ModelProviderConfig` type — fully typed, no guessing
|
|
16
|
+
* 2. Supports providers that put auth in `headers` (not just `apiKey`)
|
|
17
|
+
* 3. Supports providers using `authHeader: false` (e.g. custom header auth)
|
|
18
|
+
* 4. Falls back gracefully for AWS Bedrock or OAuth providers (logs skip reason)
|
|
7
19
|
*/
|
|
8
20
|
import { readFileSync, readdirSync, statSync } from "node:fs";
|
|
9
21
|
import { join } from "node:path";
|
|
@@ -25,8 +37,8 @@ const PREFERRED_MODELS = [
|
|
|
25
37
|
"gemini-2.0-flash",
|
|
26
38
|
];
|
|
27
39
|
/**
|
|
28
|
-
* Initialize LLM config from OpenClaw's provider config.
|
|
29
|
-
* Called once at plugin setup.
|
|
40
|
+
* Initialize LLM config from OpenClaw's typed provider config.
|
|
41
|
+
* Called once at plugin setup. Receives `api.config` (OpenClawConfig).
|
|
30
42
|
*/
|
|
31
43
|
export function initLlm(config) {
|
|
32
44
|
const providers = config?.models?.providers;
|
|
@@ -36,41 +48,55 @@ export function initLlm(config) {
|
|
|
36
48
|
}
|
|
37
49
|
// Strategy: find a provider with a cheap/fast model
|
|
38
50
|
for (const preferred of PREFERRED_MODELS) {
|
|
39
|
-
for (const [, provider] of Object.entries(providers)) {
|
|
40
|
-
if (!provider
|
|
51
|
+
for (const [providerName, provider] of Object.entries(providers)) {
|
|
52
|
+
if (!provider?.baseUrl)
|
|
53
|
+
continue;
|
|
54
|
+
// Skip providers that use non-API-key auth (e.g. AWS Bedrock SDK auth, OAuth)
|
|
55
|
+
// — we can't call those with a simple fetch
|
|
56
|
+
if (provider.auth === "aws-sdk" || provider.auth === "oauth")
|
|
41
57
|
continue;
|
|
42
58
|
const models = provider.models ?? [];
|
|
43
59
|
const found = models.find((m) => m.id === preferred || m.id?.includes(preferred) || m.name?.includes(preferred));
|
|
44
60
|
if (found) {
|
|
45
|
-
|
|
46
|
-
llmApiKey = provider.apiKey;
|
|
47
|
-
llmModel = found.id;
|
|
48
|
-
llmApi = found.api ?? provider.api ?? "anthropic-messages";
|
|
49
|
-
llmHeaders = { ...provider.headers, ...found.headers };
|
|
50
|
-
llmReady = true;
|
|
51
|
-
console.log(`[guardian] LLM ready: ${llmModel} via ${llmUrl}`);
|
|
61
|
+
applyProvider(provider, found, providerName);
|
|
52
62
|
return;
|
|
53
63
|
}
|
|
54
64
|
}
|
|
55
65
|
}
|
|
56
66
|
// Fallback: use the first provider with any model
|
|
57
|
-
for (const [, provider] of Object.entries(providers)) {
|
|
58
|
-
if (!provider
|
|
67
|
+
for (const [providerName, provider] of Object.entries(providers)) {
|
|
68
|
+
if (!provider?.baseUrl)
|
|
69
|
+
continue;
|
|
70
|
+
if (provider.auth === "aws-sdk" || provider.auth === "oauth")
|
|
59
71
|
continue;
|
|
60
72
|
const models = provider.models ?? [];
|
|
61
73
|
if (models.length > 0) {
|
|
62
|
-
|
|
63
|
-
llmApiKey = provider.apiKey;
|
|
64
|
-
llmModel = models[0].id;
|
|
65
|
-
llmApi = models[0].api ?? provider.api ?? "anthropic-messages";
|
|
66
|
-
llmHeaders = { ...provider.headers, ...models[0].headers };
|
|
67
|
-
llmReady = true;
|
|
74
|
+
applyProvider(provider, models[0], providerName);
|
|
68
75
|
console.log(`[guardian] LLM fallback: ${llmModel} via ${llmUrl}`);
|
|
69
76
|
return;
|
|
70
77
|
}
|
|
71
78
|
}
|
|
72
79
|
console.error("[guardian] No usable LLM provider found");
|
|
73
80
|
}
|
|
81
|
+
/**
|
|
82
|
+
* Apply provider + model config to module-level state.
|
|
83
|
+
* Builds the final headers map, supporting:
|
|
84
|
+
* - Standard apiKey field
|
|
85
|
+
* - Custom headers on provider and model level
|
|
86
|
+
* - authHeader: false (key sent via custom header, not Authorization/x-api-key)
|
|
87
|
+
*/
|
|
88
|
+
function applyProvider(provider, model, providerName) {
|
|
89
|
+
llmUrl = provider.baseUrl.replace(/\/$/, "");
|
|
90
|
+
// provider.apiKey may be a string or a SecretRef object at runtime;
|
|
91
|
+
// coerce to string to handle both cases safely
|
|
92
|
+
llmApiKey = typeof provider.apiKey === "string" ? provider.apiKey : String(provider.apiKey ?? "");
|
|
93
|
+
llmModel = model.id;
|
|
94
|
+
llmApi = model.api ?? provider.api ?? "anthropic-messages";
|
|
95
|
+
// Merge headers: provider-level first, then model-level overrides
|
|
96
|
+
llmHeaders = { ...provider.headers, ...model.headers };
|
|
97
|
+
llmReady = true;
|
|
98
|
+
console.log(`[guardian] LLM ready: ${llmModel} via ${llmUrl} (provider: ${providerName})`);
|
|
99
|
+
}
|
|
74
100
|
// ── System Prompt ──────────────────────────────────────────────────
|
|
75
101
|
const SYSTEM_PROMPT = `You are a security confirmation checker for an AI agent.
|
|
76
102
|
|
|
@@ -187,14 +213,18 @@ async function callLLM(userPrompt) {
|
|
|
187
213
|
let resp;
|
|
188
214
|
if (llmApi === "anthropic-messages") {
|
|
189
215
|
const endpoint = llmUrl.endsWith("/messages") ? llmUrl : `${llmUrl}/v1/messages`;
|
|
216
|
+
const headers = {
|
|
217
|
+
"Content-Type": "application/json",
|
|
218
|
+
"anthropic-version": "2023-06-01",
|
|
219
|
+
...llmHeaders,
|
|
220
|
+
};
|
|
221
|
+
// Only add x-api-key if we have an apiKey and the provider doesn't override via headers
|
|
222
|
+
if (llmApiKey && !headers["x-api-key"] && !headers["authorization"]) {
|
|
223
|
+
headers["x-api-key"] = llmApiKey;
|
|
224
|
+
}
|
|
190
225
|
resp = await fetch(endpoint, {
|
|
191
226
|
method: "POST",
|
|
192
|
-
headers
|
|
193
|
-
"Content-Type": "application/json",
|
|
194
|
-
"x-api-key": llmApiKey,
|
|
195
|
-
"anthropic-version": "2023-06-01",
|
|
196
|
-
...llmHeaders,
|
|
197
|
-
},
|
|
227
|
+
headers,
|
|
198
228
|
body: JSON.stringify({
|
|
199
229
|
model: llmModel,
|
|
200
230
|
max_tokens: LLM_MAX_TOKENS,
|
|
@@ -206,17 +236,21 @@ async function callLLM(userPrompt) {
|
|
|
206
236
|
});
|
|
207
237
|
}
|
|
208
238
|
else {
|
|
209
|
-
// OpenAI-compatible (openai-completions, ollama, etc.)
|
|
239
|
+
// OpenAI-compatible (openai-completions, ollama, google-generative-ai, etc.)
|
|
210
240
|
const endpoint = llmUrl.endsWith("/chat/completions")
|
|
211
241
|
? llmUrl
|
|
212
242
|
: `${llmUrl}/v1/chat/completions`;
|
|
243
|
+
const headers = {
|
|
244
|
+
"Content-Type": "application/json",
|
|
245
|
+
...llmHeaders,
|
|
246
|
+
};
|
|
247
|
+
// Only add Authorization if we have an apiKey and no auth header is already set
|
|
248
|
+
if (llmApiKey && !headers["authorization"] && !headers["Authorization"]) {
|
|
249
|
+
headers["Authorization"] = `Bearer ${llmApiKey}`;
|
|
250
|
+
}
|
|
213
251
|
resp = await fetch(endpoint, {
|
|
214
252
|
method: "POST",
|
|
215
|
-
headers
|
|
216
|
-
"Content-Type": "application/json",
|
|
217
|
-
"Authorization": `Bearer ${llmApiKey}`,
|
|
218
|
-
...llmHeaders,
|
|
219
|
-
},
|
|
253
|
+
headers,
|
|
220
254
|
body: JSON.stringify({
|
|
221
255
|
model: llmModel,
|
|
222
256
|
max_tokens: LLM_MAX_TOKENS,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"llm-voter.js","sourceRoot":"","sources":["../../src/llm-voter.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"llm-voter.js","sourceRoot":"","sources":["../../src/llm-voter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAKjC,sEAAsE;AAEtE,IAAI,MAAM,GAAG,EAAE,CAAC;AAChB,IAAI,SAAS,GAAG,EAAE,CAAC;AACnB,IAAI,QAAQ,GAAG,EAAE,CAAC;AAClB,IAAI,MAAM,GAAW,oBAAoB,CAAC;AAC1C,IAAI,UAAU,GAA2B,EAAE,CAAC;AAC5C,IAAI,QAAQ,GAAG,KAAK,CAAC;AAErB,MAAM,cAAc,GAAG,IAAI,CAAC;AAC5B,MAAM,cAAc,GAAG,GAAG,CAAC;AAE3B,sDAAsD;AACtD,MAAM,gBAAgB,GAAG;IACvB,2BAA2B;IAC3B,kBAAkB;IAClB,gBAAgB;IAChB,aAAa;IACb,kBAAkB;CACnB,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,OAAO,CAAC,MAAsB;IAC5C,MAAM,SAAS,GAAG,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC;IAC5C,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAChD,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAC/D,OAAO;IACT,CAAC;IAED,oDAAoD;IACpD,KAAK,MAAM,SAAS,IAAI,gBAAgB,EAAE,CAAC;QACzC,KAAK,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YACjE,IAAI,CAAC,QAAQ,EAAE,OAAO;gBAAE,SAAS;YAEjC,8EAA8E;YAC9E,4CAA4C;YAC5C,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO;gBAAE,SAAS;YAEvE,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9B,CAAC,CAAC,EAAE,KAAK,SAAS,IAAI,CAAC,CAAC,EAAE,EAAE,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,SAAS,CAAC,CAC/E,CAAC;YACF,IAAI,KAAK,EAAE,CAAC;gBACV,aAAa,CAAC,QAAQ,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;QACH,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,KAAK,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,IAAI,CAAC,QAAQ,EAAE,OAAO;YAAE,SAAS;QACjC,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO;YAAE,SAAS;QAEvE,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC;QACrC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,4BAA4B,QAAQ,QAAQ,MAAM,EAAE,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;IACH,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;GAMG;AACH,SAAS,aAAa,CACpB,QAAiF,EACjF,KAAqD,EACrD,YAAoB;IAEpB,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC7C,oEAAoE;IACpE,+CAA+C;IAC/C,SAAS,GAAG,OAAO,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IAClG,QAAQ,GAAG,KAAK,CAAC,EAAE,CAAC;IACpB,MAAM,GAAG,KAAK,CAAC,GAAG,IAAI,QAAQ,CAAC,GAAG,IAAI,oBAAoB,CAAC;IAE3D,kEAAkE;IAClE,UAAU,GAAG,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;IAEvD,QAAQ,GAAG,IAAI,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,QAAQ,MAAM,eAAe,YAAY,GAAG,CAAC,CAAC;AAC7F,CAAC;AAED,sEAAsE;AAEtE,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yDAkDmC,CAAC;AAE1D,sEAAsE;AAEtE,SAAS,kBAAkB;IACzB,mBAAmB;IACnB,MAAM,UAAU,GAAG;QACjB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,EAAE,gCAAgC,CAAC;QACnE,sCAAsC;QACtC,+CAA+C;KAChD,CAAC;IACF,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,WAAW,CAAC,GAAG,CAAC,CAAC;YACjB,OAAO,GAAG,CAAC;QACb,CAAC;QAAC,MAAM,CAAC,CAAC,cAAc,CAAC,CAAC;IAC5B,CAAC;IACD,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW;AACnC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,WAAoB;IACpD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC;aAC/B,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;aAC3C,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;aAC5E,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QAErC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,gCAAgC,CAAC;QAEhE,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEpD,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;gBAAE,SAAS;YAC3B,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC/B,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC;gBACnC,IAAI,GAAG,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;oBACxB,MAAM,IAAI,GAAG,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;wBAC1C,CAAC,CAAC,GAAG,CAAC,OAAO;wBACb,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;4BAC1B,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;4BACrF,CAAC,CAAC,EAAE,CAAC;oBACT,IAAI,IAAI,CAAC,IAAI,EAAE;wBAAE,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBAChE,CAAC;YACH,CAAC;YAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,0BAA0B,CAAC;IAC9E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,kCAAkC,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,sEAAsE;AAEtE,KAAK,UAAU,OAAO,CAAC,UAAkB;IACvC,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAEtD,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,cAAc,CAAC,CAAC;IAEnE,IAAI,CAAC;QACH,IAAI,IAAc,CAAC;QAEnB,IAAI,MAAM,KAAK,oBAAoB,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,cAAc,CAAC;YACjF,MAAM,OAAO,GAA2B;gBACtC,cAAc,EAAE,kBAAkB;gBAClC,mBAAmB,EAAE,YAAY;gBACjC,GAAG,UAAU;aACd,CAAC;YACF,wFAAwF;YACxF,IAAI,SAAS,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;gBACpE,OAAO,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC;YACnC,CAAC;YACD,IAAI,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBAC3B,MAAM,EAAE,MAAM;gBACd,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,KAAK,EAAE,QAAQ;oBACf,UAAU,EAAE,cAAc;oBAC1B,WAAW,EAAE,CAAC;oBACd,MAAM,EAAE,aAAa;oBACrB,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;iBAClD,CAAC;gBACF,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,6EAA6E;YAC7E,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAC;gBACnD,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,GAAG,MAAM,sBAAsB,CAAC;YACpC,MAAM,OAAO,GAA2B;gBACtC,cAAc,EAAE,kBAAkB;gBAClC,GAAG,UAAU;aACd,CAAC;YACF,gFAAgF;YAChF,IAAI,SAAS,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;gBACxE,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,SAAS,EAAE,CAAC;YACnD,CAAC;YACD,IAAI,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBAC3B,MAAM,EAAE,MAAM;gBACd,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,KAAK,EAAE,QAAQ;oBACf,UAAU,EAAE,cAAc;oBAC1B,WAAW,EAAE,CAAC;oBACd,QAAQ,EAAE;wBACR,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE;wBAC1C,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE;qBACtC;iBACF,CAAC;gBACF,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QACzD,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAQ,CAAC;QAExC,+DAA+D;QAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI;eAC/B,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO;eACnC,EAAE,CAAC;QAER,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QAC7C,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QACxC,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;IACxE,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,sEAAsE;AAEtE,SAAS,WAAW,CAAC,QAAgB,EAAE,MAA2B,EAAE,OAAe;IACjF,MAAM,MAAM,GAAG,QAAQ,KAAK,MAAM;QAChC,CAAC,CAAC,YAAY,MAAM,CAAC,OAAO,IAAI,SAAS,EAAE;QAC3C,CAAC,CAAC,cAAc,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,IAAI,IAAI,SAAS,EAAE,CAAC;IACjE,OAAO,+BAA+B,QAAQ,OAAO,MAAM,8BAA8B,OAAO,EAAE,CAAC;AACrG,CAAC;AAED,sEAAsE;AAEtE,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAAE,MAA2B,EAAE,UAAmB;IAElE,MAAM,OAAO,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IACtD,IAAI,CAAC;QACH,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;IACvE,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAAgB,EAAE,MAA2B,EAAE,UAAmB,EAClE,KAAK,GAAG,CAAC,EAAE,SAAS,GAAG,CAAC;IAExB,MAAM,OAAO,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAEtD,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACtD,OAAO,CAAC,MAAM,CAAC;SACZ,IAAI,CAAC,CAAC,CAAC,EAAQ,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;SAC/E,KAAK,CAAC,CAAC,CAAM,EAAQ,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CACpG,CAAC;IAEF,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC;IACzD,MAAM,SAAS,GAAG,QAAQ,IAAI,SAAS,CAAC;IACxC,MAAM,MAAM,GAAG,SAAS;QACtB,CAAC,CAAC,GAAG,QAAQ,IAAI,KAAK,+BAA+B;QACrD,CAAC,CAAC,QAAQ,QAAQ,IAAI,KAAK,oBAAoB,SAAS,GAAG,CAAC;IAE9D,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AACtC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "openclaw-guardian",
|
|
3
|
-
"version": "0.
|
|
4
|
-
"description": "Security gate plugin for OpenClaw
|
|
3
|
+
"version": "0.2.0",
|
|
4
|
+
"description": "Security gate plugin for OpenClaw — two-tier blacklist (regex + LLM intent verification) prevents dangerous tool executions",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
@@ -46,6 +46,7 @@
|
|
|
46
46
|
"openclaw": ">=2026.1.26"
|
|
47
47
|
},
|
|
48
48
|
"devDependencies": {
|
|
49
|
+
"@types/node": "^25.3.2",
|
|
49
50
|
"typescript": "^5.9.0"
|
|
50
51
|
},
|
|
51
52
|
"openclaw": {
|
|
@@ -53,4 +54,4 @@
|
|
|
53
54
|
"dist/index.js"
|
|
54
55
|
]
|
|
55
56
|
}
|
|
56
|
-
}
|
|
57
|
+
}
|