openclaw-observability 1.0.0

package/dist/config.d.ts

@@ -0,0 +1,60 @@
+/**
+ * Plugin configuration schema and defaults
+ */
+/** MySQL connection config */
+export interface MySQLConfig {
+    host: string;
+    port: number;
+    user: string;
+    password: string;
+    database: string;
+}
+/** Local DuckDB config */
+export interface DuckDBConfig {
+    /** Database file path (':memory:' for in-memory mode) */
+    path: string;
+}
+/** Buffer config */
+export interface BufferConfig {
+    /** Batch write threshold (number of records) */
+    batchSize: number;
+    /** Flush interval (milliseconds) */
+    flushIntervalMs: number;
+}
+/** Redaction config */
+export interface RedactionConfig {
+    /** Whether redaction is enabled */
+    enabled: boolean;
+    /** Redaction pattern list (case-insensitive regex) */
+    patterns: string[];
+}
+/** Security detection config */
+export interface SecurityPluginConfig {
+    /** Whether security scanning is enabled */
+    enabled: boolean;
+    /** Enabled rule categories */
+    rules: {
+        secretLeakage: boolean;
+        highRiskOps: boolean;
+        promptInjection: boolean;
+        chainDetection: boolean;
+    };
+    /** Domain whitelist for external request detection */
+    domainWhitelist: string[];
+}
+/** Full plugin config */
+export interface AuditPluginConfig {
+    /** Storage mode: local (embedded, zero config) | remote (external MySQL) */
+    mode: 'local' | 'remote';
+    mysql: MySQLConfig;
+    duckdb: DuckDBConfig;
+    buffer: BufferConfig;
+    redaction: RedactionConfig;
+    security: SecurityPluginConfig;
+}
+/** Default DuckDB path */
+export declare const DEFAULT_DUCKDB_PATH: string;
+/** Default config */
+export declare const DEFAULT_CONFIG: AuditPluginConfig;
+export declare function resolveConfig(userConfig: Partial<AuditPluginConfig> | undefined): AuditPluginConfig;
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,8BAA8B;AAC9B,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,0BAA0B;AAC1B,MAAM,WAAW,YAAY;IAC3B,yDAAyD;IACzD,IAAI,EAAE,MAAM,CAAC;CACd;AAED,oBAAoB;AACpB,MAAM,WAAW,YAAY;IAC3B,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAC;IAClB,oCAAoC;IACpC,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,uBAAuB;AACvB,MAAM,WAAW,eAAe;IAC9B,mCAAmC;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,sDAAsD;IACtD,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,gCAAgC;AAChC,MAAM,WAAW,oBAAoB;IACnC,2CAA2C;IAC3C,OAAO,EAAE,OAAO,CAAC;IACjB,8BAA8B;IAC9B,KAAK,EAAE;QACL,aAAa,EAAE,OAAO,CAAC;QACvB,WAAW,EAAE,OAAO,CAAC;QACrB,eAAe,EAAE,OAAO,CAAC;QACzB,cAAc,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,sDAAsD;IACtD,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,yBAAyB;AACzB,MAAM,WAAW,iBAAiB;IAChC,4EAA4E;IAC5E,IAAI,EAAE,OAAO,GAAG,QAAQ,CAAC;IACzB,KAAK,EAAE,WAAW,CAAC;IACnB,MAAM,EAAE,YAAY,CAAC;IACrB,MAAM,EAAE,YAAY,CAAC;IACrB,SAAS,EAAE,eAAe,CAAC;IAC3B,QAAQ,EAAE,oBAAoB,CAAC;CAChC;AAED,0BAA0B;AAC1B,eAAO,MAAM,mBAAmB,QAE/B,CAAC;AAEF,qBAAqB;AACrB,eAAO,MAAM,cAAc,EAAE,iBA6C5B,CAAC;AAeF,wBAAgB,aAAa,CAC3B,UAAU,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,SAAS,GACjD,iBAAiB,CAkCnB"}

package/dist/config.js

@@ -0,0 +1,140 @@
+"use strict";
+/**
+ * Plugin configuration schema and defaults
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_CONFIG = exports.DEFAULT_DUCKDB_PATH = void 0;
+exports.resolveConfig = resolveConfig;
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+/** Default DuckDB path */
+exports.DEFAULT_DUCKDB_PATH = path.join(os.homedir(), '.openclaw', 'audit.duckdb');
+/** Default config */
+exports.DEFAULT_CONFIG = {
+    mode: 'local', // default: local DuckDB, zero config
+    mysql: {
+        host: 'localhost',
+        port: 3306,
+        user: 'root',
+        password: '',
+        database: 'openclaw_audit',
+    },
+    duckdb: {
+        path: exports.DEFAULT_DUCKDB_PATH,
+    },
+    buffer: {
+        batchSize: 50,
+        flushIntervalMs: 30000,
+    },
+    redaction: {
+        enabled: true,
+        patterns: [
+            'api_key',
+            'api[-_]?secret',
+            'password',
+            'passwd',
+            'access_token',
+            'auth_token',
+            'refresh_token',
+            'bearer_token',
+            'client_secret',
+            'app_secret',
+            'secret_key',
+            'authorization',
+            'private_key',
+            'credential',
+        ],
+    },
+    security: {
+        enabled: true,
+        rules: {
+            secretLeakage: true,
+            highRiskOps: true,
+            promptInjection: true,
+            chainDetection: true,
+        },
+        domainWhitelist: [],
+    },
+};
+/**
+ * Smart mode inference:
+ *  - User explicitly specified -> use user value
+ *  - Not specified but valid MySQL config provided -> auto-switch to remote
+ *  - Otherwise -> local (zero config)
+ */
+function inferMode(userConfig) {
+    if (userConfig.mode)
+        return userConfig.mode;
+    const m = userConfig.mysql;
+    if (m && m.host && m.host !== 'localhost' && m.password)
+        return 'remote';
+    return 'local';
+}
+function resolveConfig(userConfig) {
+    if (!userConfig) {
+        return { ...exports.DEFAULT_CONFIG };
+    }
+    return {
+        mode: inferMode(userConfig),
+        mysql: {
+            ...exports.DEFAULT_CONFIG.mysql,
+            ...userConfig.mysql,
+        },
+        duckdb: {
+            ...exports.DEFAULT_CONFIG.duckdb,
+            ...userConfig.duckdb,
+        },
+        buffer: {
+            ...exports.DEFAULT_CONFIG.buffer,
+            ...userConfig.buffer,
+        },
+        redaction: {
+            ...exports.DEFAULT_CONFIG.redaction,
+            ...userConfig.redaction,
+            patterns: userConfig.redaction?.patterns ?? exports.DEFAULT_CONFIG.redaction.patterns,
+        },
+        security: {
+            ...exports.DEFAULT_CONFIG.security,
+            ...userConfig.security,
+            rules: {
+                ...exports.DEFAULT_CONFIG.security.rules,
+                ...(userConfig.security?.rules),
+            },
+            domainWhitelist: userConfig.security?.domainWhitelist ?? exports.DEFAULT_CONFIG.security.domainWhitelist,
+        },
+    };
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgIH,sCAoCC;AAlKD,2CAA6B;AAC7B,uCAAyB;AA2DzB,0BAA0B;AACb,QAAA,mBAAmB,GAAG,IAAI,CAAC,IAAI,CAC1C,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,cAAc,CAC1C,CAAC;AAEF,qBAAqB;AACR,QAAA,cAAc,GAAsB;IAC/C,IAAI,EAAE,OAAO,EAAG,qCAAqC;IACrD,KAAK,EAAE;QACL,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,MAAM;QACZ,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,gBAAgB;KAC3B;IACD,MAAM,EAAE;QACN,IAAI,EAAE,2BAAmB;KAC1B;IACD,MAAM,EAAE;QACN,SAAS,EAAE,EAAE;QACb,eAAe,EAAE,KAAK;KACvB;IACD,SAAS,EAAE;QACT,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE;YACR,SAAS;YACT,gBAAgB;YAChB,UAAU;YACV,QAAQ;YACR,cAAc;YACd,YAAY;YACZ,eAAe;YACf,cAAc;YACd,eAAe;YACf,YAAY;YACZ,YAAY;YACZ,eAAe;YACf,aAAa;YACb,YAAY;SACb;KACF;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,IAAI;QACb,KAAK,EAAE;YACL,aAAa,EAAE,IAAI;YACnB,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,cAAc,EAAE,IAAI;SACrB;QACD,eAAe,EAAE,EAAE;KACpB;CACF,CAAC;AAEF;;;;;GAKG;AACH,SAAS,SAAS,CAAC,UAAsC;IACvD,IAAI,UAAU,CAAC,IAAI;QAAE,OAAO,UAAU,CAAC,IAAI,CAAC;IAC5C,MAAM,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC;IAC3B,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,WAAW,IAAI,CAAC,CAAC,QAAQ;QAAE,OAAO,QAAQ,CAAC;IACzE,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,aAAa,CAC3B,UAAkD;IAElD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,GAAG,sBAAc,EAAE,CAAC;IAC/B,CAAC;IAED,OAAO;QACL,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC;QAC3B,KAAK,EAAE;YACL,GAAG,sBAAc,CAAC,KAAK;YACvB,GAAG,UAAU,CAAC,KAAK;SACpB;QACD,MAAM,EAAE;YACN,GAAG,sBAAc,CAAC,MAAM;YACxB,GAAG,UAAU,CAAC,MAAM;SACrB;QACD,MAAM,EAAE;YACN,GAAG,sBAAc,CAAC,MAAM;YACxB,GAAG,UAAU,CAAC,MAAM;SACrB;QACD,SAAS,EAAE;YACT,GAAG,sBAAc,CAAC,SAAS;YAC3B,GAAG,UAAU,CAAC,SAAS;YACvB,QAAQ,EAAE,UAAU,CAAC,SAAS,EAAE,QAAQ,IAAI,sBAAc,CAAC,SAAS,CAAC,QAAQ;SAC9E;QACD,QAAQ,EAAE;YACR,GAAG,sBAAc,CAAC,QAAQ;YAC1B,GAAG,UAAU,CAAC,QAAQ;YACtB,KAAK,EAAE;gBACL,GAAG,sBAAc,CAAC,QAAQ,CAAC,KAAK;gBAChC,GAAG,CAAC,UAAU,CAAC,QAAQ,EAAE,KAAK,CAAC;aAChC;YACD,eAAe,EAAE,UAAU,CAAC,QAAQ,EAAE,eAAe,IAAI,sBAAc,CAAC,QAAQ,CAAC,eAAe;SACjG;KACF,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,37 @@
+/**
+ * OpenClaw audit plugin entry point
+ * Registers all 24 Plugin Hooks, assembles capture -> buffer -> writer pipeline
+ *
+ * OpenClaw hooks:
+ *   Agent: before_model_resolve, before_prompt_build, before_agent_start, agent_end
+ *   LLM:   llm_input, llm_output
+ *   Tool:  before_tool_call, after_tool_call, tool_result_persist
+ *   Msg:   message_received, message_sending, message_sent, before_message_write
+ *   Ctx:   before_compaction, after_compaction, before_reset
+ *   Session: session_start, session_end
+ *   Subagent: subagent_spawning, subagent_delivery_target, subagent_spawned, subagent_ended
+ *   Gateway: gateway_start, gateway_stop
+ */
+import { AuditPluginConfig } from './config';
+interface PluginAPI {
+    id: string;
+    name: string;
+    version: string;
+    config?: Record<string, unknown>;
+    pluginConfig?: Partial<AuditPluginConfig>;
+    on(slot: string, handler: (...args: unknown[]) => unknown): void;
+    registerHttpRoute?: (params: {
+        path: string;
+        handler: (req: import('node:http').IncomingMessage, res: import('node:http').ServerResponse) => Promise<boolean | void> | boolean | void;
+        auth: 'gateway' | 'plugin';
+        match?: 'exact' | 'prefix';
+        replaceExisting?: boolean;
+    }) => void;
+    [key: string]: unknown;
+}
+declare function activate(api: PluginAPI): {
+    deactivate: () => Promise<void>;
+};
+export { activate };
+export default activate;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,iBAAiB,EAAiB,MAAM,UAAU,CAAC;AAe5D,UAAU,SAAS;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,YAAY,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAC1C,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,GAAG,IAAI,CAAC;IACjE,iBAAiB,CAAC,EAAE,CAAC,MAAM,EAAE;QAC3B,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,CAAC,GAAG,EAAE,OAAO,WAAW,EAAE,eAAe,EAAE,GAAG,EAAE,OAAO,WAAW,EAAE,cAAc,KAAK,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,OAAO,GAAG,IAAI,CAAC;QACzI,IAAI,EAAE,SAAS,GAAG,QAAQ,CAAC;QAC3B,KAAK,CAAC,EAAE,OAAO,GAAG,QAAQ,CAAC;QAC3B,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,KAAK,IAAI,CAAC;IACX,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAmbD,iBAAS,QAAQ,CAAC,GAAG,EAAE,SAAS,GAAG;IAAE,UAAU,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAAE,CAs+BrE;AAED,OAAO,EAAE,QAAQ,EAAE,CAAC;AACpB,eAAe,QAAQ,CAAC"}