openclaw-safeclaw-plugin 0.5.1 → 0.7.1

package/README.md

@@ -1,38 +1,33 @@
 # openclaw-safeclaw-plugin
 
-Neurosymbolic governance plugin for OpenClaw AI agents. Validates every tool call, message, and action against OWL ontologies and SHACL constraints before execution.
+Neurosymbolic governance plugin for OpenClaw AI agents. Validates every tool call, message, and action against safety constraints before execution.
 
 ## Install
 
 ```bash
-openclaw plugins install openclaw-safeclaw-plugin
+npm install -g openclaw-safeclaw-plugin
 ```
 
 ## Quick Start
 
-Install and go — the plugin connects to SafeClaw's hosted service by default:
+1. Sign up at [safeclaw.eu](https://safeclaw.eu) and create an API key
+2. Install and connect:
 
 ```bash
-openclaw plugins install openclaw-safeclaw-plugin
+npm install -g openclaw-safeclaw-plugin
+safeclaw connect <your-api-key>
+safeclaw restart-openclaw
 ```
 
-No configuration needed. The default service URL is `https://api.safeclaw.eu/api/v1`.
+That's it. Every tool call your AI agent makes is now governed by SafeClaw.
 
-## Self-Hosted
+## Commands
 
-To run your own SafeClaw service, override the URL:
-
-```bash
-export SAFECLAW_URL="http://localhost:8420/api/v1"
-
-# Start the SafeClaw service
-git clone https://github.com/tendlyeu/SafeClaw.git
-cd SafeClaw/safeclaw-service
-python -m venv .venv && source .venv/bin/activate
-pip install -e ".[dev]"
-safeclaw init --user-id yourname
-safeclaw serve
-# Engine ready on http://localhost:8420
+```
+safeclaw connect <api-key>  Connect to SafeClaw and register with OpenClaw
+safeclaw setup              Register plugin with OpenClaw (no key needed)
+safeclaw tui                Open the interactive settings TUI
+safeclaw restart-openclaw   Restart the OpenClaw daemon
 ```
 
 ## What It Does
@@ -60,11 +55,11 @@ Set via environment variables or `~/.safeclaw/config.json`:
 | Variable | Default | Description |
 |----------|---------|-------------|
 | `SAFECLAW_URL` | `https://api.safeclaw.eu/api/v1` | SafeClaw service URL |
-| `SAFECLAW_API_KEY` | *(empty)* | API key for cloud mode |
+| `SAFECLAW_API_KEY` | *(empty)* | API key (set automatically by `safeclaw connect`) |
 | `SAFECLAW_TIMEOUT_MS` | `500` | Request timeout in ms |
 | `SAFECLAW_ENABLED` | `true` | Set `false` to disable |
 | `SAFECLAW_ENFORCEMENT` | `enforce` | `enforce`, `warn-only`, `audit-only`, or `disabled` |
-| `SAFECLAW_FAIL_MODE` | `closed` | `open` (allow on failure) or `closed` (block on failure) |
+| `SAFECLAW_FAIL_MODE` | `open` | `open` (allow on failure) or `closed` (block on failure) |
 
 ## Enforcement Modes
 

package/cli.tsx

@@ -7,6 +7,35 @@ import { join } from 'path';
 import { homedir } from 'os';
 import App from './tui/App.js';
 
+function registerWithOpenClaw(): boolean {
+  // Use OpenClaw's native plugin install mechanism
+  try {
+    execSync('openclaw plugins install openclaw-safeclaw-plugin', {
+      encoding: 'utf-8',
+      timeout: 30000,
+      stdio: 'pipe',
+    });
+    return true;
+  } catch {
+    // Fallback: try linking from the global npm install location
+    try {
+      const globalRoot = execSync('npm root -g', { encoding: 'utf-8', timeout: 5000 }).trim();
+      const pluginPath = join(globalRoot, 'openclaw-safeclaw-plugin');
+      if (existsSync(pluginPath)) {
+        execSync(`openclaw plugins install --link "${pluginPath}"`, {
+          encoding: 'utf-8',
+          timeout: 15000,
+          stdio: 'pipe',
+        });
+        return true;
+      }
+    } catch {
+      // Both methods failed
+    }
+  }
+  return false;
+}
+
 const args = process.argv.slice(2);
 const command = args[0];
 
@@ -22,6 +51,12 @@ if (command === 'connect') {
     process.exit(1);
   }
 
+  if (!apiKey.startsWith('sc_')) {
+    console.error('Error: Invalid API key. Keys start with "sc_".');
+    console.error('Get your key at https://safeclaw.eu/dashboard');
+    process.exit(1);
+  }
+
   const configDir = join(homedir(), '.safeclaw');
   const configPath = join(configDir, 'config.json');
 
@@ -47,7 +82,22 @@ if (command === 'connect') {
   writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n');
   chmodSync(configPath, 0o600);
 
-  console.log(`Connected! Your API key has been saved to ${configPath}`);
+  console.log(`Connected! API key saved to ${configPath}`);
+
+  // Register with OpenClaw
+  console.log('Registering SafeClaw plugin with OpenClaw...');
+  const registered = registerWithOpenClaw();
+  if (registered) {
+    console.log('SafeClaw plugin registered with OpenClaw.');
+    console.log('');
+    console.log('Restart OpenClaw to activate:');
+    console.log('  safeclaw restart-openclaw');
+  } else {
+    console.log('');
+    console.log('Could not auto-register with OpenClaw.');
+    console.log('Register manually:');
+    console.log('  openclaw plugins install openclaw-safeclaw-plugin');
+  }
 } else if (command === 'tui') {
   render(React.createElement(App));
 } else if (command === 'restart-openclaw') {
@@ -60,11 +110,112 @@ if (command === 'connect') {
     console.error('Failed to restart OpenClaw daemon:', message);
     process.exit(1);
   }
+} else if (command === 'setup') {
+  console.log('Registering SafeClaw plugin with OpenClaw...');
+  const registered = registerWithOpenClaw();
+  if (registered) {
+    console.log('SafeClaw plugin registered with OpenClaw.');
+    console.log('');
+    console.log('Next steps:');
+    console.log('  1. Get an API key at https://safeclaw.eu/dashboard');
+    console.log('  2. Run: safeclaw connect <your-api-key>');
+    console.log('  3. Run: safeclaw restart-openclaw');
+  } else {
+    console.log('Could not auto-register.');
+    console.log('Try: openclaw plugins install openclaw-safeclaw-plugin');
+  }
+} else if (command === 'status') {
+  const configPath = join(homedir(), '.safeclaw', 'config.json');
+  let allOk = true;
+
+  // 1. Config file
+  if (existsSync(configPath)) {
+    console.log('[ok] Config file: ' + configPath);
+  } else {
+    console.log('[!!] Config file not found. Run: safeclaw connect <api-key>');
+    allOk = false;
+  }
+
+  // 2. API key
+  let apiKey = '';
+  let serviceUrl = 'https://api.safeclaw.eu/api/v1';
+  if (existsSync(configPath)) {
+    try {
+      const cfg = JSON.parse(readFileSync(configPath, 'utf-8'));
+      const remote = cfg.remote as Record<string, string> | undefined;
+      apiKey = remote?.apiKey ?? '';
+      serviceUrl = remote?.serviceUrl ?? serviceUrl;
+    } catch { /* ignore */ }
+  }
+
+  if (apiKey && apiKey.startsWith('sc_')) {
+    console.log('[ok] API key: configured (sc_...)');
+  } else if (apiKey) {
+    console.log('[!!] API key: invalid (must start with sc_)');
+    allOk = false;
+  } else {
+    console.log('[!!] API key: not set. Run: safeclaw connect <api-key>');
+    allOk = false;
+  }
+
+  // 3. SafeClaw service reachable
+  try {
+    const res = await fetch(`${serviceUrl}/health`, {
+      signal: AbortSignal.timeout(5000),
+      headers: apiKey ? { 'Authorization': `Bearer ${apiKey}` } : {},
+    });
+    if (res.ok) {
+      const data = await res.json() as Record<string, unknown>;
+      console.log(`[ok] SafeClaw service: ${data.status ?? 'ok'} (${serviceUrl})`);
+    } else {
+      console.log(`[!!] SafeClaw service: HTTP ${res.status} (${serviceUrl})`);
+      allOk = false;
+    }
+  } catch {
+    console.log(`[!!] SafeClaw service: unreachable (${serviceUrl})`);
+    allOk = false;
+  }
+
+  // 4. OpenClaw installed
+  try {
+    execSync('which openclaw', { encoding: 'utf-8', stdio: 'pipe' });
+    console.log('[ok] OpenClaw: installed');
+  } catch {
+    console.log('[!!] OpenClaw: not found in PATH');
+    allOk = false;
+  }
+
+  // 5. Plugin registered with OpenClaw
+  try {
+    const pluginList = execSync('openclaw plugins list', {
+      encoding: 'utf-8',
+      timeout: 10000,
+      stdio: 'pipe',
+    });
+    if (pluginList.includes('safeclaw')) {
+      console.log('[ok] Plugin: registered with OpenClaw');
+    } else {
+      console.log('[!!] Plugin: not registered with OpenClaw. Run: safeclaw setup');
+      allOk = false;
+    }
+  } catch {
+    console.log('[??] Plugin: could not check OpenClaw plugin list');
+  }
+
+  // Summary
+  console.log('');
+  if (allOk) {
+    console.log('All checks passed. SafeClaw is ready.');
+  } else {
+    console.log('Some checks failed. Fix the issues above.');
+  }
 } else {
   console.log('Usage: safeclaw <command>');
   console.log('');
   console.log('Commands:');
-  console.log('  connect <api-key>  Save your API key to ~/.safeclaw/config.json');
+  console.log('  connect <api-key>  Connect to SafeClaw and register with OpenClaw');
+  console.log('  setup              Register SafeClaw plugin with OpenClaw (no key needed)');
+  console.log('  status             Check SafeClaw + OpenClaw connection status');
   console.log('  tui                Open the interactive SafeClaw settings TUI');
   console.log('  restart-openclaw   Restart the OpenClaw daemon');
   process.exit(0);

package/dist/cli.js

@@ -6,6 +6,36 @@ import { readFileSync, writeFileSync, mkdirSync, chmodSync, existsSync } from 'f
 import { join } from 'path';
 import { homedir } from 'os';
 import App from './tui/App.js';
+function registerWithOpenClaw() {
+    // Use OpenClaw's native plugin install mechanism
+    try {
+        execSync('openclaw plugins install openclaw-safeclaw-plugin', {
+            encoding: 'utf-8',
+            timeout: 30000,
+            stdio: 'pipe',
+        });
+        return true;
+    }
+    catch {
+        // Fallback: try linking from the global npm install location
+        try {
+            const globalRoot = execSync('npm root -g', { encoding: 'utf-8', timeout: 5000 }).trim();
+            const pluginPath = join(globalRoot, 'openclaw-safeclaw-plugin');
+            if (existsSync(pluginPath)) {
+                execSync(`openclaw plugins install --link "${pluginPath}"`, {
+                    encoding: 'utf-8',
+                    timeout: 15000,
+                    stdio: 'pipe',
+                });
+                return true;
+            }
+        }
+        catch {
+            // Both methods failed
+        }
+    }
+    return false;
+}
 const args = process.argv.slice(2);
 const command = args[0];
 if (command === 'connect') {
@@ -18,6 +48,11 @@ if (command === 'connect') {
         console.error('Usage: safeclaw connect <api-key> [--service-url <url>]');
         process.exit(1);
     }
+    if (!apiKey.startsWith('sc_')) {
+        console.error('Error: Invalid API key. Keys start with "sc_".');
+        console.error('Get your key at https://safeclaw.eu/dashboard');
+        process.exit(1);
+    }
     const configDir = join(homedir(), '.safeclaw');
     const configPath = join(configDir, 'config.json');
     // Load existing config or start fresh
@@ -40,7 +75,22 @@ if (command === 'connect') {
     mkdirSync(configDir, { recursive: true });
     writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n');
     chmodSync(configPath, 0o600);
-    console.log(`Connected! Your API key has been saved to ${configPath}`);
+    console.log(`Connected! API key saved to ${configPath}`);
+    // Register with OpenClaw
+    console.log('Registering SafeClaw plugin with OpenClaw...');
+    const registered = registerWithOpenClaw();
+    if (registered) {
+        console.log('SafeClaw plugin registered with OpenClaw.');
+        console.log('');
+        console.log('Restart OpenClaw to activate:');
+        console.log('  safeclaw restart-openclaw');
+    }
+    else {
+        console.log('');
+        console.log('Could not auto-register with OpenClaw.');
+        console.log('Register manually:');
+        console.log('  openclaw plugins install openclaw-safeclaw-plugin');
+    }
 }
 else if (command === 'tui') {
     render(React.createElement(App));
@@ -57,11 +107,118 @@ else if (command === 'restart-openclaw') {
         process.exit(1);
     }
 }
+else if (command === 'setup') {
+    console.log('Registering SafeClaw plugin with OpenClaw...');
+    const registered = registerWithOpenClaw();
+    if (registered) {
+        console.log('SafeClaw plugin registered with OpenClaw.');
+        console.log('');
+        console.log('Next steps:');
+        console.log('  1. Get an API key at https://safeclaw.eu/dashboard');
+        console.log('  2. Run: safeclaw connect <your-api-key>');
+        console.log('  3. Run: safeclaw restart-openclaw');
+    }
+    else {
+        console.log('Could not auto-register.');
+        console.log('Try: openclaw plugins install openclaw-safeclaw-plugin');
+    }
+}
+else if (command === 'status') {
+    const configPath = join(homedir(), '.safeclaw', 'config.json');
+    let allOk = true;
+    // 1. Config file
+    if (existsSync(configPath)) {
+        console.log('[ok] Config file: ' + configPath);
+    }
+    else {
+        console.log('[!!] Config file not found. Run: safeclaw connect <api-key>');
+        allOk = false;
+    }
+    // 2. API key
+    let apiKey = '';
+    let serviceUrl = 'https://api.safeclaw.eu/api/v1';
+    if (existsSync(configPath)) {
+        try {
+            const cfg = JSON.parse(readFileSync(configPath, 'utf-8'));
+            const remote = cfg.remote;
+            apiKey = remote?.apiKey ?? '';
+            serviceUrl = remote?.serviceUrl ?? serviceUrl;
+        }
+        catch { /* ignore */ }
+    }
+    if (apiKey && apiKey.startsWith('sc_')) {
+        console.log('[ok] API key: configured (sc_...)');
+    }
+    else if (apiKey) {
+        console.log('[!!] API key: invalid (must start with sc_)');
+        allOk = false;
+    }
+    else {
+        console.log('[!!] API key: not set. Run: safeclaw connect <api-key>');
+        allOk = false;
+    }
+    // 3. SafeClaw service reachable
+    try {
+        const res = await fetch(`${serviceUrl}/health`, {
+            signal: AbortSignal.timeout(5000),
+            headers: apiKey ? { 'Authorization': `Bearer ${apiKey}` } : {},
+        });
+        if (res.ok) {
+            const data = await res.json();
+            console.log(`[ok] SafeClaw service: ${data.status ?? 'ok'} (${serviceUrl})`);
+        }
+        else {
+            console.log(`[!!] SafeClaw service: HTTP ${res.status} (${serviceUrl})`);
+            allOk = false;
+        }
+    }
+    catch {
+        console.log(`[!!] SafeClaw service: unreachable (${serviceUrl})`);
+        allOk = false;
+    }
+    // 4. OpenClaw installed
+    try {
+        execSync('which openclaw', { encoding: 'utf-8', stdio: 'pipe' });
+        console.log('[ok] OpenClaw: installed');
+    }
+    catch {
+        console.log('[!!] OpenClaw: not found in PATH');
+        allOk = false;
+    }
+    // 5. Plugin registered with OpenClaw
+    try {
+        const pluginList = execSync('openclaw plugins list', {
+            encoding: 'utf-8',
+            timeout: 10000,
+            stdio: 'pipe',
+        });
+        if (pluginList.includes('safeclaw')) {
+            console.log('[ok] Plugin: registered with OpenClaw');
+        }
+        else {
+            console.log('[!!] Plugin: not registered with OpenClaw. Run: safeclaw setup');
+            allOk = false;
+        }
+    }
+    catch {
+        console.log('[??] Plugin: could not check OpenClaw plugin list');
+    }
+    // Summary
+    console.log('');
+    if (allOk) {
+        console.log('All checks passed. SafeClaw is ready.');
+    }
+    else {
+        console.log('Some checks failed. Fix the issues above.');
+    }
+}
 else {
     console.log('Usage: safeclaw <command>');
     console.log('');
     console.log('Commands:');
-    console.log('  connect <api-key>  Save your API key to ~/.safeclaw/config.json');
+    console.log('  connect <api-key>  Connect to SafeClaw and register with OpenClaw');
+    console.log('  setup              Register SafeClaw plugin with OpenClaw (no key needed)');
+    console.log('  status             Check SafeClaw + OpenClaw connection status');
     console.log('  tui                Open the interactive SafeClaw settings TUI');
     console.log('  restart-openclaw   Restart the OpenClaw daemon');
     process.exit(0);

package/dist/index.js

@@ -80,7 +80,7 @@ async function checkConnection() {
     }
 }
 export default {
-    id: 'openclaw-safeclaw-plugin',
+    id: 'safeclaw',
     name: 'SafeClaw Neurosymbolic Governance',
     version: '0.1.2',
     register(api) {

package/index.ts

@@ -105,7 +105,7 @@ async function checkConnection(): Promise<void> {
 }
 
 export default {
-  id: 'openclaw-safeclaw-plugin',
+  id: 'safeclaw',
   name: 'SafeClaw Neurosymbolic Governance',
   version: '0.1.2',
 

package/openclaw.plugin.json

@@ -0,0 +1,31 @@
+{
+  "id": "safeclaw",
+  "name": "SafeClaw Neurosymbolic Governance",
+  "description": "Validates AI agent actions against OWL ontologies and SHACL constraints before execution",
+  "version": "0.5.1",
+  "configSchema": {
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {
+      "serviceUrl": {
+        "type": "string",
+        "description": "SafeClaw service URL",
+        "default": "https://api.safeclaw.eu/api/v1"
+      },
+      "apiKey": {
+        "type": "string",
+        "description": "SafeClaw API key"
+      },
+      "enforcement": {
+        "type": "string",
+        "enum": ["enforce", "warn-only", "audit-only", "disabled"],
+        "default": "enforce"
+      },
+      "failMode": {
+        "type": "string",
+        "enum": ["open", "closed"],
+        "default": "open"
+      }
+    }
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-safeclaw-plugin",
-  "version": "0.5.1",
+  "version": "0.7.1",
   "description": "SafeClaw Neurosymbolic Governance plugin for OpenClaw — validates AI agent actions against OWL ontologies and SHACL constraints",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -13,8 +13,14 @@
     "typecheck": "tsc --noEmit",
     "prepublishOnly": "npm run build"
   },
+  "openclaw": {
+    "extensions": [
+      "dist/index.js"
+    ]
+  },
   "files": [
     "dist/",
+    "openclaw.plugin.json",
     "index.ts",
     "cli.tsx",
     "tui/",