openclaw-safeclaw-plugin 0.7.2 → 0.8.1

package/README.md

@@ -56,7 +56,7 @@ Set via environment variables or `~/.safeclaw/config.json`:
 |----------|---------|-------------|
 | `SAFECLAW_URL` | `https://api.safeclaw.eu/api/v1` | SafeClaw service URL |
 | `SAFECLAW_API_KEY` | *(empty)* | API key (set automatically by `safeclaw connect`) |
-| `SAFECLAW_TIMEOUT_MS` | `500` | Request timeout in ms |
+| `SAFECLAW_TIMEOUT_MS` | `5000` | Request timeout in ms |
 | `SAFECLAW_ENABLED` | `true` | Set `false` to disable |
 | `SAFECLAW_ENFORCEMENT` | `enforce` | `enforce`, `warn-only`, `audit-only`, or `disabled` |
 | `SAFECLAW_FAIL_MODE` | `open` | `open` (allow on failure) or `closed` (block on failure) |

package/cli.tsx

@@ -2,38 +2,90 @@
 import React from 'react';
 import { render } from 'ink';
 import { execSync } from 'child_process';
-import { readFileSync, writeFileSync, mkdirSync, chmodSync, existsSync } from 'fs';
-import { join } from 'path';
+import { readFileSync, writeFileSync, mkdirSync, chmodSync, existsSync, copyFileSync, lstatSync, unlinkSync, rmSync } from 'fs';
+import { join, dirname } from 'path';
 import { homedir } from 'os';
+import { fileURLToPath } from 'url';
 import App from './tui/App.js';
+import { loadConfig } from './tui/config.js';
 
-function registerWithOpenClaw(): boolean {
-  // Use OpenClaw's native plugin install mechanism
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+function readJson(path: string): Record<string, unknown> {
   try {
-    execSync('openclaw plugins install openclaw-safeclaw-plugin', {
-      encoding: 'utf-8',
-      timeout: 30000,
-      stdio: 'pipe',
-    });
-    return true;
+    return JSON.parse(readFileSync(path, 'utf-8'));
   } catch {
-    // Fallback: try linking from the global npm install location
-    try {
-      const globalRoot = execSync('npm root -g', { encoding: 'utf-8', timeout: 5000 }).trim();
-      const pluginPath = join(globalRoot, 'openclaw-safeclaw-plugin');
-      if (existsSync(pluginPath)) {
-        execSync(`openclaw plugins install --link "${pluginPath}"`, {
-          encoding: 'utf-8',
-          timeout: 15000,
-          stdio: 'pipe',
-        });
-        return true;
+    return {};
+  }
+}
+
+function registerWithOpenClaw(): boolean {
+  const pluginRoot = join(__dirname, '..');  // one level up from dist/
+  const extensionDir = join(homedir(), '.openclaw', 'extensions', 'safeclaw');
+  const entryPoint = join(pluginRoot, 'dist', 'index.js');
+  const manifestSrc = join(pluginRoot, 'openclaw.plugin.json');
+
+  // Clean up stale symlink if it exists
+  try {
+    if (existsSync(extensionDir)) {
+      const stat = lstatSync(extensionDir);
+      if (stat.isSymbolicLink()) {
+        unlinkSync(extensionDir);
       }
-    } catch {
-      // Both methods failed
     }
+  } catch { /* ignore */ }
+
+  // Create extension directory with manifest + loader that imports from npm install
+  try {
+    mkdirSync(extensionDir, { recursive: true });
+
+    // Copy the manifest
+    if (existsSync(manifestSrc)) {
+      copyFileSync(manifestSrc, join(extensionDir, 'openclaw.plugin.json'));
+    } else {
+      // Write manifest inline if source file missing
+      writeFileSync(join(extensionDir, 'openclaw.plugin.json'), JSON.stringify({
+        id: 'safeclaw',
+        name: 'SafeClaw Neurosymbolic Governance',
+        configSchema: { type: 'object', additionalProperties: false, properties: {} },
+      }, null, 2) + '\n');
+    }
+
+    // Create index.js that loads from the actual npm install location
+    writeFileSync(join(extensionDir, 'index.js'),
+      `export { default } from '${entryPoint}';\n`);
+  } catch (e) {
+    console.warn(`Warning: Could not create extension: ${e instanceof Error ? e.message : e}`);
+    return false;
+  }
+
+  // Enable plugin in ~/.openclaw/openclaw.json
+  const openclawConfigPath = join(homedir(), '.openclaw', 'openclaw.json');
+  const ocConfig = readJson(openclawConfigPath);
+
+  if (!ocConfig.plugins || typeof ocConfig.plugins !== 'object') {
+    ocConfig.plugins = {};
+  }
+  const plugins = ocConfig.plugins as Record<string, unknown>;
+  if (!plugins.entries || typeof plugins.entries !== 'object') {
+    plugins.entries = {};
+  }
+  const entries = plugins.entries as Record<string, unknown>;
+
+  if (!entries.safeclaw || typeof entries.safeclaw !== 'object') {
+    entries.safeclaw = { enabled: true };
+  } else {
+    (entries.safeclaw as Record<string, unknown>).enabled = true;
+  }
+
+  try {
+    writeFileSync(openclawConfigPath, JSON.stringify(ocConfig, null, 2) + '\n');
+  } catch (e) {
+    console.warn(`Warning: Could not update OpenClaw config: ${e instanceof Error ? e.message : e}`);
+    return false;
   }
-  return false;
+
+  return true;
 }
 
 const args = process.argv.slice(2);
@@ -125,9 +177,15 @@ if (command === 'connect') {
     console.log('Try: openclaw plugins install openclaw-safeclaw-plugin');
   }
 } else if (command === 'status') {
+  const cfg = loadConfig();
   const configPath = join(homedir(), '.safeclaw', 'config.json');
   let allOk = true;
 
+  // 0. Active config summary
+  console.log(`Config: enforcement=${cfg.enforcement}, failMode=${cfg.failMode}, timeout=${cfg.timeoutMs}ms`);
+  console.log(`Service: ${cfg.serviceUrl}`);
+  console.log('');
+
   // 1. Config file
   if (existsSync(configPath)) {
     console.log('[ok] Config file: ' + configPath);
@@ -137,20 +195,9 @@ if (command === 'connect') {
   }
 
   // 2. API key
-  let apiKey = '';
-  let serviceUrl = 'https://api.safeclaw.eu/api/v1';
-  if (existsSync(configPath)) {
-    try {
-      const cfg = JSON.parse(readFileSync(configPath, 'utf-8'));
-      const remote = cfg.remote as Record<string, string> | undefined;
-      apiKey = remote?.apiKey ?? '';
-      serviceUrl = remote?.serviceUrl ?? serviceUrl;
-    } catch { /* ignore */ }
-  }
-
-  if (apiKey && apiKey.startsWith('sc_')) {
+  if (cfg.apiKey && cfg.apiKey.startsWith('sc_')) {
     console.log('[ok] API key: configured (sc_...)');
-  } else if (apiKey) {
+  } else if (cfg.apiKey) {
     console.log('[!!] API key: invalid (must start with sc_)');
     allOk = false;
   } else {
@@ -158,25 +205,64 @@ if (command === 'connect') {
     allOk = false;
   }
 
-  // 3. SafeClaw service reachable
+  // 3. SafeClaw service — health check (uses same timeout as plugin)
+  let serviceHealthy = false;
   try {
-    const res = await fetch(`${serviceUrl}/health`, {
-      signal: AbortSignal.timeout(5000),
-      headers: apiKey ? { 'Authorization': `Bearer ${apiKey}` } : {},
+    const res = await fetch(`${cfg.serviceUrl}/health`, {
+      signal: AbortSignal.timeout(cfg.timeoutMs),
+      headers: cfg.apiKey ? { 'Authorization': `Bearer ${cfg.apiKey}` } : {},
     });
     if (res.ok) {
       const data = await res.json() as Record<string, unknown>;
-      console.log(`[ok] SafeClaw service: ${data.status ?? 'ok'} (${serviceUrl})`);
+      console.log(`[ok] Service health: ${data.status ?? 'ok'}`);
+      serviceHealthy = true;
     } else {
-      console.log(`[!!] SafeClaw service: HTTP ${res.status} (${serviceUrl})`);
+      console.log(`[!!] Service health: HTTP ${res.status}`);
       allOk = false;
     }
-  } catch {
-    console.log(`[!!] SafeClaw service: unreachable (${serviceUrl})`);
+  } catch (e) {
+    const isTimeout = e instanceof DOMException && e.name === 'TimeoutError';
+    console.log(`[!!] Service health: ${isTimeout ? `timeout after ${cfg.timeoutMs}ms` : 'unreachable'}`);
     allOk = false;
   }
 
-  // 4. OpenClaw installed
+  // 4. SafeClaw service — evaluate endpoint (the actual gate)
+  if (serviceHealthy) {
+    try {
+      const res = await fetch(`${cfg.serviceUrl}/evaluate/tool-call`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          ...(cfg.apiKey ? { 'Authorization': `Bearer ${cfg.apiKey}` } : {}),
+        },
+        body: JSON.stringify({
+          sessionId: 'status-check',
+          userId: 'status-check',
+          toolName: 'echo',
+          params: { message: 'status-check' },
+        }),
+        signal: AbortSignal.timeout(cfg.timeoutMs),
+      });
+      if (res.ok || res.status === 422) {
+        // 422 = validation error is fine — means the service is processing requests
+        console.log('[ok] Service evaluate: responding');
+      } else if (res.status === 401 || res.status === 403) {
+        console.log('[ok] Service evaluate: responding (auth required)');
+      } else {
+        console.log(`[!!] Service evaluate: HTTP ${res.status}`);
+        allOk = false;
+      }
+    } catch (e) {
+      const isTimeout = e instanceof DOMException && e.name === 'TimeoutError';
+      console.log(`[!!] Service evaluate: ${isTimeout ? `timeout after ${cfg.timeoutMs}ms` : 'unreachable'}`);
+      if (cfg.failMode === 'closed') {
+        console.log('     ↳ failMode=closed means ALL tool calls will be blocked!');
+      }
+      allOk = false;
+    }
+  }
+
+  // 5. OpenClaw installed
   try {
     execSync('which openclaw', { encoding: 'utf-8', stdio: 'pipe' });
     console.log('[ok] OpenClaw: installed');
@@ -185,21 +271,41 @@ if (command === 'connect') {
     allOk = false;
   }
 
-  // 5. Plugin registered with OpenClaw
-  try {
-    const pluginList = execSync('openclaw plugins list', {
-      encoding: 'utf-8',
-      timeout: 10000,
-      stdio: 'pipe',
-    });
-    if (pluginList.includes('safeclaw')) {
-      console.log('[ok] Plugin: registered with OpenClaw');
+  // 6. Plugin extension files exist
+  const extensionDir = join(homedir(), '.openclaw', 'extensions', 'safeclaw');
+  const hasManifest = existsSync(join(extensionDir, 'openclaw.plugin.json'));
+  const hasEntry = existsSync(join(extensionDir, 'index.js'));
+  if (hasManifest && hasEntry) {
+    console.log('[ok] Plugin files: ' + extensionDir);
+  } else if (existsSync(extensionDir)) {
+    const stat = lstatSync(extensionDir);
+    if (stat.isSymbolicLink()) {
+      console.log('[!!] Plugin: stale symlink (run safeclaw setup to fix)');
     } else {
-      console.log('[!!] Plugin: not registered with OpenClaw. Run: safeclaw setup');
+      console.log('[!!] Plugin: missing files in ' + extensionDir);
+    }
+    allOk = false;
+  } else {
+    console.log('[!!] Plugin: not installed. Run: safeclaw setup');
+    allOk = false;
+  }
+
+  // 7. Plugin enabled in OpenClaw config
+  const ocConfigPath = join(homedir(), '.openclaw', 'openclaw.json');
+  if (existsSync(ocConfigPath)) {
+    const ocConfig = readJson(ocConfigPath);
+    const plugins = ocConfig.plugins as Record<string, unknown> | undefined;
+    const entries = plugins?.entries as Record<string, unknown> | undefined;
+    const safeclaw = entries?.safeclaw as Record<string, unknown> | undefined;
+    if (safeclaw?.enabled) {
+      console.log('[ok] OpenClaw config: safeclaw enabled');
+    } else {
+      console.log('[!!] OpenClaw config: safeclaw not enabled');
       allOk = false;
     }
-  } catch {
-    console.log('[??] Plugin: could not check OpenClaw plugin list');
+  } else {
+    console.log('[!!] OpenClaw config: not found');
+    allOk = false;
   }
 
   // Summary

package/dist/cli.js

@@ -2,39 +2,83 @@
 import React from 'react';
 import { render } from 'ink';
 import { execSync } from 'child_process';
-import { readFileSync, writeFileSync, mkdirSync, chmodSync, existsSync } from 'fs';
-import { join } from 'path';
+import { readFileSync, writeFileSync, mkdirSync, chmodSync, existsSync, copyFileSync, lstatSync, unlinkSync } from 'fs';
+import { join, dirname } from 'path';
 import { homedir } from 'os';
+import { fileURLToPath } from 'url';
 import App from './tui/App.js';
-function registerWithOpenClaw() {
-    // Use OpenClaw's native plugin install mechanism
+import { loadConfig } from './tui/config.js';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+function readJson(path) {
     try {
-        execSync('openclaw plugins install openclaw-safeclaw-plugin', {
-            encoding: 'utf-8',
-            timeout: 30000,
-            stdio: 'pipe',
-        });
-        return true;
+        return JSON.parse(readFileSync(path, 'utf-8'));
     }
     catch {
-        // Fallback: try linking from the global npm install location
-        try {
-            const globalRoot = execSync('npm root -g', { encoding: 'utf-8', timeout: 5000 }).trim();
-            const pluginPath = join(globalRoot, 'openclaw-safeclaw-plugin');
-            if (existsSync(pluginPath)) {
-                execSync(`openclaw plugins install --link "${pluginPath}"`, {
-                    encoding: 'utf-8',
-                    timeout: 15000,
-                    stdio: 'pipe',
-                });
-                return true;
+        return {};
+    }
+}
+function registerWithOpenClaw() {
+    const pluginRoot = join(__dirname, '..'); // one level up from dist/
+    const extensionDir = join(homedir(), '.openclaw', 'extensions', 'safeclaw');
+    const entryPoint = join(pluginRoot, 'dist', 'index.js');
+    const manifestSrc = join(pluginRoot, 'openclaw.plugin.json');
+    // Clean up stale symlink if it exists
+    try {
+        if (existsSync(extensionDir)) {
+            const stat = lstatSync(extensionDir);
+            if (stat.isSymbolicLink()) {
+                unlinkSync(extensionDir);
             }
         }
-        catch {
-            // Both methods failed
+    }
+    catch { /* ignore */ }
+    // Create extension directory with manifest + loader that imports from npm install
+    try {
+        mkdirSync(extensionDir, { recursive: true });
+        // Copy the manifest
+        if (existsSync(manifestSrc)) {
+            copyFileSync(manifestSrc, join(extensionDir, 'openclaw.plugin.json'));
         }
+        else {
+            // Write manifest inline if source file missing
+            writeFileSync(join(extensionDir, 'openclaw.plugin.json'), JSON.stringify({
+                id: 'safeclaw',
+                name: 'SafeClaw Neurosymbolic Governance',
+                configSchema: { type: 'object', additionalProperties: false, properties: {} },
+            }, null, 2) + '\n');
+        }
+        // Create index.js that loads from the actual npm install location
+        writeFileSync(join(extensionDir, 'index.js'), `export { default } from '${entryPoint}';\n`);
+    }
+    catch (e) {
+        console.warn(`Warning: Could not create extension: ${e instanceof Error ? e.message : e}`);
+        return false;
     }
-    return false;
+    // Enable plugin in ~/.openclaw/openclaw.json
+    const openclawConfigPath = join(homedir(), '.openclaw', 'openclaw.json');
+    const ocConfig = readJson(openclawConfigPath);
+    if (!ocConfig.plugins || typeof ocConfig.plugins !== 'object') {
+        ocConfig.plugins = {};
+    }
+    const plugins = ocConfig.plugins;
+    if (!plugins.entries || typeof plugins.entries !== 'object') {
+        plugins.entries = {};
+    }
+    const entries = plugins.entries;
+    if (!entries.safeclaw || typeof entries.safeclaw !== 'object') {
+        entries.safeclaw = { enabled: true };
+    }
+    else {
+        entries.safeclaw.enabled = true;
+    }
+    try {
+        writeFileSync(openclawConfigPath, JSON.stringify(ocConfig, null, 2) + '\n');
+    }
+    catch (e) {
+        console.warn(`Warning: Could not update OpenClaw config: ${e instanceof Error ? e.message : e}`);
+        return false;
+    }
+    return true;
 }
 const args = process.argv.slice(2);
 const command = args[0];
@@ -124,8 +168,13 @@ else if (command === 'setup') {
     }
 }
 else if (command === 'status') {
+    const cfg = loadConfig();
     const configPath = join(homedir(), '.safeclaw', 'config.json');
     let allOk = true;
+    // 0. Active config summary
+    console.log(`Config: enforcement=${cfg.enforcement}, failMode=${cfg.failMode}, timeout=${cfg.timeoutMs}ms`);
+    console.log(`Service: ${cfg.serviceUrl}`);
+    console.log('');
     // 1. Config file
     if (existsSync(configPath)) {
         console.log('[ok] Config file: ' + configPath);
@@ -135,21 +184,10 @@ else if (command === 'status') {
         allOk = false;
     }
     // 2. API key
-    let apiKey = '';
-    let serviceUrl = 'https://api.safeclaw.eu/api/v1';
-    if (existsSync(configPath)) {
-        try {
-            const cfg = JSON.parse(readFileSync(configPath, 'utf-8'));
-            const remote = cfg.remote;
-            apiKey = remote?.apiKey ?? '';
-            serviceUrl = remote?.serviceUrl ?? serviceUrl;
-        }
-        catch { /* ignore */ }
-    }
-    if (apiKey && apiKey.startsWith('sc_')) {
+    if (cfg.apiKey && cfg.apiKey.startsWith('sc_')) {
         console.log('[ok] API key: configured (sc_...)');
     }
-    else if (apiKey) {
+    else if (cfg.apiKey) {
         console.log('[!!] API key: invalid (must start with sc_)');
         allOk = false;
     }
@@ -157,26 +195,67 @@ else if (command === 'status') {
         console.log('[!!] API key: not set. Run: safeclaw connect <api-key>');
         allOk = false;
     }
-    // 3. SafeClaw service reachable
+    // 3. SafeClaw service — health check (uses same timeout as plugin)
+    let serviceHealthy = false;
     try {
-        const res = await fetch(`${serviceUrl}/health`, {
-            signal: AbortSignal.timeout(5000),
-            headers: apiKey ? { 'Authorization': `Bearer ${apiKey}` } : {},
+        const res = await fetch(`${cfg.serviceUrl}/health`, {
+            signal: AbortSignal.timeout(cfg.timeoutMs),
+            headers: cfg.apiKey ? { 'Authorization': `Bearer ${cfg.apiKey}` } : {},
         });
         if (res.ok) {
             const data = await res.json();
-            console.log(`[ok] SafeClaw service: ${data.status ?? 'ok'} (${serviceUrl})`);
+            console.log(`[ok] Service health: ${data.status ?? 'ok'}`);
+            serviceHealthy = true;
         }
         else {
-            console.log(`[!!] SafeClaw service: HTTP ${res.status} (${serviceUrl})`);
+            console.log(`[!!] Service health: HTTP ${res.status}`);
             allOk = false;
         }
     }
-    catch {
-        console.log(`[!!] SafeClaw service: unreachable (${serviceUrl})`);
+    catch (e) {
+        const isTimeout = e instanceof DOMException && e.name === 'TimeoutError';
+        console.log(`[!!] Service health: ${isTimeout ? `timeout after ${cfg.timeoutMs}ms` : 'unreachable'}`);
         allOk = false;
     }
-    // 4. OpenClaw installed
+    // 4. SafeClaw service — evaluate endpoint (the actual gate)
+    if (serviceHealthy) {
+        try {
+            const res = await fetch(`${cfg.serviceUrl}/evaluate/tool-call`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...(cfg.apiKey ? { 'Authorization': `Bearer ${cfg.apiKey}` } : {}),
+                },
+                body: JSON.stringify({
+                    sessionId: 'status-check',
+                    userId: 'status-check',
+                    toolName: 'echo',
+                    params: { message: 'status-check' },
+                }),
+                signal: AbortSignal.timeout(cfg.timeoutMs),
+            });
+            if (res.ok || res.status === 422) {
+                // 422 = validation error is fine — means the service is processing requests
+                console.log('[ok] Service evaluate: responding');
+            }
+            else if (res.status === 401 || res.status === 403) {
+                console.log('[ok] Service evaluate: responding (auth required)');
+            }
+            else {
+                console.log(`[!!] Service evaluate: HTTP ${res.status}`);
+                allOk = false;
+            }
+        }
+        catch (e) {
+            const isTimeout = e instanceof DOMException && e.name === 'TimeoutError';
+            console.log(`[!!] Service evaluate: ${isTimeout ? `timeout after ${cfg.timeoutMs}ms` : 'unreachable'}`);
+            if (cfg.failMode === 'closed') {
+                console.log('     ↳ failMode=closed means ALL tool calls will be blocked!');
+            }
+            allOk = false;
+        }
+    }
+    // 5. OpenClaw installed
     try {
         execSync('which openclaw', { encoding: 'utf-8', stdio: 'pipe' });
         console.log('[ok] OpenClaw: installed');
@@ -185,23 +264,45 @@ else if (command === 'status') {
         console.log('[!!] OpenClaw: not found in PATH');
         allOk = false;
     }
-    // 5. Plugin registered with OpenClaw
-    try {
-        const pluginList = execSync('openclaw plugins list', {
-            encoding: 'utf-8',
-            timeout: 10000,
-            stdio: 'pipe',
-        });
-        if (pluginList.includes('safeclaw')) {
-            console.log('[ok] Plugin: registered with OpenClaw');
+    // 6. Plugin extension files exist
+    const extensionDir = join(homedir(), '.openclaw', 'extensions', 'safeclaw');
+    const hasManifest = existsSync(join(extensionDir, 'openclaw.plugin.json'));
+    const hasEntry = existsSync(join(extensionDir, 'index.js'));
+    if (hasManifest && hasEntry) {
+        console.log('[ok] Plugin files: ' + extensionDir);
+    }
+    else if (existsSync(extensionDir)) {
+        const stat = lstatSync(extensionDir);
+        if (stat.isSymbolicLink()) {
+            console.log('[!!] Plugin: stale symlink (run safeclaw setup to fix)');
+        }
+        else {
+            console.log('[!!] Plugin: missing files in ' + extensionDir);
+        }
+        allOk = false;
+    }
+    else {
+        console.log('[!!] Plugin: not installed. Run: safeclaw setup');
+        allOk = false;
+    }
+    // 7. Plugin enabled in OpenClaw config
+    const ocConfigPath = join(homedir(), '.openclaw', 'openclaw.json');
+    if (existsSync(ocConfigPath)) {
+        const ocConfig = readJson(ocConfigPath);
+        const plugins = ocConfig.plugins;
+        const entries = plugins?.entries;
+        const safeclaw = entries?.safeclaw;
+        if (safeclaw?.enabled) {
+            console.log('[ok] OpenClaw config: safeclaw enabled');
         }
         else {
-            console.log('[!!] Plugin: not registered with OpenClaw. Run: safeclaw setup');
+            console.log('[!!] OpenClaw config: safeclaw not enabled');
             allOk = false;
         }
     }
-    catch {
-        console.log('[??] Plugin: could not check OpenClaw plugin list');
+    else {
+        console.log('[!!] OpenClaw config: not found');
+        allOk = false;
     }
     // Summary
     console.log('');

package/dist/tui/config.js

@@ -16,10 +16,10 @@ export function loadConfig() {
     const defaults = {
         serviceUrl: 'https://api.safeclaw.eu/api/v1',
         apiKey: '',
-        timeoutMs: 500,
+        timeoutMs: 5000,
         enabled: true,
         enforcement: 'enforce',
-        failMode: 'closed',
+        failMode: 'open',
         agentId: '',
         agentToken: '',
     };
@@ -73,8 +73,8 @@ export function loadConfig() {
     }
     const validFailModes = ['open', 'closed'];
     if (!validFailModes.includes(defaults.failMode)) {
-        console.warn(`[SafeClaw] Invalid fail mode "${defaults.failMode}", defaulting to "closed"`);
-        defaults.failMode = 'closed';
+        console.warn(`[SafeClaw] Invalid fail mode "${defaults.failMode}", defaulting to "open"`);
+        defaults.failMode = 'open';
     }
     return defaults;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-safeclaw-plugin",
-  "version": "0.7.2",
+  "version": "0.8.1",
   "description": "SafeClaw Neurosymbolic Governance plugin for OpenClaw — validates AI agent actions against OWL ontologies and SHACL constraints",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/tui/config.ts

@@ -34,10 +34,10 @@ export function loadConfig(): SafeClawConfig {
   const defaults: SafeClawConfig = {
     serviceUrl: 'https://api.safeclaw.eu/api/v1',
     apiKey: '',
-    timeoutMs: 500,
+    timeoutMs: 5000,
     enabled: true,
     enforcement: 'enforce',
-    failMode: 'closed',
+    failMode: 'open',
     agentId: '',
     agentToken: '',
   };
@@ -79,8 +79,8 @@ export function loadConfig(): SafeClawConfig {
 
   const validFailModes = ['open', 'closed'] as const;
   if (!validFailModes.includes(defaults.failMode as any)) {
-    console.warn(`[SafeClaw] Invalid fail mode "${defaults.failMode}", defaulting to "closed"`);
-    defaults.failMode = 'closed';
+    console.warn(`[SafeClaw] Invalid fail mode "${defaults.failMode}", defaulting to "open"`);
+    defaults.failMode = 'open';
   }
 
   return defaults;