npm - openclaw-safeclaw-plugin - Versions diffs - 0.8.2 → 0.9.0 - Mend

openclaw-safeclaw-plugin 0.8.2 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -53,6 +53,24 @@ async function post(path, body) {
         return null; // Caller checks failMode
     }
 }
+let handshakeCompleted = false;
+async function performHandshake() {
+    if (!config.apiKey) {
+        console.warn('[SafeClaw] No API key configured — skipping handshake');
+        return false;
+    }
+    const r = await post('/handshake', {
+        pluginVersion: '0.1.3',
+        configHash: configHash(config),
+    });
+    if (r === null) {
+        console.warn('[SafeClaw] ✗ Handshake failed — API key may be invalid or service unreachable');
+        return false;
+    }
+    console.log(`[SafeClaw] ✓ Handshake OK — org=${r.orgId}, scope=${r.scope}, engine=${r.engineReady ? 'ready' : 'not ready'}`);
+    handshakeCompleted = true;
+    return true;
+}
 async function checkConnection() {
     const label = `[SafeClaw]`;
     console.log(`${label} Connecting to ${config.serviceUrl} ...`);
@@ -82,7 +100,7 @@ async function checkConnection() {
 export default {
     id: 'safeclaw',
     name: 'SafeClaw Neurosymbolic Governance',
-    version: '0.1.2',
+    version: '0.1.3',
     register(api) {
         if (!config.enabled) {
             console.log('[SafeClaw] Plugin disabled');
@@ -106,8 +124,16 @@ export default {
                 // Heartbeat failure is non-fatal
             }
         };
-        // Start heartbeat after connection check
-        checkConnection().then(() => sendHeartbeat()).catch(() => { });
+        // Start heartbeat after connection check + handshake
+        checkConnection()
+            .then(() => performHandshake())
+            .then((ok) => {
+            if (!ok && config.failMode === 'closed') {
+                console.warn('[SafeClaw] ⚠ Handshake failed with fail-mode=closed — tool calls will be BLOCKED');
+            }
+            return sendHeartbeat();
+        })
+            .catch(() => { });
         const heartbeatInterval = setInterval(sendHeartbeat, 30000);
         // Clean shutdown: send shutdown heartbeat and clear interval
         const shutdown = () => {
@@ -127,6 +153,9 @@ export default {
         process.on('SIGTERM', () => { shutdown(); process.exit(0); });
         // THE GATE — constraint checking on every tool call
         api.on('before_tool_call', async (event, ctx) => {
+            if (!handshakeCompleted && config.failMode === 'closed' && config.enforcement === 'enforce') {
+                return { block: true, blockReason: 'SafeClaw handshake not completed (fail-closed)' };
+            }
             const r = await post('/evaluate/tool-call', {
                 sessionId: ctx.sessionId ?? event.sessionId,
                 userId: ctx.userId ?? event.userId,

package/index.ts CHANGED Viewed

@@ -79,6 +79,29 @@ interface PluginApi {
   ): void;
 }
+let handshakeCompleted = false;
+async function performHandshake(): Promise<boolean> {
+  if (!config.apiKey) {
+    console.warn('[SafeClaw] No API key configured — skipping handshake');
+    return false;
+  }
+  const r = await post('/handshake', {
+    pluginVersion: '0.1.3',
+    configHash: configHash(config),
+  });
+  if (r === null) {
+    console.warn('[SafeClaw] ✗ Handshake failed — API key may be invalid or service unreachable');
+    return false;
+  }
+  console.log(`[SafeClaw] ✓ Handshake OK — org=${r.orgId}, scope=${r.scope}, engine=${r.engineReady ? 'ready' : 'not ready'}`);
+  handshakeCompleted = true;
+  return true;
+}
 async function checkConnection(): Promise<void> {
   const label = `[SafeClaw]`;
   console.log(`${label} Connecting to ${config.serviceUrl} ...`);
@@ -107,7 +130,7 @@ async function checkConnection(): Promise<void> {
 export default {
   id: 'safeclaw',
   name: 'SafeClaw Neurosymbolic Governance',
-  version: '0.1.2',
+  version: '0.1.3',
   register(api: PluginApi) {
     if (!config.enabled) {
@@ -133,8 +156,16 @@ export default {
       }
     };
-    // Start heartbeat after connection check
-    checkConnection().then(() => sendHeartbeat()).catch(() => {});
+    // Start heartbeat after connection check + handshake
+    checkConnection()
+      .then(() => performHandshake())
+      .then((ok) => {
+        if (!ok && config.failMode === 'closed') {
+          console.warn('[SafeClaw] ⚠ Handshake failed with fail-mode=closed — tool calls will be BLOCKED');
+        }
+        return sendHeartbeat();
+      })
+      .catch(() => {});
     const heartbeatInterval = setInterval(sendHeartbeat, 30000);
     // Clean shutdown: send shutdown heartbeat and clear interval
@@ -156,6 +187,10 @@ export default {
     // THE GATE — constraint checking on every tool call
     api.on('before_tool_call', async (event: PluginEvent, ctx: PluginContext) => {
+      if (!handshakeCompleted && config.failMode === 'closed' && config.enforcement === 'enforce') {
+        return { block: true, blockReason: 'SafeClaw handshake not completed (fail-closed)' };
+      }
       const r = await post('/evaluate/tool-call', {
         sessionId: ctx.sessionId ?? event.sessionId,
         userId: ctx.userId ?? event.userId,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-safeclaw-plugin",
-  "version": "0.8.2",
+  "version": "0.9.0",
   "description": "SafeClaw Neurosymbolic Governance plugin for OpenClaw — validates AI agent actions against OWL ontologies and SHACL constraints",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",