openclaw-safeclaw-plugin 1.0.0 → 1.2.0

package/README.md

@@ -1,72 +1,247 @@
 # openclaw-safeclaw-plugin
 
-Neurosymbolic governance plugin for OpenClaw AI agents. Validates every tool call, message, and action against safety constraints before execution.
+Neurosymbolic governance plugin for OpenClaw AI agents. Validates every tool call, message, and action against OWL ontologies and SHACL constraints before execution.
 
-## Install
+## Installation
+
+### Via ClawHub (recommended)
 
 ```bash
-npm install -g openclaw-safeclaw-plugin
+openclaw plugins install safeclaw
 ```
 
-## Quick Start
-
-1. Sign up at [safeclaw.eu](https://safeclaw.eu) and create an API key
-2. Install and connect:
+### Manual install
 
 ```bash
 npm install -g openclaw-safeclaw-plugin
-safeclaw connect <your-api-key>
-safeclaw restart-openclaw
+safeclaw-plugin setup
+safeclaw-plugin restart-openclaw
 ```
 
-That's it. Every tool call your AI agent makes is now governed by SafeClaw.
+The `setup` command copies the plugin manifest to `~/.openclaw/extensions/safeclaw/` and enables it in `~/.openclaw/openclaw.json`. After install, restart OpenClaw to activate the plugin.
 
-## Commands
+## Quick Start
 
-```
-safeclaw connect <api-key>  Connect to SafeClaw and register with OpenClaw
-safeclaw setup              Register plugin with OpenClaw (no key needed)
-safeclaw tui                Open the interactive settings TUI
-safeclaw restart-openclaw   Restart the OpenClaw daemon
-```
+1. Install the plugin (see above)
+2. Connect to SafeClaw (cloud or self-hosted):
 
-## What It Does
+```bash
+# Cloud
+safeclaw-plugin connect <your-api-key>
 
-- **Blocks dangerous actions** — force push, deleting root, exposing secrets
-- **Enforces dependencies** — tests must pass before git push
-- **Checks user preferences** — confirmation for irreversible actions
-- **Governs messages** — blocks sensitive data leaks
-- **Full audit trail** — every decision logged with ontological justification
+# Self-hosted
+safeclaw-plugin config set serviceUrl http://localhost:8420/api/v1
+```
 
-## How It Works
+3. Restart OpenClaw:
 
-The plugin registers hooks on OpenClaw events:
+```bash
+safeclaw-plugin restart-openclaw
+```
 
-1. **before_tool_call** — validates against SHACL shapes, policies, preferences, dependencies
-2. **before_agent_start** — injects governance context into the agent's system prompt
-3. **message_sending** — checks outbound messages for sensitive data
-4. **after_tool_call** — records action outcomes for dependency tracking
-5. **llm_input/output** — logs LLM interactions for audit
+Every tool call your AI agent makes is now governed by SafeClaw.
 
 ## Configuration
 
-Set via environment variables or `~/.safeclaw/config.json`:
+Configuration is resolved in this order (later sources override earlier ones):
+
+1. **Defaults** -- hardcoded in the plugin
+2. **Config file** -- `~/.safeclaw/config.json`
+3. **Environment variables** -- `SAFECLAW_*` prefixed vars
+4. **OpenClaw plugin config** -- values from `api.pluginConfig` (set via OpenClaw settings UI or `openclaw.json`)
+
+### Config file
+
+Created automatically by `safeclaw-plugin connect`. Structure:
+
+```json
+{
+  "enabled": true,
+  "remote": {
+    "serviceUrl": "http://localhost:8420/api/v1",
+    "apiKey": "sc_live_..."
+  },
+  "enforcement": {
+    "mode": "enforce",
+    "failMode": "open"
+  }
+}
+```
+
+### Environment variables
 
 | Variable | Default | Description |
 |----------|---------|-------------|
-| `SAFECLAW_URL` | `https://api.safeclaw.eu/api/v1` | SafeClaw service URL |
-| `SAFECLAW_API_KEY` | *(empty)* | API key (set automatically by `safeclaw connect`) |
-| `SAFECLAW_TIMEOUT_MS` | `5000` | Request timeout in ms |
-| `SAFECLAW_ENABLED` | `true` | Set `false` to disable |
-| `SAFECLAW_ENFORCEMENT` | `enforce` | `enforce`, `warn-only`, `audit-only`, or `disabled` |
-| `SAFECLAW_FAIL_MODE` | `open` | `open` (allow on failure) or `closed` (block on failure) |
+| `SAFECLAW_URL` | `http://localhost:8420/api/v1` | SafeClaw service URL |
+| `SAFECLAW_API_KEY` | *(empty)* | API key for authentication |
+| `SAFECLAW_TIMEOUT_MS` | `5000` | HTTP request timeout in milliseconds |
+| `SAFECLAW_ENABLED` | `true` | Set `false` to disable the plugin entirely |
+| `SAFECLAW_ENFORCEMENT` | `enforce` | Enforcement mode (see below) |
+| `SAFECLAW_FAIL_MODE` | `open` | Fail mode (see below) |
+| `SAFECLAW_AGENT_ID` | *(empty)* | Agent identifier for multi-agent governance |
+| `SAFECLAW_AGENT_TOKEN` | *(empty)* | Agent authentication token |
+
+### OpenClaw plugin config
+
+When running inside OpenClaw, the plugin reads `api.pluginConfig` which maps to the `configSchema` in `openclaw.plugin.json`. These values take priority over the config file. Set them via the OpenClaw settings UI or directly in `~/.openclaw/openclaw.json`:
+
+```json
+{
+  "plugins": {
+    "entries": {
+      "safeclaw": {
+        "enabled": true,
+        "config": {
+          "enforcement": "enforce",
+          "failMode": "open",
+          "serviceUrl": "http://localhost:8420/api/v1"
+        }
+      }
+    }
+  }
+}
+```
 
 ## Enforcement Modes
 
-- **`enforce`** — block actions that violate constraints (recommended)
-- **`warn-only`** — log warnings but allow all actions
-- **`audit-only`** — server-side logging only, no client-side action
-- **`disabled`** — plugin is completely inactive
+| Mode | Behavior |
+|------|----------|
+| `enforce` | Block tool calls and messages that violate constraints. Recommended for production. |
+| `warn-only` | Log warnings but allow all actions through. Useful during initial rollout. |
+| `audit-only` | Server-side logging only, no client-side warnings or blocks. |
+| `disabled` | Plugin is completely inactive. No HTTP calls to the service. |
+
+## Fail Modes
+
+Controls what happens when the SafeClaw service is unreachable:
+
+| Mode | Behavior |
+|------|----------|
+| `open` | Allow all actions when the service is unavailable. Default. |
+| `closed` | Block all actions when the service is unavailable. Use when safety is critical. |
+
+## Hooks
+
+The plugin registers 11 hooks on OpenClaw events. Each hook communicates with the SafeClaw service via HTTP.
+
+### Blocking hooks (can prevent actions)
+
+| Hook | Priority | Description |
+|------|----------|-------------|
+| `before_tool_call` | 100 | The main gate. Evaluates every tool call against SHACL shapes, policies, preferences, and dependencies. Returns `{ block: true }` if the action violates constraints. |
+| `message_sending` | 100 | Checks outbound messages for sensitive data leaks, contact rule violations, and content policy. Returns `{ cancel: true }` to block. |
+| `subagent_spawning` | 100 | Evaluates child agent spawn requests. Detects delegation bypass attempts where a blocked parent tries to spawn an unrestricted child. |
+
+### Context hooks (modify agent behavior)
+
+| Hook | Priority | Description |
+|------|----------|-------------|
+| `before_prompt_build` | 100 | Injects governance context into the agent system prompt via `prependSystemContext`. Tells the agent what constraints are active. |
+
+### Recording hooks (fire-and-forget)
+
+| Hook | Description |
+|------|-------------|
+| `after_tool_call` | Records tool execution results (success/failure, duration, errors) for dependency tracking and audit. |
+| `llm_input` | Logs the prompt sent to the LLM, including provider and model name. |
+| `llm_output` | Logs the LLM response, including token usage. |
+| `subagent_ended` | Records child agent lifecycle completion. |
+| `session_start` | Notifies the service when a new session begins. |
+| `session_end` | Notifies the service when a session ends. |
+| `message_received` | Evaluates inbound messages for governance (sender, channel, content). |
+
+## Agent Tools
+
+The plugin registers two tools that agents can call to introspect governance state.
+
+### `safeclaw_status`
+
+Returns the current governance status. No parameters.
+
+```json
+{
+  "status": "ok",
+  "enforcement": "enforce",
+  "failMode": "open",
+  "serviceUrl": "http://localhost:8420/api/v1",
+  "handshakeCompleted": true
+}
+```
+
+### `safeclaw_check_action`
+
+Dry-run check of whether a tool call would be allowed. No side effects.
+
+**Parameters:**
+- `toolName` (string, required) -- tool name to check
+- `params` (object, optional) -- tool parameters to validate
+
+```json
+{
+  "block": false,
+  "reason": null,
+  "constraints": ["shacl:ActionShape", "policy:NoForceOnMain"]
+}
+```
+
+## CLI Commands
+
+The plugin ships a standalone CLI (`safeclaw-plugin`) and registers a `safeclaw` subcommand in the OpenClaw CLI via `api.registerCli`.
+
+### Standalone CLI
+
+```
+safeclaw-plugin connect <api-key>    Save API key, validate via handshake, register with OpenClaw
+safeclaw-plugin setup                Register plugin with OpenClaw (no key needed)
+safeclaw-plugin restart-openclaw     Restart the OpenClaw daemon
+safeclaw-plugin status               Run diagnostics (config, service, handshake, OpenClaw, NemoClaw)
+safeclaw-plugin config show          Show current configuration
+safeclaw-plugin config set <k> <v>   Set a config value (enforcement, failMode, enabled, serviceUrl)
+safeclaw-plugin tui                  Open interactive settings TUI
+```
+
+### OpenClaw CLI extension
+
+When loaded by OpenClaw, the plugin adds:
+
+```
+openclaw safeclaw status    Show SafeClaw service status and enforcement mode
+```
+
+## NemoClaw Sandbox
+
+When running inside a NemoClaw sandbox (detected via the `OPENSHELL_SANDBOX` environment variable), the plugin automatically adjusts:
+
+- **Service URL**: `localhost` is rewritten to `host.containers.internal` since the sandbox runs in a container and cannot reach the host's loopback interface directly.
+- **Egress policy**: The bundled `policies/safeclaw.yaml` defines the network rules NemoClaw needs to allow SafeClaw traffic.
+
+### Setup
+
+1. Copy the egress policy into your NemoClaw configuration:
+
+```bash
+nemoclaw policy-add safeclaw
+```
+
+Or manually copy `policies/safeclaw.yaml` to your NemoClaw policy directory.
+
+2. The policy allows two destinations:
+   - `api.safeclaw.eu:443` (HTTPS) -- cloud service
+   - `host.containers.internal:8420` (HTTP) -- self-hosted service on the host machine
+
+3. No additional configuration is needed. The plugin detects the sandbox automatically and adjusts the service URL.
+
+## Architecture
+
+This plugin is a thin HTTP bridge (~450 lines). All governance logic lives in the SafeClaw Python service. The plugin:
+
+1. Registers hooks on OpenClaw events
+2. Forwards event data to the SafeClaw service via HTTP POST
+3. Acts on the service response (block, warn, or allow)
+4. Sends a heartbeat every 30 seconds with config hash
+5. Registers as an OpenClaw service for clean lifecycle management (no `process.exit()`)
+
+The plugin performs a handshake with the service on startup to validate the API key and confirm the engine is ready. If the handshake fails and `failMode` is `closed`, all tool calls are blocked until the service becomes reachable.
 
 ## License
 

package/SKILL.md

@@ -1,48 +1,49 @@
-# SafeClaw — Neurosymbolic Governance for OpenClaw
+# SafeClaw -- Neurosymbolic Governance for OpenClaw
 
-SafeClaw adds ontology-based constraint checking to your OpenClaw agent. Every tool call, message, and action is validated against OWL ontologies and SHACL shapes before execution.
+SafeClaw validates every tool call, message, and agent action against OWL ontologies and SHACL constraints before execution. It acts as a governance gate between your AI agent and the tools it uses.
 
 ## What it does
 
-- **Blocks dangerous actions** — force push, deleting root, exposing secrets
-- **Enforces dependencies** — tests must pass before git push
-- **Checks user preferences** — confirmation for irreversible actions based on autonomy level
-- **Governs messages** — blocks sensitive data leaks, enforces never-contact lists
-- **Full audit trail** — every decision logged with ontological justification
+- **Blocks dangerous actions** -- force push, deleting root, exposing secrets
+- **Enforces dependencies** -- tests must pass before git push
+- **Checks user preferences** -- confirmation for irreversible actions based on autonomy level
+- **Governs messages** -- blocks sensitive data leaks, enforces contact rules
+- **Controls subagent delegation** -- prevents blocked parents from spawning unrestricted children
+- **Full audit trail** -- every decision logged with ontological justification
 
-## Setup
+## Hooks
 
-The plugin connects to `https://api.safeclaw.eu/api/v1` by default — no configuration needed.
+11 hooks covering the full agent lifecycle:
 
-### Self-hosted mode
+- `before_tool_call` -- constraint gate for every tool invocation
+- `before_prompt_build` -- injects governance context into system prompt
+- `message_sending` -- outbound message governance
+- `message_received` -- inbound message evaluation
+- `llm_input` / `llm_output` -- LLM interaction audit logging
+- `after_tool_call` -- records outcomes for dependency tracking
+- `subagent_spawning` / `subagent_ended` -- multi-agent governance
+- `session_start` / `session_end` -- session lifecycle tracking
 
-To run your own SafeClaw service, override the URL:
+## Agent tools
 
-```bash
-export SAFECLAW_URL="http://localhost:8420/api/v1"
-export SAFECLAW_API_KEY="sc_live_your_key_here"  # optional
-```
+- `safeclaw_status` -- check governance service status and active enforcement mode
+- `safeclaw_check_action` -- dry-run check if a specific tool call would be allowed
 
 ## Configuration
 
-Set via environment variables or `~/.safeclaw/config.json`:
+Set via OpenClaw plugin settings, `~/.safeclaw/config.json`, or `SAFECLAW_*` environment variables. Supports four enforcement modes (`enforce`, `warn-only`, `audit-only`, `disabled`) and two fail modes (`open`, `closed`).
+
+### NemoClaw sandbox
 
-| Variable | Default | Description |
-|----------|---------|-------------|
-| `SAFECLAW_URL` | `https://api.safeclaw.eu/api/v1` | SafeClaw service URL |
-| `SAFECLAW_API_KEY` | (empty) | API key for remote/cloud mode |
-| `SAFECLAW_TIMEOUT_MS` | `500` | Request timeout in milliseconds |
-| `SAFECLAW_ENABLED` | `true` | Set to `false` to disable |
-| `SAFECLAW_ENFORCEMENT` | `enforce` | `enforce`, `warn-only`, `audit-only`, or `disabled` |
+Automatically detects NemoClaw sandboxes and rewrites `localhost` to `host.containers.internal`. Includes a bundled egress policy at `policies/safeclaw.yaml`.
 
-## How it works
+### Self-hosted
 
-This plugin registers hooks on every OpenClaw event:
+Run the SafeClaw service locally:
 
-1. **before_tool_call** — validates against SHACL shapes, policies, preferences, dependencies
-2. **before_agent_start** — injects governance context into the agent's system prompt
-3. **message_sending** — checks outbound messages for sensitive data and contact rules
-4. **after_tool_call** — records action outcomes for dependency tracking
-5. **llm_input/output** — logs LLM interactions for audit
+```bash
+pip install safeclaw
+safeclaw serve
+```
 
-If the SafeClaw service is unavailable, the plugin degrades gracefully — no blocks, no crashes.
+The plugin connects to `http://localhost:8420/api/v1` by default.

package/cli.tsx

@@ -2,14 +2,15 @@
 import React from 'react';
 import { render } from 'ink';
 import { execSync } from 'child_process';
-import { readFileSync, writeFileSync, mkdirSync, chmodSync, existsSync, copyFileSync, lstatSync, unlinkSync, rmSync } from 'fs';
+import { readFileSync, writeFileSync, mkdirSync, existsSync, copyFileSync, lstatSync, unlinkSync, rmSync } from 'fs';
 import { join, dirname } from 'path';
 import { homedir } from 'os';
 import { fileURLToPath } from 'url';
 import App from './tui/App.js';
-import { loadConfig } from './tui/config.js';
+import { loadConfig, saveConfig, isNemoClawSandbox, getSandboxName, type SafeClawConfig } from './tui/config.js';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
+const PKG_VERSION = JSON.parse(readFileSync(join(__dirname, '..', 'package.json'), 'utf-8')).version as string;
 
 function readJson(path: string): Record<string, unknown> {
   try {
@@ -91,7 +92,10 @@ function registerWithOpenClaw(): boolean {
 const args = process.argv.slice(2);
 const command = args[0];
 
-if (command === 'connect') {
+// Handle --help / -h for any command position
+if (!command || command === '--help' || command === '-h' || command === 'help') {
+  // Fall through to the else block at the bottom which prints full help
+} else if (command === 'connect') {
   const apiKey = args[1];
   const serviceUrlIdx = args.indexOf('--service-url');
   const serviceUrl = serviceUrlIdx !== -1 && args[serviceUrlIdx + 1]
@@ -99,7 +103,7 @@ if (command === 'connect') {
     : 'https://api.safeclaw.eu/api/v1';
 
   if (!apiKey || apiKey.startsWith('--')) {
-    console.error('Usage: safeclaw connect <api-key> [--service-url <url>]');
+    console.error('Usage: safeclaw-plugin connect <api-key> [--service-url <url>]');
     process.exit(1);
   }
 
@@ -129,10 +133,9 @@ if (command === 'connect') {
   (config.remote as Record<string, string>).apiKey = apiKey;
   (config.remote as Record<string, string>).serviceUrl = serviceUrl;
 
-  // Write config with owner-only permissions
-  mkdirSync(configDir, { recursive: true });
-  writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n');
-  chmodSync(configPath, 0o600);
+  // Write config with owner-only permissions (atomic mode via writeFileSync option)
+  mkdirSync(configDir, { recursive: true, mode: 0o700 });
+  writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', { mode: 0o600 });
 
   console.log(`API key saved to ${configPath}`);
 
@@ -144,7 +147,7 @@ if (command === 'connect') {
         'Content-Type': 'application/json',
         'Authorization': `Bearer ${apiKey}`,
       },
-      body: JSON.stringify({ pluginVersion: '0.1.3', configHash: '' }),
+      body: JSON.stringify({ pluginVersion: PKG_VERSION, configHash: '' }),
       signal: AbortSignal.timeout(5000),
     });
     if (res.ok) {
@@ -163,7 +166,7 @@ if (command === 'connect') {
     }
   } catch {
     console.warn(`Warning: API key saved but could not reach ${serviceUrl}`);
-    console.warn('Run "safeclaw status" later to verify the connection.');
+    console.warn('Run "safeclaw-plugin status" later to verify the connection.');
   }
 
   // Register with OpenClaw
@@ -173,13 +176,83 @@ if (command === 'connect') {
     console.log('SafeClaw plugin registered with OpenClaw.');
     console.log('');
     console.log('Restart OpenClaw to activate:');
-    console.log('  safeclaw restart-openclaw');
+    console.log('  safeclaw-plugin restart-openclaw');
   } else {
     console.log('');
     console.log('Could not auto-register with OpenClaw.');
     console.log('Register manually:');
     console.log('  openclaw plugins install openclaw-safeclaw-plugin');
   }
+} else if (command === 'config') {
+  const subcommand = args[1];
+
+  if (subcommand === 'show') {
+    const cfg = loadConfig();
+    console.log(`enabled:     ${cfg.enabled}`);
+    console.log(`enforcement: ${cfg.enforcement}`);
+    console.log(`failMode:    ${cfg.failMode}`);
+    console.log(`serviceUrl:  ${cfg.serviceUrl}`);
+    console.log(`apiKey:      ${cfg.apiKey ? `${cfg.apiKey.slice(0, 6)}...` : '(not set)'}`);
+    console.log(`timeoutMs:   ${cfg.timeoutMs}`);
+  } else if (subcommand === 'set') {
+    const key = args[2];
+    const value = args[3];
+
+    if (!key || !value) {
+      console.error('Usage: safeclaw-plugin config set <key> <value>');
+      console.error('');
+      console.error('Keys:');
+      console.error('  enforcement   enforce | warn-only | audit-only | disabled');
+      console.error('  failMode      open | closed');
+      console.error('  enabled       true | false');
+      console.error('  serviceUrl    https://...');
+      process.exit(1);
+    }
+
+    const cfg = loadConfig();
+    const validEnforcement = ['enforce', 'warn-only', 'audit-only', 'disabled'] as const;
+    const validFailModes = ['open', 'closed'] as const;
+
+    if (key === 'enforcement') {
+      if (!validEnforcement.includes(value as any)) {
+        console.error(`Invalid enforcement mode: "${value}". Valid: ${validEnforcement.join(', ')}`);
+        process.exit(1);
+      }
+      cfg.enforcement = value as SafeClawConfig['enforcement'];
+    } else if (key === 'failMode') {
+      if (!validFailModes.includes(value as any)) {
+        console.error(`Invalid fail mode: "${value}". Valid: ${validFailModes.join(', ')}`);
+        process.exit(1);
+      }
+      cfg.failMode = value as SafeClawConfig['failMode'];
+    } else if (key === 'enabled') {
+      if (value !== 'true' && value !== 'false') {
+        console.error('Invalid value for enabled: must be "true" or "false"');
+        process.exit(1);
+      }
+      cfg.enabled = value === 'true';
+    } else if (key === 'serviceUrl') {
+      cfg.serviceUrl = value;
+    } else {
+      console.error(`Unknown config key: "${key}"`);
+      console.error('Valid keys: enforcement, failMode, enabled, serviceUrl');
+      process.exit(1);
+    }
+
+    try {
+      saveConfig(cfg);
+    } catch (e) {
+      console.error(`Error: ${e instanceof Error ? e.message : e}`);
+      process.exit(1);
+    }
+    console.log(`Set ${key} = ${value}`);
+  } else {
+    console.error('Usage: safeclaw-plugin config <show|set>');
+    console.error('');
+    console.error('  show          Display all current config values');
+    console.error('  set <k> <v>   Set a config value (enforcement, failMode, enabled, serviceUrl)');
+    process.exit(1);
+  }
 } else if (command === 'tui') {
   render(React.createElement(App));
 } else if (command === 'restart-openclaw') {
@@ -200,8 +273,8 @@ if (command === 'connect') {
     console.log('');
     console.log('Next steps:');
     console.log('  1. Get an API key at https://safeclaw.eu/dashboard');
-    console.log('  2. Run: safeclaw connect <your-api-key>');
-    console.log('  3. Run: safeclaw restart-openclaw');
+    console.log('  2. Run: safeclaw-plugin connect <your-api-key>');
+    console.log('  3. Run: safeclaw-plugin restart-openclaw');
   } else {
     console.log('Could not auto-register.');
     console.log('Try: openclaw plugins install openclaw-safeclaw-plugin');
@@ -220,7 +293,7 @@ if (command === 'connect') {
   if (existsSync(configPath)) {
     console.log('[ok] Config file: ' + configPath);
   } else {
-    console.log('[!!] Config file not found. Run: safeclaw connect <api-key>');
+    console.log('[!!] Config file not found. Run: safeclaw-plugin connect <api-key>');
     allOk = false;
   }
 
@@ -231,7 +304,7 @@ if (command === 'connect') {
     console.log('[!!] API key: invalid (must start with sc_)');
     allOk = false;
   } else {
-    console.log('[!!] API key: not set. Run: safeclaw connect <api-key>');
+    console.log('[!!] API key: not set. Run: safeclaw-plugin connect <api-key>');
     allOk = false;
   }
 
@@ -306,7 +379,7 @@ if (command === 'connect') {
           'Content-Type': 'application/json',
           'Authorization': `Bearer ${cfg.apiKey}`,
         },
-        body: JSON.stringify({ pluginVersion: '0.1.3', configHash: '' }),
+        body: JSON.stringify({ pluginVersion: PKG_VERSION, configHash: '' }),
         signal: AbortSignal.timeout(cfg.timeoutMs),
       });
       if (res.ok) {
@@ -341,7 +414,7 @@ if (command === 'connect') {
     }
   } else if (serviceHealthy && !cfg.apiKey) {
     console.log('[!!] Handshake: skipped — no API key configured');
-    console.log('     ↳ Run: safeclaw connect <your-api-key>');
+    console.log('     ↳ Run: safeclaw-plugin connect <your-api-key>');
     allOk = false;
   }
 
@@ -363,13 +436,13 @@ if (command === 'connect') {
   } else if (existsSync(extensionDir)) {
     const stat = lstatSync(extensionDir);
     if (stat.isSymbolicLink()) {
-      console.log('[!!] Plugin: stale symlink (run safeclaw setup to fix)');
+      console.log('[!!] Plugin: stale symlink (run safeclaw-plugin setup to fix)');
     } else {
       console.log('[!!] Plugin: missing files in ' + extensionDir);
     }
     allOk = false;
   } else {
-    console.log('[!!] Plugin: not installed. Run: safeclaw setup');
+    console.log('[!!] Plugin: not installed. Run: safeclaw-plugin setup');
     allOk = false;
   }
 
@@ -391,6 +464,13 @@ if (command === 'connect') {
     allOk = false;
   }
 
+  // 9. NemoClaw sandbox
+  if (isNemoClawSandbox()) {
+    console.log(`[ok] NemoClaw sandbox: ${getSandboxName()}`);
+  } else {
+    console.log('[--] NemoClaw: not in sandbox (standalone mode)');
+  }
+
   // Summary
   console.log('');
   if (allOk) {
@@ -399,13 +479,30 @@ if (command === 'connect') {
     console.log('Some checks failed. Fix the issues above.');
   }
 } else {
-  console.log('Usage: safeclaw <command>');
+  console.log('safeclaw-plugin — OpenClaw plugin CLI for SafeClaw governance');
+  console.log('');
+  console.log('Usage: safeclaw-plugin <command> [options]');
+  console.log('');
+  console.log('Setup:');
+  console.log('  connect <api-key>    Save API key, validate via handshake, register with OpenClaw');
+  console.log('                       Keys start with "sc_". Get yours at https://safeclaw.eu/dashboard');
+  console.log('  setup                Register plugin with OpenClaw without an API key (manual setup)');
+  console.log('  restart-openclaw     Restart the OpenClaw daemon to pick up plugin changes');
+  console.log('');
+  console.log('Diagnostics:');
+  console.log('  status               Run 8 checks: config, API key, service health, evaluate endpoint,');
+  console.log('                       handshake, OpenClaw binary, plugin files, OpenClaw config');
+  console.log('');
+  console.log('Configuration:');
+  console.log('  config show          Show current enforcement, failMode, enabled, serviceUrl, apiKey');
+  console.log('  config set <k> <v>   Set a config value. Keys: enforcement, failMode, enabled, serviceUrl');
+  console.log('                       enforcement: enforce | warn-only | audit-only | disabled');
+  console.log('                       failMode:    open (allow on error) | closed (block on error)');
+  console.log('                       enabled:     true | false');
+  console.log('');
+  console.log('Interactive:');
+  console.log('  tui                  Open the interactive settings TUI (Status, Settings, About tabs)');
   console.log('');
-  console.log('Commands:');
-  console.log('  connect <api-key>  Connect to SafeClaw and register with OpenClaw');
-  console.log('  setup              Register SafeClaw plugin with OpenClaw (no key needed)');
-  console.log('  status             Check SafeClaw + OpenClaw connection status');
-  console.log('  tui                Open the interactive SafeClaw settings TUI');
-  console.log('  restart-openclaw   Restart the OpenClaw daemon');
+  console.log('For the service CLI (serve, audit, policy, pref), use the "safeclaw" command.');
   process.exit(0);
 }