openclaw-safeclaw-plugin 1.1.0 → 1.2.0

package/index.ts

@@ -7,6 +7,7 @@
  * to the SafeClaw service and acts on the responses.
  */
 
+import type { OpenClawPluginApi, OpenClawPluginEvent, OpenClawPluginContext } from 'openclaw/plugin-sdk/core';
 import { loadConfig, configHash } from './tui/config.js';
 import crypto from 'crypto';
 import { createRequire } from 'module';
@@ -21,13 +22,23 @@ const CONFIG_RELOAD_INTERVAL_MS = 60_000; // Reload config every 60 seconds
 let config = loadConfig();
 let configLoadedAt = Date.now();
 
+// OpenClaw plugin config — merged on top of file config when available
+let _ocPluginConfig: Record<string, unknown> = {};
+
+// Logger — defaults to console, replaced by api.logger when available
+let log: { info: (...args: unknown[]) => void; warn: (...args: unknown[]) => void; error: (...args: unknown[]) => void } = console;
+
 function getConfig(): typeof config {
   const now = Date.now();
   if (now - configLoadedAt >= CONFIG_RELOAD_INTERVAL_MS) {
     config = loadConfig();
     configLoadedAt = now;
   }
-  return config;
+  // OpenClaw config takes priority over file config
+  return {
+    ...config,
+    ...Object.fromEntries(Object.entries(_ocPluginConfig).filter(([_, v]) => v != null)),
+  } as typeof config;
 }
 
 // --- HTTP Client ---
@@ -57,53 +68,50 @@ async function post(path: string, body: Record<string, unknown>): Promise<Record
         const rawDetail = errBody.detail ?? `HTTP ${res.status}`;
         const detail = typeof rawDetail === 'string' ? rawDetail : JSON.stringify(rawDetail);
         const hint = errBody.hint ? ` (${errBody.hint})` : '';
-        console.warn(`[SafeClaw] ${path}: ${detail}${hint}`);
+        log.warn(`[SafeClaw] ${path}: ${detail}${hint}`);
       } catch {
-        console.warn(`[SafeClaw] HTTP ${res.status} from ${path}`);
+        log.warn(`[SafeClaw] HTTP ${res.status} from ${path}`);
       }
       return null;  // Caller checks failMode
     }
     return await res.json() as Record<string, unknown>;
   } catch (e) {
     if (e instanceof DOMException && e.name === 'TimeoutError') {
-      console.warn(`[SafeClaw] Timeout after ${cfg.timeoutMs}ms on ${path} (${cfg.serviceUrl})`);
+      log.warn(`[SafeClaw] Timeout after ${cfg.timeoutMs}ms on ${path} (${cfg.serviceUrl})`);
     } else if (e instanceof TypeError && (e.message.includes('fetch') || e.message.includes('ECONNREFUSED'))) {
-      console.warn(`[SafeClaw] Connection refused: ${cfg.serviceUrl}${path} — is the service running?`);
+      log.warn(`[SafeClaw] Connection refused: ${cfg.serviceUrl}${path} — is the service running?`);
     } else {
-      console.warn(`[SafeClaw] Service unavailable: ${cfg.serviceUrl}${path}`);
+      log.warn(`[SafeClaw] Service unavailable: ${cfg.serviceUrl}${path}`);
     }
     return null;  // Caller checks failMode
   }
 }
 
-// --- Plugin Definition ---
-
-interface PluginEvent {
-  sessionId?: string;
-  userId?: string;
-  [key: string]: unknown;
-}
-
-interface PluginContext {
-  sessionId?: string;
-  userId?: string;
-  [key: string]: unknown;
+async function get(path: string): Promise<Record<string, unknown> | null> {
+  const cfg = getConfig();
+  if (!cfg.enabled) return null;
+  const headers: Record<string, string> = {};
+  if (cfg.apiKey) headers['Authorization'] = `Bearer ${cfg.apiKey}`;
+  try {
+    const res = await fetch(`${cfg.serviceUrl}${path}`, {
+      signal: AbortSignal.timeout(cfg.timeoutMs),
+      headers,
+    });
+    if (!res.ok) return null;
+    return await res.json() as Record<string, unknown>;
+  } catch {
+    return null;
+  }
 }
 
-interface PluginApi {
-  on(
-    event: string,
-    handler: (event: PluginEvent, ctx: PluginContext) => Promise<Record<string, unknown> | void> | void,
-    options?: { priority?: number },
-  ): void;
-}
+// --- Plugin Definition ---
 
 let handshakeCompleted = false;
 
 async function performHandshake(): Promise<boolean> {
   const cfg = getConfig();
   if (!cfg.apiKey) {
-    console.warn('[SafeClaw] No API key configured — skipping handshake');
+    log.warn('[SafeClaw] No API key configured — skipping handshake');
     return false;
   }
 
@@ -113,11 +121,11 @@ async function performHandshake(): Promise<boolean> {
   });
 
   if (r === null) {
-    console.warn('[SafeClaw] ✗ Handshake failed — API key may be invalid or service unreachable');
+    log.warn('[SafeClaw] Handshake failed — API key may be invalid or service unreachable');
     return false;
   }
 
-  console.log(`[SafeClaw] ✓ Handshake OK — org=${r.orgId}, scope=${r.scope}, engine=${r.engineReady ? 'ready' : 'not ready'}`);
+  log.info(`[SafeClaw] Handshake OK — org=${r.orgId}, scope=${r.scope}, engine=${r.engineReady ? 'ready' : 'not ready'}`);
   handshakeCompleted = true;
   return true;
 }
@@ -125,8 +133,8 @@ async function performHandshake(): Promise<boolean> {
 async function checkConnection(): Promise<void> {
   const cfg = getConfig();
   const label = `[SafeClaw]`;
-  console.log(`${label} Connecting to ${cfg.serviceUrl} ...`);
-  console.log(`${label} Mode: enforcement=${cfg.enforcement}, failMode=${cfg.failMode}`);
+  log.info(`${label} Connecting to ${cfg.serviceUrl} ...`);
+  log.info(`${label} Mode: enforcement=${cfg.enforcement}, failMode=${cfg.failMode}`);
 
   try {
     const res = await fetch(`${cfg.serviceUrl}/health`, {
@@ -134,16 +142,16 @@ async function checkConnection(): Promise<void> {
     });
     if (res.ok) {
       const data = await res.json() as Record<string, unknown>;
-      console.log(`${label} ✓ Connected — service ${data.status ?? 'ok'}`);
+      log.info(`${label} Connected — service ${data.status ?? 'ok'}`);
     } else {
-      console.warn(`${label} ✗ Service responded with HTTP ${res.status}`);
+      log.warn(`${label} Service responded with HTTP ${res.status}`);
     }
   } catch {
-    console.warn(`${label} ✗ Cannot reach service at ${cfg.serviceUrl}`);
+    log.warn(`${label} Cannot reach service at ${cfg.serviceUrl}`);
     if (cfg.failMode === 'closed') {
-      console.warn(`${label}   fail-mode=closed → tool calls will be BLOCKED until service is reachable`);
+      log.warn(`${label}   fail-mode=closed — tool calls will be BLOCKED until service is reachable`);
     } else {
-      console.warn(`${label}   fail-mode=open → tool calls will be ALLOWED despite no connection`);
+      log.warn(`${label}   fail-mode=open — tool calls will be ALLOWED despite no connection`);
     }
   }
 }
@@ -153,12 +161,15 @@ export default {
   name: 'SafeClaw Neurosymbolic Governance',
   version: PLUGIN_VERSION,
 
-  register(api: PluginApi) {
+  register(api: OpenClawPluginApi) {
     if (!getConfig().enabled) {
       console.log('[SafeClaw] Plugin disabled');
       return;
     }
 
+    log = api.logger ?? console;
+    _ocPluginConfig = api.pluginConfig ?? {};
+
     // Generate a unique instance ID for this plugin run (fallback when agentId is not configured)
     const instanceId = getConfig().agentId || `instance-${crypto.randomUUID()}`;
 
@@ -175,21 +186,9 @@ export default {
       }
     };
 
-    // Start heartbeat only after connection check + handshake completes (#84)
+    // Clean shutdown: send shutdown heartbeat and clear interval (#194)
     let heartbeatInterval: ReturnType<typeof setInterval> | undefined;
-    checkConnection()
-      .then(() => performHandshake())
-      .then((ok) => {
-        if (!ok && getConfig().failMode === 'closed') {
-          console.warn('[SafeClaw] Handshake failed with fail-mode=closed — tool calls will be BLOCKED');
-        }
-        heartbeatInterval = setInterval(sendHeartbeat, 30000);
-        return sendHeartbeat();
-      })
-      .catch(() => {});
 
-    // Clean shutdown: send shutdown heartbeat and clear interval
-    // Use async shutdown for SIGINT/SIGTERM where async is supported (#55)
     const shutdown = async () => {
       if (heartbeatInterval) clearInterval(heartbeatInterval);
       try {
@@ -202,30 +201,58 @@ export default {
         // Best-effort shutdown notification
       }
     };
-    process.on('SIGINT', async () => { await shutdown(); process.exit(0); });
-    process.on('SIGTERM', async () => { await shutdown(); process.exit(0); });
 
-    // THE GATE — constraint checking on every tool call
-    api.on('before_tool_call', async (event: PluginEvent, ctx: PluginContext) => {
+    // Start heartbeat after connection check + handshake completes (#84)
+    const startupPromise = checkConnection()
+      .then(() => performHandshake())
+      .then((ok) => {
+        if (!ok && getConfig().failMode === 'closed') {
+          log.warn('[SafeClaw] Handshake failed with fail-mode=closed — tool calls will be BLOCKED');
+        }
+        heartbeatInterval = setInterval(sendHeartbeat, 30000);
+        return sendHeartbeat();
+      })
+      .catch(() => {});
+
+    // Register as an OpenClaw service so the gateway manages our lifecycle.
+    // The service's stop() method sends the shutdown heartbeat — no process.exit()
+    // needed, which avoids killing the entire gateway process (#194).
+    if (api.registerService) {
+      api.registerService({
+        id: 'safeclaw-governance',
+        start() { /* startup handled above via startupPromise */ },
+        async stop() {
+          await startupPromise;  // Ensure startup finished before tearing down
+          await shutdown();
+        },
+      });
+    } else {
+      // Fallback for older OpenClaw versions without registerService:
+      // No process.exit() — just clean up on beforeExit
+      process.on('beforeExit', () => { shutdown().catch(() => {}); });
+    }
+
+    // THE GATE — constraint checking on every tool call (#195: use correct OpenClaw field names)
+    api.on('before_tool_call', async (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
       const cfg = getConfig();
       if (!handshakeCompleted && cfg.failMode === 'closed' && cfg.enforcement === 'enforce') {
         return { block: true, blockReason: 'SafeClaw handshake not completed (fail-closed)' };
       }
 
       const r = await post('/evaluate/tool-call', {
-        sessionId: ctx.sessionId ?? event.sessionId,
-        userId: ctx.userId ?? event.userId,
-        toolName: event.toolName ?? event.tool_name,
+        sessionId: ctx.sessionId ?? event.sessionId ?? '',
+        userId: ctx.agentId ?? '',
+        toolName: event.toolName ?? '',
         params: event.params ?? {},
-        sessionHistory: event.sessionHistory ?? [],
+        runId: ctx.runId ?? '',
       });
 
       if (r === null && cfg.failMode === 'closed' && cfg.enforcement === 'enforce') {
         return { block: true, blockReason: `SafeClaw service unavailable at ${cfg.serviceUrl} (fail-closed)` };
       } else if (r === null && cfg.failMode === 'closed' && cfg.enforcement === 'warn-only') {
-        console.warn(`[SafeClaw] Service unavailable at ${cfg.serviceUrl} (fail-closed mode, warn-only)`);
+        log.warn(`[SafeClaw] Service unavailable at ${cfg.serviceUrl} (fail-closed mode, warn-only)`);
       } else if (r === null && cfg.failMode === 'closed' && cfg.enforcement === 'audit-only') {
-        console.warn(`[SafeClaw] Service unavailable at ${cfg.serviceUrl} (fail-closed mode, audit-only)`);
+        log.warn(`[SafeClaw] Service unavailable at ${cfg.serviceUrl} (fail-closed mode, audit-only)`);
       }
       if (r?.block) {
         const blockReason = (r.reason as string) || 'Blocked by SafeClaw (no reason provided)';
@@ -233,76 +260,209 @@ export default {
           return { block: true, blockReason };
         }
         if (cfg.enforcement === 'warn-only') {
-          console.warn(`[SafeClaw] Warning: ${blockReason}`);
+          log.warn(`[SafeClaw] Warning: ${blockReason}`);
         }
         // audit-only: logged server-side, no action here
       }
     }, { priority: 100 });
 
     // Context injection — prepend governance context to agent system prompt
-    api.on('before_agent_start', async (event: PluginEvent, ctx: PluginContext) => {
+    // (#195: before_agent_start is deprecated; use before_prompt_build + prependSystemContext)
+    api.on('before_prompt_build', async (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
       const r = await post('/context/build', {
-        sessionId: ctx.sessionId ?? event.sessionId,
-        userId: ctx.userId ?? event.userId,
+        sessionId: ctx.sessionId ?? event.sessionId ?? '',
+        userId: ctx.agentId ?? '',
       });
 
       if (r?.prependContext) {
-        return { prependContext: r.prependContext as string };
+        return { prependSystemContext: r.prependContext as string };
       }
     }, { priority: 100 });
 
     // Message governance — check outbound messages
-    api.on('message_sending', async (event: PluginEvent, ctx: PluginContext) => {
+    // (#195: use ctx.conversationId/sessionId, ctx.accountId; return only { cancel: true })
+    api.on('message_sending', async (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
       const cfg = getConfig();
       const r = await post('/evaluate/message', {
-        sessionId: ctx.sessionId ?? event.sessionId,
-        userId: ctx.userId ?? event.userId,
+        sessionId: ctx.conversationId ?? ctx.sessionId ?? event.sessionId ?? '',
+        userId: ctx.accountId ?? '',
         to: event.to,
         content: event.content,
+        channelId: ctx.channelId ?? '',
       });
 
       if (r === null && cfg.failMode === 'closed' && cfg.enforcement === 'enforce') {
-        return { cancel: true, cancelReason: 'SafeClaw service unavailable (fail-closed mode)' };
+        log.warn('[SafeClaw] Blocking message: service unavailable (fail-closed mode)');
+        return { cancel: true };
       } else if (r === null && cfg.failMode === 'closed' && cfg.enforcement === 'warn-only') {
-        console.warn('[SafeClaw] Service unavailable (fail-closed mode, warn-only)');
+        log.warn('[SafeClaw] Service unavailable (fail-closed mode, warn-only)');
       } else if (r === null && cfg.failMode === 'closed' && cfg.enforcement === 'audit-only') {
-        console.info('[SafeClaw] audit-only: service unreachable, allowing message (fail-closed)');
+        log.info('[SafeClaw] audit-only: service unreachable, allowing message (fail-closed)');
       }
       if (r?.block) {
         const blockReason = (r.reason as string) || 'Blocked by SafeClaw (no reason provided)';
         if (cfg.enforcement === 'enforce') {
-          return { cancel: true, cancelReason: blockReason };
+          log.warn(`[SafeClaw] Blocking message: ${blockReason}`);
+          return { cancel: true };
         }
         if (cfg.enforcement === 'warn-only') {
-          console.warn(`[SafeClaw] Warning: ${blockReason}`);
+          log.warn(`[SafeClaw] Warning: ${blockReason}`);
         }
         // audit-only: logged server-side, no action here
       }
     }, { priority: 100 });
 
     // Async logging — fire-and-forget, no return value needed
-    api.on('llm_input', (event: PluginEvent, ctx: PluginContext) => {
+    // (#195: use event.prompt for input, event.lastAssistant for output; add provider/model)
+    api.on('llm_input', (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
       post('/log/llm-input', {
-        sessionId: ctx.sessionId ?? event.sessionId,
-        content: event.content,
+        sessionId: event.sessionId ?? ctx.sessionId ?? '',
+        content: event.prompt ?? '',
+        provider: event.provider ?? '',
+        model: event.model ?? '',
       }).catch(() => {});
     });
 
-    api.on('llm_output', (event: PluginEvent, ctx: PluginContext) => {
+    api.on('llm_output', (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
       post('/log/llm-output', {
-        sessionId: ctx.sessionId ?? event.sessionId,
-        content: event.content,
+        sessionId: event.sessionId ?? ctx.sessionId ?? '',
+        content: event.lastAssistant ?? '',
+        provider: event.provider ?? '',
+        model: event.model ?? '',
+        usage: event.usage ?? {},
       }).catch(() => {});
     });
 
-    api.on('after_tool_call', (event: PluginEvent, ctx: PluginContext) => {
+    // (#195: use event.toolName, !event.error for success, add durationMs and error)
+    api.on('after_tool_call', (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
       post('/record/tool-result', {
-        sessionId: ctx.sessionId ?? event.sessionId,
-        toolName: event.toolName ?? event.tool_name,
+        sessionId: ctx.sessionId ?? event.sessionId ?? '',
+        toolName: event.toolName ?? '',
         params: event.params ?? {},
         result: event.result ?? '',
-        success: event.success ?? false,
-      }).catch((e) => console.warn('[SafeClaw] Failed to record tool result:', e));
+        success: !event.error,
+        error: event.error ? String(event.error) : '',
+        durationMs: event.durationMs ?? 0,
+      }).catch((e) => log.warn('[SafeClaw] Failed to record tool result:', e));
+    });
+
+    // Subagent governance — block delegation bypass attempts (#188)
+    api.on('subagent_spawning', async (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
+      const cfg = getConfig();
+      const r = await post('/evaluate/subagent-spawn', {
+        sessionId: ctx.sessionId ?? event.sessionId,
+        userId: ctx.agentId,
+        parentAgentId: event.parentAgentId,
+        childConfig: event.childConfig ?? {},
+        reason: event.reason ?? '',
+      });
+
+      if (r?.block && cfg.enforcement === 'enforce') {
+        throw new Error((r.reason as string) || 'Blocked by SafeClaw: delegation bypass detected');
+      }
+      if (r?.block && cfg.enforcement === 'warn-only') {
+        log.warn(`[SafeClaw] Subagent spawn warning: ${r.reason}`);
+      }
+    }, { priority: 100 });
+
+    // Subagent ended — record child agent lifecycle (#188)
+    api.on('subagent_ended', (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
+      post('/record/subagent-ended', {
+        sessionId: ctx.sessionId ?? event.sessionId,
+        parentAgentId: event.parentAgentId,
+        childAgentId: event.childAgentId,
+      }).catch(() => {});
     });
+
+    // Session lifecycle — notify service of session start (#189)
+    api.on('session_start', (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
+      post('/session/start', {
+        sessionId: ctx.sessionId ?? event.sessionId,
+        userId: ctx.agentId,
+        agentId: instanceId,
+        metadata: event.metadata ?? {},
+      }).catch(() => {});
+    });
+
+    // Session lifecycle — notify service of session end (#189)
+    api.on('session_end', (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
+      post('/session/end', {
+        sessionId: ctx.sessionId ?? event.sessionId,
+        userId: ctx.agentId,
+        agentId: instanceId,
+      }).catch(() => {});
+    });
+
+    // Inbound message governance — evaluate received messages (#190)
+    api.on('message_received', (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
+      post('/evaluate/inbound-message', {
+        sessionId: ctx.sessionId ?? event.sessionId,
+        userId: ctx.agentId,
+        channel: event.channel ?? (ctx as any).channelId ?? '',
+        sender: event.sender ?? '',
+        content: event.content ?? '',
+        metadata: event.metadata ?? {},
+      }).catch(() => {});
+    });
+
+    // Agent tools — let agents introspect governance state (#197)
+    if (api.registerTool) {
+      api.registerTool({
+        name: 'safeclaw_status',
+        description: 'Check SafeClaw governance service status, enforcement mode, and active constraints',
+        parameters: {},
+        async execute(_params: Record<string, unknown>, _ctx: Record<string, unknown>) {
+          const health = await get('/health');
+          const cfg = getConfig();
+          return {
+            status: health?.status ?? 'unreachable',
+            enforcement: cfg.enforcement,
+            failMode: cfg.failMode,
+            serviceUrl: cfg.serviceUrl,
+            handshakeCompleted,
+          };
+        },
+      });
+
+      api.registerTool({
+        name: 'safeclaw_check_action',
+        description: 'Check if a specific tool call would be allowed by SafeClaw governance (dry run, no side effects)',
+        parameters: {
+          type: 'object',
+          properties: {
+            toolName: { type: 'string', description: 'Tool name to check' },
+            params: { type: 'object', description: 'Tool parameters to validate' },
+          },
+          required: ['toolName'],
+        },
+        async execute(params: Record<string, unknown>, ctx: Record<string, unknown>) {
+          const r = await post('/evaluate/tool-call', {
+            sessionId: (ctx as any).sessionId ?? '',
+            userId: (ctx as any).agentId ?? '',
+            toolName: params.toolName,
+            params: (params.params as Record<string, unknown>) ?? {},
+            dryRun: true,
+          });
+          return r ?? { error: 'Service unreachable' };
+        },
+      });
+    }
+
+    // CLI extension — `safeclaw status` command (#197)
+    if (api.registerCli) {
+      api.registerCli(({ program }: { program: any }) => {
+        const cmd = program.command('safeclaw').description('SafeClaw governance controls');
+        cmd.command('status')
+          .description('Show SafeClaw service status and enforcement mode')
+          .action(async () => {
+            const cfg = getConfig();
+            const health = await get('/health');
+            console.log(`SafeClaw: ${health?.status ?? 'unreachable'}`);
+            console.log(`  Enforcement: ${cfg.enforcement}`);
+            console.log(`  Fail mode: ${cfg.failMode}`);
+            console.log(`  Service: ${cfg.serviceUrl}`);
+          });
+      }, { commands: ['safeclaw'] });
+    }
   },
 };

package/openclaw.plugin.json

@@ -2,7 +2,12 @@
   "id": "safeclaw",
   "name": "SafeClaw Neurosymbolic Governance",
   "description": "Validates AI agent actions against OWL ontologies and SHACL constraints before execution",
-  "version": "0.5.1",
+  "version": "1.1.0",
+  "author": "Tendly EU",
+  "license": "MIT",
+  "homepage": "https://safeclaw.eu",
+  "repository": "https://github.com/tendlyeu/SafeClaw",
+  "category": "security",
   "configSchema": {
     "type": "object",
     "additionalProperties": false,
@@ -10,7 +15,7 @@
       "serviceUrl": {
         "type": "string",
         "description": "SafeClaw service URL",
-        "default": "https://api.safeclaw.eu/api/v1"
+        "default": "http://localhost:8420/api/v1"
       },
       "apiKey": {
         "type": "string",
@@ -19,12 +24,32 @@
       "enforcement": {
         "type": "string",
         "enum": ["enforce", "warn-only", "audit-only", "disabled"],
-        "default": "enforce"
+        "default": "enforce",
+        "description": "Enforcement mode: enforce blocks violations, warn-only logs, audit-only records silently"
       },
       "failMode": {
         "type": "string",
         "enum": ["open", "closed"],
-        "default": "open"
+        "default": "open",
+        "description": "Behavior when service is unreachable: open allows actions, closed blocks them"
+      },
+      "agentId": {
+        "type": "string",
+        "description": "Agent identifier for multi-agent governance"
+      },
+      "agentToken": {
+        "type": "string",
+        "description": "Agent authentication token"
+      },
+      "timeoutMs": {
+        "type": "number",
+        "default": 5000,
+        "description": "HTTP timeout for service calls in milliseconds"
+      },
+      "enabled": {
+        "type": "boolean",
+        "default": true,
+        "description": "Master enable/disable switch"
       }
     }
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-safeclaw-plugin",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "SafeClaw Neurosymbolic Governance plugin for OpenClaw — validates AI agent actions against OWL ontologies and SHACL constraints",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -25,7 +25,8 @@
     "cli.tsx",
     "tui/",
     "SKILL.md",
-    "README.md"
+    "README.md",
+    "policies/"
   ],
   "keywords": [
     "openclaw",
@@ -55,6 +56,14 @@
     "@types/react": "^19.2.14",
     "typescript": "^5.4.0"
   },
+  "peerDependencies": {
+    "openclaw": ">=2026.1.0"
+  },
+  "peerDependenciesMeta": {
+    "openclaw": {
+      "optional": true
+    }
+  },
   "engines": {
     "node": ">=18.0.0"
   },

package/policies/safeclaw.yaml

@@ -0,0 +1,14 @@
+# SafeClaw governance service egress policy
+# Compatible with NemoClaw 0.1.x policy format
+# Apply with: nemoclaw policy-add safeclaw
+rules:
+  - name: safeclaw-remote
+    host: "api.safeclaw.eu"
+    port: 443
+    protocol: https
+    allow: true
+  - name: safeclaw-host-local
+    host: "host.containers.internal"
+    port: 8420
+    protocol: http
+    allow: true

package/tui/Status.tsx

@@ -5,7 +5,7 @@ import { existsSync, readFileSync } from 'fs';
 import { join, dirname } from 'path';
 import { homedir } from 'os';
 import { fileURLToPath } from 'url';
-import { type SafeClawConfig } from './config.js';
+import { type SafeClawConfig, isNemoClawSandbox, getSandboxName } from './config.js';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const PKG_VERSION = JSON.parse(readFileSync(join(__dirname, '..', '..', 'package.json'), 'utf-8')).version as string;
@@ -256,6 +256,14 @@ export default function Status({ config }: StatusProps) {
         </Text>
       </Box>
 
+      {isNemoClawSandbox() && (
+        <Box>
+          <Text dimColor>{'  NemoClaw     '}</Text>
+          <Text color="green">{dot} </Text>
+          <Text>Sandbox: {getSandboxName()}</Text>
+        </Box>
+      )}
+
       {health?.version && (
         <Box marginTop={1}>
           <Text dimColor>{'  Service v'}</Text>