openclaw-safeclaw-plugin 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +214 -41
- package/SKILL.md +32 -31
- package/cli.tsx +8 -1
- package/dist/cli.js +8 -1
- package/dist/index.d.ts +2 -16
- package/dist/index.js +228 -58
- package/dist/tui/Status.js +2 -1
- package/dist/tui/config.d.ts +2 -0
- package/dist/tui/config.js +24 -1
- package/index.ts +243 -83
- package/openclaw.plugin.json +29 -4
- package/package.json +11 -2
- package/policies/safeclaw.yaml +14 -0
- package/tui/Status.tsx +9 -1
- package/tui/config.ts +27 -1
package/tui/config.ts
CHANGED
|
@@ -78,6 +78,14 @@ export function loadConfig(): SafeClawConfig {
|
|
|
78
78
|
if (process.env.SAFECLAW_AGENT_ID) defaults.agentId = process.env.SAFECLAW_AGENT_ID;
|
|
79
79
|
if (process.env.SAFECLAW_AGENT_TOKEN) defaults.agentToken = process.env.SAFECLAW_AGENT_TOKEN;
|
|
80
80
|
|
|
81
|
+
// NemoClaw sandbox detection
|
|
82
|
+
if (process.env.OPENSHELL_SANDBOX) {
|
|
83
|
+
// Inside NemoClaw sandbox — localhost won't work, use container-to-host bridge
|
|
84
|
+
if (!process.env.SAFECLAW_URL && defaults.serviceUrl === 'http://localhost:8420/api/v1') {
|
|
85
|
+
defaults.serviceUrl = 'http://host.containers.internal:8420/api/v1';
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
|
|
81
89
|
defaults.serviceUrl = defaults.serviceUrl.replace(/\/+$/, '');
|
|
82
90
|
|
|
83
91
|
const validModes = ['enforce', 'warn-only', 'audit-only', 'disabled'] as const;
|
|
@@ -158,7 +166,15 @@ export function saveConfig(config: SafeClawConfig): void {
|
|
|
158
166
|
// Ensure parent directory exists
|
|
159
167
|
mkdirSync(dirname(CONFIG_PATH), { recursive: true, mode: 0o700 });
|
|
160
168
|
|
|
161
|
-
|
|
169
|
+
try {
|
|
170
|
+
writeFileSync(CONFIG_PATH, JSON.stringify(existing, null, 2) + '\n', { encoding: 'utf-8', mode: 0o600 });
|
|
171
|
+
} catch (e) {
|
|
172
|
+
if ((e as NodeJS.ErrnoException).code === 'EROFS' || (e as NodeJS.ErrnoException).code === 'EACCES') {
|
|
173
|
+
// Sandbox filesystem is read-only — silently skip
|
|
174
|
+
return;
|
|
175
|
+
}
|
|
176
|
+
throw e;
|
|
177
|
+
}
|
|
162
178
|
}
|
|
163
179
|
|
|
164
180
|
/**
|
|
@@ -174,3 +190,13 @@ export function configHash(config: SafeClawConfig): string {
|
|
|
174
190
|
});
|
|
175
191
|
return crypto.createHash('sha256').update(payload).digest('hex');
|
|
176
192
|
}
|
|
193
|
+
|
|
194
|
+
// --- NemoClaw sandbox helpers ---
|
|
195
|
+
|
|
196
|
+
export function isNemoClawSandbox(): boolean {
|
|
197
|
+
return !!process.env.OPENSHELL_SANDBOX;
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
export function getSandboxName(): string | null {
|
|
201
|
+
return process.env.OPENSHELL_SANDBOX || null;
|
|
202
|
+
}
|