openclaw-safeclaw-plugin 1.3.0 → 1.4.1

package/cli.tsx

@@ -2,7 +2,7 @@
 import React from 'react';
 import { render } from 'ink';
 import { execSync } from 'child_process';
-import { readFileSync, writeFileSync, mkdirSync, existsSync, copyFileSync, lstatSync, unlinkSync, rmSync } from 'fs';
+import { readFileSync, writeFileSync, mkdirSync, existsSync, copyFileSync, lstatSync, unlinkSync } from 'fs';
 import { join, dirname } from 'path';
 import { homedir } from 'os';
 import { fileURLToPath } from 'url';
@@ -94,7 +94,32 @@ const command = args[0];
 
 // Handle --help / -h for any command position
 if (!command || command === '--help' || command === '-h' || command === 'help') {
-  // Fall through to the else block at the bottom which prints full help
+  console.log('safeclaw-plugin — OpenClaw plugin CLI for SafeClaw governance');
+  console.log('');
+  console.log('Usage: safeclaw-plugin <command> [options]');
+  console.log('');
+  console.log('Setup:');
+  console.log('  connect <api-key>    Save API key, validate via handshake, register with OpenClaw');
+  console.log('                       Keys start with "sc_". Get yours at https://safeclaw.eu/dashboard');
+  console.log('  setup                Register plugin with OpenClaw without an API key (manual setup)');
+  console.log('  restart-openclaw     Restart the OpenClaw daemon to pick up plugin changes');
+  console.log('');
+  console.log('Diagnostics:');
+  console.log('  status               Run 9 checks: config, API key, service health, evaluate endpoint,');
+  console.log('                       handshake, OpenClaw binary, plugin files, OpenClaw config, NemoClaw');
+  console.log('');
+  console.log('Configuration:');
+  console.log('  config show          Show current enforcement, failMode, enabled, serviceUrl, apiKey');
+  console.log('  config set <k> <v>   Set a config value. Keys: enforcement, failMode, enabled, serviceUrl');
+  console.log('                       enforcement: enforce | warn-only | audit-only | disabled');
+  console.log('                       failMode:    open (allow on error) | closed (block on error)');
+  console.log('                       enabled:     true | false');
+  console.log('');
+  console.log('Interactive:');
+  console.log('  tui                  Open the interactive settings TUI (Status, Settings, About tabs)');
+  console.log('');
+  console.log('For the service CLI (serve, audit, policy, pref), use the "safeclaw" command.');
+  process.exit(0);
 } else if (command === 'connect') {
   const apiKey = args[1];
   const serviceUrlIdx = args.indexOf('--service-url');
@@ -192,7 +217,7 @@ if (!command || command === '--help' || command === '-h' || command === 'help')
     console.log(`enforcement: ${cfg.enforcement}`);
     console.log(`failMode:    ${cfg.failMode}`);
     console.log(`serviceUrl:  ${cfg.serviceUrl}`);
-    console.log(`apiKey:      ${cfg.apiKey ? `${cfg.apiKey.slice(0, 6)}...` : '(not set)'}`);
+    console.log(`apiKey:      ${cfg.apiKey ? `${cfg.apiKey.slice(0, 6)}..${cfg.apiKey.slice(-4)}` : '(not set)'}`);
     console.log(`timeoutMs:   ${cfg.timeoutMs}`);
   } else if (subcommand === 'set') {
     const key = args[2];
@@ -479,30 +504,7 @@ if (!command || command === '--help' || command === '-h' || command === 'help')
     console.log('Some checks failed. Fix the issues above.');
   }
 } else {
-  console.log('safeclaw-plugin — OpenClaw plugin CLI for SafeClaw governance');
-  console.log('');
-  console.log('Usage: safeclaw-plugin <command> [options]');
-  console.log('');
-  console.log('Setup:');
-  console.log('  connect <api-key>    Save API key, validate via handshake, register with OpenClaw');
-  console.log('                       Keys start with "sc_". Get yours at https://safeclaw.eu/dashboard');
-  console.log('  setup                Register plugin with OpenClaw without an API key (manual setup)');
-  console.log('  restart-openclaw     Restart the OpenClaw daemon to pick up plugin changes');
-  console.log('');
-  console.log('Diagnostics:');
-  console.log('  status               Run 9 checks: config, API key, service health, evaluate endpoint,');
-  console.log('                       handshake, OpenClaw binary, plugin files, OpenClaw config, NemoClaw');
-  console.log('');
-  console.log('Configuration:');
-  console.log('  config show          Show current enforcement, failMode, enabled, serviceUrl, apiKey');
-  console.log('  config set <k> <v>   Set a config value. Keys: enforcement, failMode, enabled, serviceUrl');
-  console.log('                       enforcement: enforce | warn-only | audit-only | disabled');
-  console.log('                       failMode:    open (allow on error) | closed (block on error)');
-  console.log('                       enabled:     true | false');
-  console.log('');
-  console.log('Interactive:');
-  console.log('  tui                  Open the interactive settings TUI (Status, Settings, About tabs)');
-  console.log('');
-  console.log('For the service CLI (serve, audit, policy, pref), use the "safeclaw" command.');
-  process.exit(0);
+  console.error(`Unknown command: "${command}"`);
+  console.error('Run "safeclaw-plugin --help" for usage information.');
+  process.exit(1);
 }

package/dist/cli.js

@@ -85,7 +85,32 @@ const args = process.argv.slice(2);
 const command = args[0];
 // Handle --help / -h for any command position
 if (!command || command === '--help' || command === '-h' || command === 'help') {
-    // Fall through to the else block at the bottom which prints full help
+    console.log('safeclaw-plugin — OpenClaw plugin CLI for SafeClaw governance');
+    console.log('');
+    console.log('Usage: safeclaw-plugin <command> [options]');
+    console.log('');
+    console.log('Setup:');
+    console.log('  connect <api-key>    Save API key, validate via handshake, register with OpenClaw');
+    console.log('                       Keys start with "sc_". Get yours at https://safeclaw.eu/dashboard');
+    console.log('  setup                Register plugin with OpenClaw without an API key (manual setup)');
+    console.log('  restart-openclaw     Restart the OpenClaw daemon to pick up plugin changes');
+    console.log('');
+    console.log('Diagnostics:');
+    console.log('  status               Run 9 checks: config, API key, service health, evaluate endpoint,');
+    console.log('                       handshake, OpenClaw binary, plugin files, OpenClaw config, NemoClaw');
+    console.log('');
+    console.log('Configuration:');
+    console.log('  config show          Show current enforcement, failMode, enabled, serviceUrl, apiKey');
+    console.log('  config set <k> <v>   Set a config value. Keys: enforcement, failMode, enabled, serviceUrl');
+    console.log('                       enforcement: enforce | warn-only | audit-only | disabled');
+    console.log('                       failMode:    open (allow on error) | closed (block on error)');
+    console.log('                       enabled:     true | false');
+    console.log('');
+    console.log('Interactive:');
+    console.log('  tui                  Open the interactive settings TUI (Status, Settings, About tabs)');
+    console.log('');
+    console.log('For the service CLI (serve, audit, policy, pref), use the "safeclaw" command.');
+    process.exit(0);
 }
 else if (command === 'connect') {
     const apiKey = args[1];
@@ -180,7 +205,7 @@ else if (command === 'config') {
         console.log(`enforcement: ${cfg.enforcement}`);
         console.log(`failMode:    ${cfg.failMode}`);
         console.log(`serviceUrl:  ${cfg.serviceUrl}`);
-        console.log(`apiKey:      ${cfg.apiKey ? `${cfg.apiKey.slice(0, 6)}...` : '(not set)'}`);
+        console.log(`apiKey:      ${cfg.apiKey ? `${cfg.apiKey.slice(0, 6)}..${cfg.apiKey.slice(-4)}` : '(not set)'}`);
         console.log(`timeoutMs:   ${cfg.timeoutMs}`);
     }
     else if (subcommand === 'set') {
@@ -490,30 +515,7 @@ else if (command === 'status') {
     }
 }
 else {
-    console.log('safeclaw-plugin — OpenClaw plugin CLI for SafeClaw governance');
-    console.log('');
-    console.log('Usage: safeclaw-plugin <command> [options]');
-    console.log('');
-    console.log('Setup:');
-    console.log('  connect <api-key>    Save API key, validate via handshake, register with OpenClaw');
-    console.log('                       Keys start with "sc_". Get yours at https://safeclaw.eu/dashboard');
-    console.log('  setup                Register plugin with OpenClaw without an API key (manual setup)');
-    console.log('  restart-openclaw     Restart the OpenClaw daemon to pick up plugin changes');
-    console.log('');
-    console.log('Diagnostics:');
-    console.log('  status               Run 9 checks: config, API key, service health, evaluate endpoint,');
-    console.log('                       handshake, OpenClaw binary, plugin files, OpenClaw config, NemoClaw');
-    console.log('');
-    console.log('Configuration:');
-    console.log('  config show          Show current enforcement, failMode, enabled, serviceUrl, apiKey');
-    console.log('  config set <k> <v>   Set a config value. Keys: enforcement, failMode, enabled, serviceUrl');
-    console.log('                       enforcement: enforce | warn-only | audit-only | disabled');
-    console.log('                       failMode:    open (allow on error) | closed (block on error)');
-    console.log('                       enabled:     true | false');
-    console.log('');
-    console.log('Interactive:');
-    console.log('  tui                  Open the interactive settings TUI (Status, Settings, About tabs)');
-    console.log('');
-    console.log('For the service CLI (serve, audit, policy, pref), use the "safeclaw" command.');
-    process.exit(0);
+    console.error(`Unknown command: "${command}"`);
+    console.error('Run "safeclaw-plugin --help" for usage information.');
+    process.exit(1);
 }

package/dist/index.js

@@ -99,6 +99,7 @@ async function get(path) {
 }
 // --- Plugin Definition ---
 let handshakeCompleted = false;
+let lastHandshakeConfigHash = '';
 async function performHandshake() {
     const cfg = getConfig();
     if (!cfg.apiKey) {
@@ -115,6 +116,7 @@ async function performHandshake() {
     }
     log.info(`[SafeClaw] Handshake OK — org=${r.orgId}, scope=${r.scope}, engine=${r.engineReady ? 'ready' : 'not ready'}`);
     handshakeCompleted = true;
+    lastHandshakeConfigHash = configHash(getConfig());
     return true;
 }
 async function checkConnection() {
@@ -149,20 +151,26 @@ export default {
     name: 'SafeClaw Neurosymbolic Governance',
     version: PLUGIN_VERSION,
     register(api) {
+        _ocPluginConfig = api.pluginConfig ?? {};
+        log = api.logger ?? console;
         if (!getConfig().enabled) {
-            console.log('[SafeClaw] Plugin disabled');
+            log.info('[SafeClaw] Plugin disabled');
             return;
         }
-        log = api.logger ?? console;
-        _ocPluginConfig = api.pluginConfig ?? {};
         // Generate a unique instance ID for this plugin run (fallback when agentId is not configured)
         const instanceId = getConfig().agentId || `instance-${crypto.randomUUID()}`;
         // Heartbeat watchdog — send config hash to service every 30s
         const sendHeartbeat = async () => {
             try {
+                const currentHash = configHash(getConfig());
+                if (handshakeCompleted && currentHash !== lastHandshakeConfigHash) {
+                    log.info('[SafeClaw] Config changed — re-authenticating');
+                    handshakeCompleted = false;
+                    performHandshake().catch(() => { });
+                }
                 await post('/heartbeat', {
                     agentId: instanceId,
-                    configHash: configHash(getConfig()),
+                    configHash: currentHash,
                     status: 'alive',
                 });
             }
@@ -237,6 +245,19 @@ export default {
             else if (r === null && cfg.failMode === 'closed' && cfg.enforcement === 'audit-only') {
                 log.warn(`[SafeClaw] Service unavailable at ${cfg.serviceUrl} (fail-closed mode, audit-only)`);
             }
+            // If service says confirmation required, use OpenClaw's native approval flow
+            if (r?.confirmationRequired) {
+                const riskLevel = r.riskLevel || '';
+                return {
+                    requireApproval: {
+                        title: 'SafeClaw Governance Check',
+                        description: r.reason || 'This action requires confirmation',
+                        severity: riskLevel === 'HighRisk' ? 'critical' : riskLevel === 'MediumRisk' ? 'warning' : 'info',
+                        timeoutMs: 30_000,
+                        timeoutBehavior: riskLevel === 'HighRisk' ? 'deny' : 'allow',
+                    },
+                };
+            }
             if (r?.block) {
                 const blockReason = r.reason || 'Blocked by SafeClaw (no reason provided)';
                 if (cfg.enforcement === 'enforce') {
@@ -300,7 +321,7 @@ export default {
                 content: event.prompt ?? '',
                 provider: event.provider ?? '',
                 model: event.model ?? '',
-            }).catch(() => { });
+            }).catch((e) => log.warn('[SafeClaw] Failed to log LLM input:', e));
         });
         api.on('llm_output', (event, ctx) => {
             post('/log/llm-output', {
@@ -309,7 +330,7 @@ export default {
                 provider: event.provider ?? '',
                 model: event.model ?? '',
                 usage: event.usage ?? {},
-            }).catch(() => { });
+            }).catch((e) => log.warn('[SafeClaw] Failed to log LLM output:', e));
         });
         // (#195: use event.toolName, !event.error for success, add durationMs and error)
         api.on('after_tool_call', (event, ctx) => {
@@ -327,15 +348,15 @@ export default {
         api.on('subagent_spawning', async (event, ctx) => {
             const cfg = getConfig();
             const r = await post('/evaluate/subagent-spawn', {
-                sessionId: ctx.sessionId ?? event.sessionId,
-                userId: ctx.agentId,
+                sessionId: ctx.sessionId ?? event.sessionId ?? '',
+                userId: ctx.agentId ?? '',
                 parentAgentId: event.parentAgentId,
                 childConfig: event.childConfig ?? {},
                 reason: event.reason ?? '',
             });
             // Fail-closed handling (matches before_tool_call / message_sending pattern)
             if (r === null && cfg.failMode === 'closed' && cfg.enforcement === 'enforce') {
-                throw new Error('SafeClaw service unavailable (fail-closed mode)');
+                return { status: 'error', error: 'SafeClaw service unavailable (fail-closed mode)' };
             }
             else if (r === null && cfg.failMode === 'closed' && cfg.enforcement === 'warn-only') {
                 log.warn('[SafeClaw] Service unavailable (fail-closed mode, warn-only)');
@@ -344,7 +365,7 @@ export default {
                 log.warn('[SafeClaw] Service unavailable (fail-closed mode, audit-only)');
             }
             if (r?.block && cfg.enforcement === 'enforce') {
-                throw new Error(r.reason || 'Blocked by SafeClaw: delegation bypass detected');
+                return { status: 'error', error: r.reason || 'Blocked by SafeClaw: delegation bypass detected' };
             }
             if (r?.block && cfg.enforcement === 'warn-only') {
                 log.warn(`[SafeClaw] Subagent spawn warning: ${r.reason}`);
@@ -353,38 +374,38 @@ export default {
         // Subagent ended — record child agent lifecycle (#188)
         api.on('subagent_ended', (event, ctx) => {
             post('/record/subagent-ended', {
-                sessionId: ctx.sessionId ?? event.sessionId,
+                sessionId: ctx.sessionId ?? event.sessionId ?? '',
                 parentAgentId: event.parentAgentId,
                 childAgentId: event.childAgentId,
-            }).catch(() => { });
+            }).catch((e) => log.warn('[SafeClaw] Failed to record subagent ended:', e));
         });
         // Session lifecycle — notify service of session start (#189)
         api.on('session_start', (event, ctx) => {
             post('/session/start', {
-                sessionId: ctx.sessionId ?? event.sessionId,
-                userId: ctx.agentId,
+                sessionId: ctx.sessionId ?? event.sessionId ?? '',
+                userId: ctx.agentId ?? '',
                 agentId: instanceId,
                 metadata: event.metadata ?? {},
-            }).catch(() => { });
+            }).catch((e) => log.warn('[SafeClaw] Failed to record session start:', e));
         });
         // Session lifecycle — notify service of session end (#189)
         api.on('session_end', (event, ctx) => {
             post('/session/end', {
-                sessionId: ctx.sessionId ?? event.sessionId,
-                userId: ctx.agentId,
+                sessionId: ctx.sessionId ?? event.sessionId ?? '',
+                userId: ctx.agentId ?? '',
                 agentId: instanceId,
-            }).catch(() => { });
+            }).catch((e) => log.warn('[SafeClaw] Failed to record session end:', e));
         });
         // Inbound message governance — evaluate received messages (#190)
         api.on('message_received', (event, ctx) => {
             post('/evaluate/inbound-message', {
-                sessionId: ctx.sessionId ?? event.sessionId,
-                userId: ctx.agentId,
+                sessionId: ctx.sessionId ?? event.sessionId ?? '',
+                userId: ctx.agentId ?? '',
                 channel: event.channel ?? ctx.channelId ?? '',
                 sender: event.sender ?? '',
                 content: event.content ?? '',
                 metadata: event.metadata ?? {},
-            }).catch(() => { });
+            }).catch((e) => log.warn('[SafeClaw] Failed to evaluate inbound message:', e));
         });
         // Agent tools — let agents introspect governance state (#197)
         if (api.registerTool) {

package/dist/tui/Status.js

@@ -129,7 +129,7 @@ export default function Status({ config }) {
             checkOpenClaw();
         }, 10000);
         return () => clearInterval(interval);
-    }, []);
+    }, [config.serviceUrl, config.apiKey]);
     useInput((input) => {
         if (input === 'r') {
             restartOpenClaw();

package/dist/tui/config.js

@@ -5,7 +5,7 @@
  * Reads ~/.safeclaw/config.json, applies env-var overrides,
  * and exposes helpers for saving and hashing config state.
  */
-import { readFileSync, existsSync, writeFileSync, mkdirSync } from 'fs';
+import { readFileSync, existsSync, writeFileSync, mkdirSync, chmodSync } from 'fs';
 import { join, dirname } from 'path';
 import { homedir } from 'os';
 import crypto from 'crypto';
@@ -33,8 +33,11 @@ export function loadConfig() {
                 defaults.serviceUrl = raw.remote.serviceUrl;
             if (raw.remote?.apiKey)
                 defaults.apiKey = raw.remote.apiKey;
-            if (raw.remote?.timeoutMs)
-                defaults.timeoutMs = raw.remote.timeoutMs;
+            if (raw.remote?.timeoutMs != null) {
+                const t = Number(raw.remote.timeoutMs);
+                if (Number.isFinite(t) && t > 0)
+                    defaults.timeoutMs = t;
+            }
             if (raw.enforcement?.mode)
                 defaults.enforcement = raw.enforcement.mode;
             if (raw.enforcement?.failMode)
@@ -67,6 +70,8 @@ export function loadConfig() {
     }
     if (process.env.SAFECLAW_ENABLED === 'false')
         defaults.enabled = false;
+    else if (process.env.SAFECLAW_ENABLED === 'true')
+        defaults.enabled = true;
     const enforcement = process.env.SAFECLAW_ENFORCEMENT;
     if (enforcement && ['enforce', 'warn-only', 'audit-only', 'disabled'].includes(enforcement)) {
         defaults.enforcement = enforcement;
@@ -140,6 +145,7 @@ export function saveConfig(config) {
         existing.remote = {};
     }
     existing.remote.serviceUrl = config.serviceUrl;
+    existing.remote.timeoutMs = config.timeoutMs;
     if (config.apiKey) {
         existing.remote.apiKey = config.apiKey;
     }
@@ -161,11 +167,18 @@ export function saveConfig(config) {
     mkdirSync(dirname(CONFIG_PATH), { recursive: true, mode: 0o700 });
     try {
         writeFileSync(CONFIG_PATH, JSON.stringify(existing, null, 2) + '\n', { encoding: 'utf-8', mode: 0o600 });
+        try {
+            chmodSync(CONFIG_PATH, 0o600);
+        }
+        catch { /* best-effort */ }
     }
     catch (e) {
-        if (e.code === 'EROFS' || e.code === 'EACCES') {
-            // Sandbox filesystem is read-only — silently skip
-            return;
+        const code = e.code;
+        if (code === 'EROFS') {
+            throw new Error('Cannot save config: filesystem is read-only (sandbox environment)');
+        }
+        if (code === 'EACCES') {
+            throw new Error(`Cannot save config: permission denied for ${CONFIG_PATH}`);
         }
         throw e;
     }
@@ -180,6 +193,7 @@ export function configHash(config) {
         enforcement: config.enforcement,
         failMode: config.failMode,
         serviceUrl: config.serviceUrl,
+        apiKeyFingerprint: config.apiKey ? config.apiKey.slice(0, 4) + config.apiKey.slice(-4) : '',
     });
     return crypto.createHash('sha256').update(payload).digest('hex');
 }

package/index.ts

@@ -7,7 +7,7 @@
  * to the SafeClaw service and acts on the responses.
  */
 
-import type { OpenClawPluginApi, OpenClawPluginEvent, OpenClawPluginContext } from 'openclaw/plugin-sdk/core';
+import type { OpenClawPluginApi, OpenClawPluginEvent, OpenClawPluginContext, BeforeToolCallResult } from 'openclaw/plugin-sdk/core';
 import { loadConfig, configHash } from './tui/config.js';
 import crypto from 'crypto';
 import { createRequire } from 'module';
@@ -107,6 +107,7 @@ async function get(path: string): Promise<Record<string, unknown> | null> {
 // --- Plugin Definition ---
 
 let handshakeCompleted = false;
+let lastHandshakeConfigHash = '';
 
 async function performHandshake(): Promise<boolean> {
   const cfg = getConfig();
@@ -127,6 +128,7 @@ async function performHandshake(): Promise<boolean> {
 
   log.info(`[SafeClaw] Handshake OK — org=${r.orgId}, scope=${r.scope}, engine=${r.engineReady ? 'ready' : 'not ready'}`);
   handshakeCompleted = true;
+  lastHandshakeConfigHash = configHash(getConfig());
   return true;
 }
 
@@ -162,23 +164,29 @@ export default {
   version: PLUGIN_VERSION,
 
   register(api: OpenClawPluginApi) {
+    _ocPluginConfig = api.pluginConfig ?? {};
+    log = api.logger ?? console;
+
     if (!getConfig().enabled) {
-      console.log('[SafeClaw] Plugin disabled');
+      log.info('[SafeClaw] Plugin disabled');
       return;
     }
 
-    log = api.logger ?? console;
-    _ocPluginConfig = api.pluginConfig ?? {};
-
     // Generate a unique instance ID for this plugin run (fallback when agentId is not configured)
     const instanceId = getConfig().agentId || `instance-${crypto.randomUUID()}`;
 
     // Heartbeat watchdog — send config hash to service every 30s
     const sendHeartbeat = async () => {
       try {
+        const currentHash = configHash(getConfig());
+        if (handshakeCompleted && currentHash !== lastHandshakeConfigHash) {
+          log.info('[SafeClaw] Config changed — re-authenticating');
+          handshakeCompleted = false;
+          performHandshake().catch(() => {});
+        }
         await post('/heartbeat', {
           agentId: instanceId,
-          configHash: configHash(getConfig()),
+          configHash: currentHash,
           status: 'alive',
         });
       } catch {
@@ -254,6 +262,21 @@ export default {
       } else if (r === null && cfg.failMode === 'closed' && cfg.enforcement === 'audit-only') {
         log.warn(`[SafeClaw] Service unavailable at ${cfg.serviceUrl} (fail-closed mode, audit-only)`);
       }
+
+      // If service says confirmation required, use OpenClaw's native approval flow
+      if (r?.confirmationRequired) {
+        const riskLevel = (r.riskLevel as string) || '';
+        return {
+          requireApproval: {
+            title: 'SafeClaw Governance Check',
+            description: (r.reason as string) || 'This action requires confirmation',
+            severity: riskLevel === 'HighRisk' ? 'critical' : riskLevel === 'MediumRisk' ? 'warning' : 'info',
+            timeoutMs: 30_000,
+            timeoutBehavior: riskLevel === 'HighRisk' ? 'deny' : 'allow',
+          },
+        } satisfies BeforeToolCallResult;
+      }
+
       if (r?.block) {
         const blockReason = (r.reason as string) || 'Blocked by SafeClaw (no reason provided)';
         if (cfg.enforcement === 'enforce') {
@@ -320,7 +343,7 @@ export default {
         content: event.prompt ?? '',
         provider: event.provider ?? '',
         model: event.model ?? '',
-      }).catch(() => {});
+      }).catch((e) => log.warn('[SafeClaw] Failed to log LLM input:', e));
     });
 
     api.on('llm_output', (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
@@ -330,7 +353,7 @@ export default {
         provider: event.provider ?? '',
         model: event.model ?? '',
         usage: event.usage ?? {},
-      }).catch(() => {});
+      }).catch((e) => log.warn('[SafeClaw] Failed to log LLM output:', e));
     });
 
     // (#195: use event.toolName, !event.error for success, add durationMs and error)
@@ -350,8 +373,8 @@ export default {
     api.on('subagent_spawning', async (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
       const cfg = getConfig();
       const r = await post('/evaluate/subagent-spawn', {
-        sessionId: ctx.sessionId ?? event.sessionId,
-        userId: ctx.agentId,
+        sessionId: ctx.sessionId ?? event.sessionId ?? '',
+        userId: ctx.agentId ?? '',
         parentAgentId: event.parentAgentId,
         childConfig: event.childConfig ?? {},
         reason: event.reason ?? '',
@@ -359,7 +382,7 @@ export default {
 
       // Fail-closed handling (matches before_tool_call / message_sending pattern)
       if (r === null && cfg.failMode === 'closed' && cfg.enforcement === 'enforce') {
-        throw new Error('SafeClaw service unavailable (fail-closed mode)');
+        return { status: 'error', error: 'SafeClaw service unavailable (fail-closed mode)' };
       } else if (r === null && cfg.failMode === 'closed' && cfg.enforcement === 'warn-only') {
         log.warn('[SafeClaw] Service unavailable (fail-closed mode, warn-only)');
       } else if (r === null && cfg.failMode === 'closed' && cfg.enforcement === 'audit-only') {
@@ -367,7 +390,7 @@ export default {
       }
 
       if (r?.block && cfg.enforcement === 'enforce') {
-        throw new Error((r.reason as string) || 'Blocked by SafeClaw: delegation bypass detected');
+        return { status: 'error', error: (r.reason as string) || 'Blocked by SafeClaw: delegation bypass detected' };
       }
       if (r?.block && cfg.enforcement === 'warn-only') {
         log.warn(`[SafeClaw] Subagent spawn warning: ${r.reason}`);
@@ -377,41 +400,41 @@ export default {
     // Subagent ended — record child agent lifecycle (#188)
     api.on('subagent_ended', (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
       post('/record/subagent-ended', {
-        sessionId: ctx.sessionId ?? event.sessionId,
+        sessionId: ctx.sessionId ?? event.sessionId ?? '',
         parentAgentId: event.parentAgentId,
         childAgentId: event.childAgentId,
-      }).catch(() => {});
+      }).catch((e) => log.warn('[SafeClaw] Failed to record subagent ended:', e));
     });
 
     // Session lifecycle — notify service of session start (#189)
     api.on('session_start', (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
       post('/session/start', {
-        sessionId: ctx.sessionId ?? event.sessionId,
-        userId: ctx.agentId,
+        sessionId: ctx.sessionId ?? event.sessionId ?? '',
+        userId: ctx.agentId ?? '',
         agentId: instanceId,
         metadata: event.metadata ?? {},
-      }).catch(() => {});
+      }).catch((e) => log.warn('[SafeClaw] Failed to record session start:', e));
     });
 
     // Session lifecycle — notify service of session end (#189)
     api.on('session_end', (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
       post('/session/end', {
-        sessionId: ctx.sessionId ?? event.sessionId,
-        userId: ctx.agentId,
+        sessionId: ctx.sessionId ?? event.sessionId ?? '',
+        userId: ctx.agentId ?? '',
         agentId: instanceId,
-      }).catch(() => {});
+      }).catch((e) => log.warn('[SafeClaw] Failed to record session end:', e));
     });
 
     // Inbound message governance — evaluate received messages (#190)
     api.on('message_received', (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => {
       post('/evaluate/inbound-message', {
-        sessionId: ctx.sessionId ?? event.sessionId,
-        userId: ctx.agentId,
+        sessionId: ctx.sessionId ?? event.sessionId ?? '',
+        userId: ctx.agentId ?? '',
         channel: event.channel ?? (ctx as any).channelId ?? '',
         sender: event.sender ?? '',
         content: event.content ?? '',
         metadata: event.metadata ?? {},
-      }).catch(() => {});
+      }).catch((e) => log.warn('[SafeClaw] Failed to evaluate inbound message:', e));
     });
 
     // Agent tools — let agents introspect governance state (#197)

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "safeclaw",
   "name": "SafeClaw Neurosymbolic Governance",
   "description": "Validates AI agent actions against OWL ontologies and SHACL constraints before execution",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "author": "Tendly EU",
   "license": "MIT",
   "homepage": "https://safeclaw.eu",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-safeclaw-plugin",
-  "version": "1.3.0",
+  "version": "1.4.1",
   "description": "SafeClaw Neurosymbolic Governance plugin for OpenClaw — validates AI agent actions against OWL ontologies and SHACL constraints",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/tui/Status.tsx

@@ -141,7 +141,7 @@ export default function Status({ config }: StatusProps) {
       checkOpenClaw();
     }, 10000);
     return () => clearInterval(interval);
-  }, []);
+  }, [config.serviceUrl, config.apiKey]);
 
   useInput((input) => {
     if (input === 'r') {

package/tui/config.ts

@@ -6,7 +6,7 @@
  * and exposes helpers for saving and hashing config state.
  */
 
-import { readFileSync, existsSync, writeFileSync, mkdirSync } from 'fs';
+import { readFileSync, existsSync, writeFileSync, mkdirSync, chmodSync } from 'fs';
 import { join, dirname } from 'path';
 import { homedir } from 'os';
 import crypto from 'crypto';
@@ -49,7 +49,10 @@ export function loadConfig(): SafeClawConfig {
       if (raw.enabled === false) defaults.enabled = false;
       if (raw.remote?.serviceUrl) defaults.serviceUrl = raw.remote.serviceUrl;
       if (raw.remote?.apiKey) defaults.apiKey = raw.remote.apiKey;
-      if (raw.remote?.timeoutMs) defaults.timeoutMs = raw.remote.timeoutMs;
+      if (raw.remote?.timeoutMs != null) {
+        const t = Number(raw.remote.timeoutMs);
+        if (Number.isFinite(t) && t > 0) defaults.timeoutMs = t;
+      }
       if (raw.enforcement?.mode) defaults.enforcement = raw.enforcement.mode;
       if (raw.enforcement?.failMode) defaults.failMode = raw.enforcement.failMode;
       if (raw.agentId) defaults.agentId = raw.agentId;
@@ -73,6 +76,7 @@ export function loadConfig(): SafeClawConfig {
     }
   }
   if (process.env.SAFECLAW_ENABLED === 'false') defaults.enabled = false;
+  else if (process.env.SAFECLAW_ENABLED === 'true') defaults.enabled = true;
   const enforcement = process.env.SAFECLAW_ENFORCEMENT;
   if (enforcement && ['enforce', 'warn-only', 'audit-only', 'disabled'].includes(enforcement)) {
     defaults.enforcement = enforcement as SafeClawConfig['enforcement'];
@@ -152,6 +156,7 @@ export function saveConfig(config: SafeClawConfig): void {
     existing.remote = {};
   }
   (existing.remote as Record<string, unknown>).serviceUrl = config.serviceUrl;
+  (existing.remote as Record<string, unknown>).timeoutMs = config.timeoutMs;
   if (config.apiKey) {
     (existing.remote as Record<string, unknown>).apiKey = config.apiKey;
   } else {
@@ -176,10 +181,14 @@ export function saveConfig(config: SafeClawConfig): void {
 
   try {
     writeFileSync(CONFIG_PATH, JSON.stringify(existing, null, 2) + '\n', { encoding: 'utf-8', mode: 0o600 });
+    try { chmodSync(CONFIG_PATH, 0o600); } catch { /* best-effort */ }
   } catch (e) {
-    if ((e as NodeJS.ErrnoException).code === 'EROFS' || (e as NodeJS.ErrnoException).code === 'EACCES') {
-      // Sandbox filesystem is read-only — silently skip
-      return;
+    const code = (e as NodeJS.ErrnoException).code;
+    if (code === 'EROFS') {
+      throw new Error('Cannot save config: filesystem is read-only (sandbox environment)');
+    }
+    if (code === 'EACCES') {
+      throw new Error(`Cannot save config: permission denied for ${CONFIG_PATH}`);
     }
     throw e;
   }
@@ -195,6 +204,7 @@ export function configHash(config: SafeClawConfig): string {
     enforcement: config.enforcement,
     failMode: config.failMode,
     serviceUrl: config.serviceUrl,
+    apiKeyFingerprint: config.apiKey ? config.apiKey.slice(0, 4) + config.apiKey.slice(-4) : '',
   });
   return crypto.createHash('sha256').update(payload).digest('hex');
 }

package/types/openclaw-sdk.d.ts

@@ -1,11 +1,17 @@
 /**
  * Ambient type declarations for OpenClaw Plugin SDK.
- * These match the types exported by openclaw/plugin-sdk as of v2026.3.
+ * These match the types exported by openclaw/plugin-sdk as of v2026.4.
  * When installed inside OpenClaw, the real SDK types take precedence.
  */
 
 declare module 'openclaw/plugin-sdk/core' {
   export interface OpenClawPluginApi {
+    /**
+     * Register a hook handler for OpenClaw lifecycle events.
+     *
+     * @deprecated The `before_agent_start` hook is deprecated in v2026.4.
+     * Use `before_model_resolve` + `before_prompt_build` instead.
+     */
     on(
       hookName: string,
       handler: (event: OpenClawPluginEvent, ctx: OpenClawPluginContext) => Promise<Record<string, unknown> | void> | void,
@@ -33,6 +39,9 @@ declare module 'openclaw/plugin-sdk/core' {
     model?: string;
     lastAssistant?: string;
     usage?: Record<string, unknown>;
+    runId?: string;
+    toolCallId?: string;
+    childAgentId?: string;
     parentAgentId?: string;
     childConfig?: Record<string, unknown>;
     reason?: string;
@@ -66,6 +75,32 @@ declare module 'openclaw/plugin-sdk/core' {
     execute: (params: Record<string, unknown>, ctx: Record<string, unknown>) => Promise<unknown>;
   }
 
+  export interface PluginApprovalRequest {
+    title: string;
+    description: string;
+    severity?: 'info' | 'warning' | 'critical';
+    timeoutMs?: number;
+    timeoutBehavior?: 'allow' | 'deny';
+    pluginId?: string;
+    onResolution?: (decision: PluginApprovalResolution) => Promise<void> | void;
+  }
+
+  export interface PluginApprovalResolution {
+    approved: boolean;
+    resolvedBy?: string;
+    resolvedAt?: string;
+  }
+
+  /**
+   * Hook result types for before_tool_call.
+   * Return one of: nothing (allow), { block, blockReason }, or { requireApproval }.
+   */
+  export interface BeforeToolCallResult {
+    block?: boolean;
+    blockReason?: string;
+    requireApproval?: PluginApprovalRequest;
+  }
+
   export interface OpenClawPluginLogger {
     info: (...args: unknown[]) => void;
     warn: (...args: unknown[]) => void;