safeclaw 0.1.0

package/dist/main.js

@@ -0,0 +1,4257 @@
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/main.ts
+import { Command } from "commander";
+
+// src/lib/version.ts
+import { createRequire } from "module";
+var require2 = createRequire(import.meta.url);
+var pkg = require2("../../package.json");
+var VERSION = pkg.version;
+
+// src/server/index.ts
+import Fastify from "fastify";
+import fastifyStatic from "@fastify/static";
+import fastifyCors from "@fastify/cors";
+import fs7 from "fs";
+
+// src/lib/paths.ts
+import path from "path";
+import os from "os";
+var HOME = os.homedir();
+var SAFECLAW_DIR = path.join(HOME, ".safeclaw");
+var DB_PATH = path.join(SAFECLAW_DIR, "safeclaw.db");
+var CONFIG_PATH = path.join(SAFECLAW_DIR, "config.json");
+var LOGS_DIR = path.join(SAFECLAW_DIR, "logs");
+var DEBUG_LOG_PATH = path.join(LOGS_DIR, "debug.log");
+var OPENCLAW_DIR = path.join(HOME, ".openclaw");
+var OPENCLAW_CONFIG_PATH = path.join(OPENCLAW_DIR, "openclaw.json");
+var OPENCLAW_IDENTITY_DIR = path.join(OPENCLAW_DIR, "identity");
+var OPENCLAW_DEVICE_JSON = path.join(OPENCLAW_IDENTITY_DIR, "device.json");
+var OPENCLAW_DEVICE_AUTH_JSON = path.join(OPENCLAW_IDENTITY_DIR, "device-auth.json");
+var OPENCLAW_EXEC_APPROVALS_PATH = path.join(OPENCLAW_DIR, "exec-approvals.json");
+function getPublicDir() {
+  const currentDir = path.dirname(new URL(import.meta.url).pathname);
+  return path.resolve(currentDir, "..", "..", "public");
+}
+
+// src/server/socket.ts
+import { Server as SocketIOServer } from "socket.io";
+
+// src/db/index.ts
+import Database from "better-sqlite3";
+import { drizzle } from "drizzle-orm/better-sqlite3";
+
+// src/lib/config.ts
+import fs from "fs";
+
+// ../../packages/shared/dist/schemas.js
+import { z } from "zod";
+var commandStatusSchema = z.enum(["ALLOWED", "BLOCKED", "PENDING"]);
+var threatLevelSchema = z.enum([
+  "NONE",
+  "LOW",
+  "MEDIUM",
+  "HIGH",
+  "CRITICAL"
+]);
+var sessionStatusSchema = z.enum(["ACTIVE", "ENDED"]);
+var commandLogSchema = z.object({
+  id: z.number(),
+  command: z.string().min(1),
+  status: commandStatusSchema,
+  threatLevel: threatLevelSchema,
+  timestamp: z.string(),
+  sessionId: z.string().nullable(),
+  decisionBy: z.string().nullable()
+});
+var sessionSchema = z.object({
+  id: z.string(),
+  startedAt: z.string(),
+  endedAt: z.string().nullable(),
+  status: sessionStatusSchema
+});
+var decisionPayloadSchema = z.object({
+  commandId: z.number().int().positive(),
+  action: z.enum(["ALLOW", "DENY"])
+});
+var safeClawConfigSchema = z.object({
+  version: z.string(),
+  port: z.number().int().min(1024).max(65535).default(54335),
+  autoOpenBrowser: z.boolean().default(true),
+  premium: z.boolean().default(false),
+  userId: z.string().nullable().default(null)
+});
+var activityTypeSchema = z.enum([
+  "file_read",
+  "file_write",
+  "shell_command",
+  "web_browse",
+  "tool_call",
+  "message",
+  "unknown"
+]);
+var openClawConnectionStatusSchema = z.enum([
+  "connected",
+  "disconnected",
+  "connecting",
+  "not_configured"
+]);
+var threatCategoryIdSchema = z.enum([
+  "TC-SEC",
+  "TC-EXF",
+  "TC-INJ",
+  "TC-DES",
+  "TC-ESC",
+  "TC-SUP",
+  "TC-SFA",
+  "TC-SYS",
+  "TC-NET",
+  "TC-MCP"
+]);
+var threatFindingSchema = z.object({
+  categoryId: threatCategoryIdSchema,
+  categoryName: z.string(),
+  severity: threatLevelSchema,
+  reason: z.string(),
+  evidence: z.string().optional(),
+  owaspRef: z.string().optional()
+});
+var agentActivitySchema = z.object({
+  id: z.number(),
+  openclawSessionId: z.string(),
+  activityType: activityTypeSchema,
+  detail: z.string(),
+  rawPayload: z.string(),
+  threatLevel: threatLevelSchema,
+  timestamp: z.string(),
+  toolName: z.string().nullable(),
+  targetPath: z.string().nullable(),
+  runId: z.string().nullable(),
+  contentPreview: z.string().nullable(),
+  readContentPreview: z.string().nullable(),
+  secretsDetected: z.array(z.string()).nullable(),
+  threatFindings: z.array(threatFindingSchema).nullable(),
+  resolved: z.boolean(),
+  resolvedAt: z.string().nullable()
+});
+var openClawSessionSchema = z.object({
+  id: z.string(),
+  startedAt: z.string(),
+  endedAt: z.string().nullable(),
+  status: sessionStatusSchema,
+  model: z.string().nullable(),
+  activityCount: z.number(),
+  threatSummary: z.record(threatLevelSchema, z.number())
+});
+var openClawToolsExecSchema = z.object({
+  host: z.string().optional(),
+  security: z.enum(["deny", "allowlist", "full"]).optional(),
+  ask: z.enum(["off", "on-miss", "always"]).optional()
+}).passthrough();
+var openClawToolsConfigSchema = z.object({
+  allow: z.array(z.string()).optional(),
+  deny: z.array(z.string()).optional(),
+  profile: z.string().optional(),
+  exec: openClawToolsExecSchema.optional()
+}).passthrough();
+var openClawBrowserConfigSchema = z.object({
+  enabled: z.boolean().optional()
+}).passthrough();
+var accessCategorySchema = z.enum([
+  "filesystem",
+  "mcp_servers",
+  "network",
+  "system_commands"
+]);
+var accessToggleStateSchema = z.object({
+  category: accessCategorySchema,
+  enabled: z.boolean()
+});
+var mcpServerStateSchema = z.object({
+  name: z.string(),
+  pluginEnabled: z.boolean(),
+  toolsDenyBlocked: z.boolean(),
+  effectivelyEnabled: z.boolean()
+});
+var openClawSandboxDockerConfigSchema = z.object({
+  binds: z.array(z.string()).optional(),
+  network: z.string().optional()
+}).passthrough();
+var openClawSandboxConfigSchema = z.object({
+  mode: z.enum(["off", "non-main", "all"]).optional(),
+  workspaceAccess: z.enum(["none", "ro", "rw"]).optional(),
+  docker: openClawSandboxDockerConfigSchema.optional()
+}).passthrough();
+var openClawConfigSchema = z.object({
+  messages: z.object({
+    ackReactionScope: z.string().optional()
+  }).passthrough().optional(),
+  agents: z.object({
+    defaults: z.object({
+      maxConcurrent: z.number().optional(),
+      subagents: z.object({
+        maxConcurrent: z.number().optional()
+      }).passthrough().optional(),
+      compaction: z.object({
+        mode: z.string().optional()
+      }).passthrough().optional(),
+      workspace: z.string().optional(),
+      sandbox: openClawSandboxConfigSchema.optional(),
+      model: z.object({
+        primary: z.string().optional()
+      }).passthrough().optional(),
+      models: z.record(z.record(z.unknown())).optional()
+    }).passthrough().optional()
+  }).passthrough().optional(),
+  gateway: z.object({
+    mode: z.string().optional(),
+    auth: z.object({
+      mode: z.string().optional(),
+      token: z.string().optional()
+    }).passthrough().optional(),
+    port: z.number().optional(),
+    bind: z.string().optional(),
+    trustedProxies: z.array(z.string()).optional(),
+    tailscale: z.object({
+      mode: z.string().optional(),
+      resetOnExit: z.boolean().optional()
+    }).passthrough().optional()
+  }).passthrough().optional(),
+  auth: z.object({
+    profiles: z.record(z.object({
+      provider: z.string().optional(),
+      mode: z.string().optional()
+    }).passthrough()).optional()
+  }).passthrough().optional(),
+  plugins: z.object({
+    entries: z.record(z.object({
+      enabled: z.boolean().optional()
+    }).passthrough()).optional()
+  }).passthrough().optional(),
+  tools: openClawToolsConfigSchema.optional(),
+  browser: openClawBrowserConfigSchema.optional(),
+  channels: z.object({
+    whatsapp: z.object({
+      selfChatMode: z.boolean().optional(),
+      dmPolicy: z.string().optional(),
+      allowFrom: z.array(z.string()).optional()
+    }).passthrough().optional()
+  }).passthrough().optional(),
+  wizard: z.object({
+    lastRunAt: z.string().optional(),
+    lastRunVersion: z.string().optional(),
+    lastRunCommand: z.string().optional(),
+    lastRunMode: z.string().optional()
+  }).passthrough().optional(),
+  meta: z.object({
+    lastTouchedVersion: z.string().optional(),
+    lastTouchedAt: z.string().optional()
+  }).passthrough().optional()
+}).passthrough();
+var execDecisionSchema = z.enum(["allow-once", "allow-always", "deny"]);
+var execApprovalEntrySchema = z.object({
+  id: z.string(),
+  command: z.string(),
+  cwd: z.string(),
+  security: z.string(),
+  sessionKey: z.string(),
+  requestedAt: z.string(),
+  expiresAt: z.string(),
+  decision: execDecisionSchema.nullable(),
+  decidedBy: z.enum(["user", "auto-deny"]).nullable(),
+  decidedAt: z.string().nullable()
+});
+var allowlistPatternSchema = z.object({
+  pattern: z.string().min(1)
+});
+var allowlistStateSchema = z.object({
+  patterns: z.array(allowlistPatternSchema)
+});
+
+// src/lib/config.ts
+var DEFAULT_CONFIG = {
+  version: VERSION,
+  port: 54335,
+  autoOpenBrowser: true,
+  premium: false,
+  userId: null
+};
+function ensureDataDir() {
+  if (!fs.existsSync(SAFECLAW_DIR)) {
+    fs.mkdirSync(SAFECLAW_DIR, { recursive: true });
+  }
+  if (!fs.existsSync(LOGS_DIR)) {
+    fs.mkdirSync(LOGS_DIR, { recursive: true });
+  }
+}
+function readConfig() {
+  ensureDataDir();
+  if (!fs.existsSync(CONFIG_PATH)) {
+    fs.writeFileSync(CONFIG_PATH, JSON.stringify(DEFAULT_CONFIG, null, 2));
+    return DEFAULT_CONFIG;
+  }
+  const raw = JSON.parse(fs.readFileSync(CONFIG_PATH, "utf-8"));
+  return safeClawConfigSchema.parse(raw);
+}
+function writeConfig(config) {
+  ensureDataDir();
+  fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2));
+}
+function resetConfig() {
+  writeConfig(DEFAULT_CONFIG);
+}
+
+// src/db/schema.ts
+var schema_exports = {};
+__export(schema_exports, {
+  accessConfig: () => accessConfig,
+  agentActivities: () => agentActivities,
+  commandLogs: () => commandLogs,
+  execApprovals: () => execApprovals,
+  openclawSessions: () => openclawSessions,
+  restrictedPatterns: () => restrictedPatterns,
+  sessions: () => sessions
+});
+import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
+import { sql } from "drizzle-orm";
+var commandLogs = sqliteTable("command_logs", {
+  id: integer("id").primaryKey({ autoIncrement: true }),
+  command: text("command").notNull(),
+  status: text("status", {
+    enum: ["ALLOWED", "BLOCKED", "PENDING"]
+  }).notNull().default("PENDING"),
+  threatLevel: text("threat_level", {
+    enum: ["NONE", "LOW", "MEDIUM", "HIGH", "CRITICAL"]
+  }).notNull().default("NONE"),
+  timestamp: text("timestamp").notNull().default(sql`(datetime('now'))`),
+  sessionId: text("session_id"),
+  decisionBy: text("decision_by")
+});
+var sessions = sqliteTable("sessions", {
+  id: text("id").primaryKey(),
+  startedAt: text("started_at").notNull().default(sql`(datetime('now'))`),
+  endedAt: text("ended_at"),
+  status: text("status", {
+    enum: ["ACTIVE", "ENDED"]
+  }).notNull().default("ACTIVE")
+});
+var accessConfig = sqliteTable("access_config", {
+  id: integer("id").primaryKey({ autoIncrement: true }),
+  category: text("category").notNull(),
+  key: text("key").notNull(),
+  value: text("value").notNull(),
+  updatedAt: text("updated_at").notNull().default(sql`(datetime('now'))`)
+});
+var openclawSessions = sqliteTable("openclaw_sessions", {
+  id: text("id").primaryKey(),
+  startedAt: text("started_at").notNull().default(sql`(datetime('now'))`),
+  endedAt: text("ended_at"),
+  status: text("status", {
+    enum: ["ACTIVE", "ENDED"]
+  }).notNull().default("ACTIVE"),
+  model: text("model")
+});
+var agentActivities = sqliteTable("agent_activities", {
+  id: integer("id").primaryKey({ autoIncrement: true }),
+  openclawSessionId: text("openclaw_session_id").notNull(),
+  activityType: text("activity_type", {
+    enum: [
+      "file_read",
+      "file_write",
+      "shell_command",
+      "web_browse",
+      "tool_call",
+      "message",
+      "unknown"
+    ]
+  }).notNull(),
+  detail: text("detail").notNull(),
+  rawPayload: text("raw_payload").notNull().default("{}"),
+  threatLevel: text("threat_level", {
+    enum: ["NONE", "LOW", "MEDIUM", "HIGH", "CRITICAL"]
+  }).notNull().default("NONE"),
+  timestamp: text("timestamp").notNull().default(sql`(datetime('now'))`),
+  toolName: text("tool_name"),
+  targetPath: text("target_path"),
+  runId: text("run_id"),
+  contentPreview: text("content_preview"),
+  readContentPreview: text("read_content_preview"),
+  secretsDetected: text("secrets_detected"),
+  threatFindings: text("threat_findings"),
+  resolved: integer("resolved").notNull().default(0),
+  resolvedAt: text("resolved_at")
+});
+var restrictedPatterns = sqliteTable("restricted_patterns", {
+  id: integer("id").primaryKey({ autoIncrement: true }),
+  pattern: text("pattern").notNull().unique(),
+  createdAt: text("created_at").notNull().default(sql`(datetime('now'))`)
+});
+var execApprovals = sqliteTable("exec_approvals", {
+  id: text("id").primaryKey(),
+  command: text("command").notNull(),
+  cwd: text("cwd").notNull(),
+  security: text("security").notNull(),
+  sessionKey: text("session_key").notNull(),
+  requestedAt: text("requested_at").notNull(),
+  expiresAt: text("expires_at").notNull(),
+  decision: text("decision", {
+    enum: ["allow-once", "allow-always", "deny"]
+  }),
+  decidedBy: text("decided_by", {
+    enum: ["user", "auto-deny"]
+  }),
+  decidedAt: text("decided_at"),
+  matchedPattern: text("matched_pattern")
+});
+
+// src/db/index.ts
+var _db = null;
+function getDb() {
+  if (!_db) {
+    ensureDataDir();
+    const sqlite = new Database(DB_PATH);
+    sqlite.pragma("journal_mode = WAL");
+    _db = drizzle(sqlite, { schema: schema_exports });
+  }
+  return _db;
+}
+
+// src/server/socket.ts
+import { eq as eq4, desc as desc3 } from "drizzle-orm";
+
+// src/lib/logger.ts
+import pino from "pino";
+import fs2 from "fs";
+if (!fs2.existsSync(LOGS_DIR)) {
+  fs2.mkdirSync(LOGS_DIR, { recursive: true });
+}
+function createLogger(consoleLevel = "info") {
+  return pino({
+    level: "debug",
+    transport: {
+      targets: [
+        {
+          target: "pino-pretty",
+          options: { colorize: true },
+          level: consoleLevel
+        },
+        {
+          target: "pino/file",
+          options: { destination: DEBUG_LOG_PATH },
+          level: "debug"
+        }
+      ]
+    }
+  });
+}
+var logger = createLogger("info");
+function setVerbose(verbose) {
+  if (verbose) {
+    logger = createLogger("debug");
+  }
+}
+
+// src/lib/openclaw-config.ts
+import fs3 from "fs";
+function readOpenClawConfig() {
+  if (!fs3.existsSync(OPENCLAW_CONFIG_PATH)) {
+    return null;
+  }
+  const raw = JSON.parse(fs3.readFileSync(OPENCLAW_CONFIG_PATH, "utf-8"));
+  return openClawConfigSchema.parse(raw);
+}
+function writeOpenClawConfig(updates) {
+  const current = readOpenClawConfig();
+  if (!current) return null;
+  const merged = deepMerge(current, updates);
+  fs3.writeFileSync(OPENCLAW_CONFIG_PATH, JSON.stringify(merged, null, 2));
+  return merged;
+}
+function deepMerge(target, source) {
+  const result = { ...target };
+  for (const key of Object.keys(source)) {
+    const srcVal = source[key];
+    const tgtVal = target[key];
+    if (srcVal !== null && typeof srcVal === "object" && !Array.isArray(srcVal) && tgtVal !== null && typeof tgtVal === "object" && !Array.isArray(tgtVal)) {
+      result[key] = deepMerge(tgtVal, srcVal);
+    } else {
+      result[key] = srcVal;
+    }
+  }
+  return result;
+}
+
+// src/lib/openclaw-client.ts
+import { EventEmitter } from "events";
+import crypto from "crypto";
+import fs4 from "fs";
+import { WebSocket } from "ws";
+function readDeviceIdentity() {
+  try {
+    const raw = fs4.readFileSync(OPENCLAW_DEVICE_JSON, "utf-8");
+    const data = JSON.parse(raw);
+    if (!data.deviceId || !data.publicKeyPem || !data.privateKeyPem) return null;
+    return {
+      deviceId: data.deviceId,
+      publicKeyPem: data.publicKeyPem,
+      privateKeyPem: data.privateKeyPem
+    };
+  } catch {
+    return null;
+  }
+}
+function base64UrlEncode(buf) {
+  return buf.toString("base64url");
+}
+function publicKeyPemToRawBase64Url(pem) {
+  const key = crypto.createPublicKey(pem);
+  const jwk = key.export({ format: "jwk" });
+  if (!jwk.x) throw new Error("Failed to extract raw public key");
+  return jwk.x;
+}
+function buildDeviceAuthPayload(params) {
+  return [
+    "v1",
+    params.deviceId,
+    params.clientId,
+    params.clientMode,
+    params.role,
+    params.scopes.join(","),
+    String(params.signedAtMs),
+    params.token ?? ""
+  ].join("|");
+}
+function signDevicePayload(privateKeyPem, payload) {
+  const key = crypto.createPrivateKey(privateKeyPem);
+  const sig = crypto.sign(null, Buffer.from(payload, "utf-8"), key);
+  return base64UrlEncode(sig);
+}
+var OpenClawClient = class extends EventEmitter {
+  ws = null;
+  status = "disconnected";
+  reconnectTimer = null;
+  reconnectAttempts = 0;
+  maxReconnectAttempts = 20;
+  baseReconnectDelay = 2e3;
+  destroyed = false;
+  pendingRequests = /* @__PURE__ */ new Map();
+  activeSessions = /* @__PURE__ */ new Set();
+  connect() {
+    if (this.destroyed) return;
+    const config = readOpenClawConfig();
+    if (!config?.gateway) {
+      this.setStatus("not_configured");
+      return;
+    }
+    const port = config.gateway.port ?? 18789;
+    const identity = readDeviceIdentity();
+    if (!identity) {
+      logger.warn("OpenClaw device identity not found at ~/.openclaw/identity/device.json");
+      this.setStatus("not_configured");
+      return;
+    }
+    const gatewayToken = config.gateway.auth?.token ?? null;
+    if (!gatewayToken) {
+      logger.warn("OpenClaw gateway auth token not found in config");
+      this.setStatus("not_configured");
+      return;
+    }
+    this.setStatus("connecting");
+    try {
+      const url = `ws://127.0.0.1:${port}`;
+      this.ws = new WebSocket(url);
+      this.ws.on("open", () => {
+        logger.info(`WebSocket open to OpenClaw gateway on port ${port}`);
+      });
+      this.ws.on("message", (data) => {
+        try {
+          const msg = JSON.parse(String(data));
+          this.handleMessage(msg, identity, gatewayToken);
+        } catch (err) {
+          logger.warn({ err }, "Failed to parse OpenClaw gateway message");
+        }
+      });
+      this.ws.on("close", (code, reason) => {
+        logger.info(
+          { code, reason: reason.toString() },
+          "OpenClaw gateway connection closed"
+        );
+        this.cleanupPendingRequests();
+        this.setStatus("disconnected");
+        this.scheduleReconnect();
+      });
+      this.ws.on("error", (err) => {
+        logger.debug({ err: err.message }, "OpenClaw WebSocket error");
+      });
+    } catch (err) {
+      logger.error({ err }, "Failed to create OpenClaw WebSocket connection");
+      this.setStatus("disconnected");
+      this.scheduleReconnect();
+    }
+  }
+  // --- Message dispatcher ---
+  handleMessage(msg, identity, gatewayToken) {
+    switch (msg.type) {
+      case "event":
+        this.handleEvent(msg, identity, gatewayToken);
+        break;
+      case "res":
+        this.handleResponse(msg);
+        break;
+      case "req":
+        break;
+    }
+  }
+  // --- Event handler ---
+  handleEvent(evt, identity, gatewayToken) {
+    switch (evt.event) {
+      case "connect.challenge":
+        this.sendConnectRequest(identity, gatewayToken, evt.payload);
+        break;
+      case "tick":
+        break;
+      case "agent":
+        this.handleAgentEvent(evt);
+        break;
+      case "chat":
+        this.handleChatEvent(evt);
+        break;
+      case "presence":
+        break;
+      case "exec.approval.requested":
+        this.handleExecApproval(evt);
+        break;
+      case "shutdown":
+        logger.info("OpenClaw gateway shutting down");
+        break;
+      default:
+        logger.debug({ event: evt.event }, "Unhandled OpenClaw event type");
+    }
+  }
+  // --- Connect handshake ---
+  async sendConnectRequest(identity, gatewayToken, _challengePayload) {
+    try {
+      const clientId = "gateway-client";
+      const clientMode = "backend";
+      const role = "operator";
+      const scopes = ["operator.read", "operator.approvals"];
+      const signedAtMs = Date.now();
+      const payload = buildDeviceAuthPayload({
+        deviceId: identity.deviceId,
+        clientId,
+        clientMode,
+        role,
+        scopes,
+        signedAtMs,
+        token: gatewayToken
+      });
+      const signature = signDevicePayload(identity.privateKeyPem, payload);
+      const publicKey = publicKeyPemToRawBase64Url(identity.publicKeyPem);
+      const res = await this.sendRequest("connect", {
+        minProtocol: 3,
+        maxProtocol: 3,
+        client: {
+          id: clientId,
+          version: "1.0.0",
+          platform: process.platform,
+          mode: clientMode
+        },
+        role,
+        scopes,
+        caps: [],
+        device: {
+          id: identity.deviceId,
+          publicKey,
+          signature,
+          signedAt: signedAtMs
+        },
+        auth: { token: gatewayToken },
+        locale: "en-US",
+        userAgent: "safeclaw-monitor/1.0.0"
+      });
+      if (res.ok && res.payload?.type === "hello-ok") {
+        this.reconnectAttempts = 0;
+        this.setStatus("connected");
+        logger.info("Successfully connected to OpenClaw gateway (hello-ok)");
+      } else {
+        logger.error(
+          { error: res.error },
+          "OpenClaw connect handshake rejected"
+        );
+        this.ws?.close();
+      }
+    } catch (err) {
+      logger.error({ err }, "OpenClaw connect handshake failed");
+      this.ws?.close();
+    }
+  }
+  // --- Agent event parsing ---
+  handleAgentEvent(evt) {
+    const payload = evt.payload ?? {};
+    const sessionKey = payload.sessionKey ?? "unknown";
+    const stream = payload.stream;
+    const data = payload.data ?? {};
+    const ts = payload.ts;
+    const timestamp = ts ? new Date(ts).toISOString() : (/* @__PURE__ */ new Date()).toISOString();
+    if (stream === "lifecycle") {
+      const phase = data.phase;
+      if (phase === "start") {
+        if (!this.activeSessions.has(sessionKey)) {
+          this.activeSessions.add(sessionKey);
+          this.emit("sessionStart", sessionKey);
+        }
+      } else if (phase === "end" || phase === "error") {
+        if (this.activeSessions.has(sessionKey)) {
+          this.activeSessions.delete(sessionKey);
+          this.emit("sessionEnd", sessionKey);
+        }
+      }
+      return;
+    }
+    if (stream === "tool") {
+      const toolName = data.name ?? data.toolName ?? "unknown";
+      const phase = data.phase;
+      const args = data.args ?? {};
+      const metaRaw = data.meta;
+      const meta = typeof metaRaw === "object" && metaRaw !== null ? metaRaw : typeof metaRaw === "string" ? { description: metaRaw } : {};
+      const parsed = this.parseToolActivity(
+        sessionKey,
+        toolName,
+        phase ?? "start",
+        args,
+        meta,
+        JSON.stringify(evt),
+        timestamp
+      );
+      if (parsed) {
+        this.emit("activity", parsed);
+      }
+      return;
+    }
+    if (stream === "assistant") {
+      return;
+    }
+    if (stream === "compaction") {
+      logger.debug({ sessionKey }, "OpenClaw context compaction event");
+    }
+  }
+  // --- Chat event parsing (WhatsApp, etc.) ---
+  handleChatEvent(evt) {
+    const payload = evt.payload ?? {};
+    const sessionKey = payload.sessionKey ?? "unknown";
+    const state = payload.state;
+    const status = payload.status;
+    const message = payload.message;
+    const ts = payload.ts;
+    const timestamp = ts ? new Date(ts).toISOString() : (/* @__PURE__ */ new Date()).toISOString();
+    const runId = payload.runId ?? null;
+    let channel = "unknown";
+    const parts = sessionKey.split(":");
+    if (parts.length >= 1) {
+      channel = parts[0];
+    }
+    let targetPath = null;
+    if (parts.length >= 3) {
+      targetPath = parts.slice(2).join(":");
+    }
+    const eventState = state ?? status;
+    if (eventState === "delta") {
+      return;
+    }
+    const role = message?.role;
+    const content = message?.content;
+    let messageText = "";
+    if (Array.isArray(content)) {
+      messageText = content.filter((item) => item?.type === "text").map((item) => item?.text).join(" ").slice(0, 100);
+    }
+    const detail = eventState === "final" ? `${channel} message: ${messageText || "(sent)"}` : eventState === "started" ? `${channel} message sent` : eventState === "ok" ? `${channel} message delivered` : eventState === "error" ? `${channel} message failed` : `${channel} message (${eventState ?? "unknown"})`;
+    const activity = {
+      openclawSessionId: sessionKey,
+      activityType: "message",
+      detail,
+      rawPayload: JSON.stringify(evt),
+      toolName: channel,
+      targetPath,
+      timestamp,
+      runId
+    };
+    this.emit("activity", activity);
+    if (channel !== "agent" && eventState === "started" && !this.activeSessions.has(sessionKey)) {
+      this.activeSessions.add(sessionKey);
+      this.emit("sessionStart", sessionKey);
+    }
+  }
+  // --- Exec approval event handling ---
+  handleExecApproval(evt) {
+    const payload = evt.payload ?? {};
+    const request = payload.request ?? {};
+    const sessionKey = request.sessionKey ?? "unknown";
+    const approval = {
+      id: payload.id ?? "unknown",
+      command: request.command ?? "",
+      cwd: request.cwd ?? "",
+      security: request.security ?? "normal",
+      sessionKey
+    };
+    logger.info(
+      { command: approval.command, security: approval.security },
+      "Exec approval requested by OpenClaw agent"
+    );
+    this.emit("execApproval", approval);
+    const activity = {
+      openclawSessionId: sessionKey,
+      activityType: "shell_command",
+      detail: `[APPROVAL] ${approval.command}`,
+      rawPayload: JSON.stringify(evt),
+      toolName: "exec",
+      targetPath: null,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      runId: null
+    };
+    this.emit("activity", activity);
+  }
+  // --- Tool → Activity type mapping ---
+  parseToolActivity(sessionId, toolName, phase, args, meta, rawPayload, timestamp) {
+    let activityType = "tool_call";
+    let detail = `Tool: ${toolName} (${phase})`;
+    let targetPath = null;
+    const lowerTool = toolName.toLowerCase();
+    if (lowerTool === "read" || lowerTool === "attach") {
+      activityType = "file_read";
+      targetPath = args.path ?? args.file_path ?? args.url;
+      detail = `Read ${targetPath ?? "unknown file"}`;
+    } else if (lowerTool === "write" || lowerTool === "edit" || lowerTool === "create" || lowerTool === "patch" || lowerTool === "apply_patch") {
+      activityType = "file_write";
+      targetPath = args.path ?? args.file_path ?? args.file;
+      detail = `${lowerTool === "edit" ? "Edit" : lowerTool === "apply_patch" ? "Patch" : "Write"} ${targetPath ?? "unknown file"}`;
+    } else if (lowerTool === "exec" || lowerTool === "bash" || lowerTool === "shell" || lowerTool === "command" || lowerTool === "terminal") {
+      activityType = "shell_command";
+      const cmd = args.command ?? args.cmd ?? "";
+      detail = cmd || `Shell: ${toolName}`;
+      targetPath = null;
+    } else if (lowerTool === "browser" || lowerTool === "browse" || lowerTool === "fetch" || lowerTool === "web" || lowerTool === "http" || lowerTool === "url") {
+      activityType = "web_browse";
+      targetPath = args.url ?? args.uri;
+      const action = args.action ?? "";
+      detail = action ? `Browse: ${action}${targetPath ? ` ${targetPath}` : ""}` : `Browse ${targetPath ?? "unknown URL"}`;
+    } else if (lowerTool === "message" || lowerTool === "send" || lowerTool === "whatsapp" || lowerTool === "sms" || lowerTool === "notify") {
+      activityType = "message";
+      const to = args.to ?? args.target ?? args.recipient;
+      const provider = args.provider ?? "";
+      const action = args.action ?? "send";
+      detail = `${provider || toolName} ${action}${to ? ` to ${to}` : ""}`;
+      targetPath = to;
+    } else {
+      const desc5 = meta.description ?? "";
+      const action = args.action ?? "";
+      detail = desc5 ? `${toolName}: ${desc5}` : action ? `${toolName}: ${action}` : `Tool: ${toolName}`;
+    }
+    return {
+      openclawSessionId: sessionId,
+      activityType,
+      detail,
+      rawPayload,
+      toolName,
+      targetPath,
+      timestamp,
+      runId: null
+    };
+  }
+  // --- Request/response ---
+  sendRequest(method, params) {
+    return new Promise((resolve, reject) => {
+      if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
+        return reject(new Error("WebSocket not open"));
+      }
+      const id = crypto.randomUUID();
+      const msg = { type: "req", id, method, params };
+      const timer = setTimeout(() => {
+        this.pendingRequests.delete(id);
+        reject(new Error(`Request ${method} timed out`));
+      }, 1e4);
+      this.pendingRequests.set(id, { resolve, timer });
+      this.ws.send(JSON.stringify(msg));
+    });
+  }
+  handleResponse(res) {
+    const pending = this.pendingRequests.get(res.id);
+    if (pending) {
+      clearTimeout(pending.timer);
+      this.pendingRequests.delete(res.id);
+      pending.resolve(res);
+    }
+  }
+  cleanupPendingRequests() {
+    for (const [id, pending] of this.pendingRequests) {
+      clearTimeout(pending.timer);
+      this.pendingRequests.delete(id);
+    }
+  }
+  // --- Reconnection ---
+  scheduleReconnect() {
+    if (this.destroyed) return;
+    if (this.reconnectAttempts >= this.maxReconnectAttempts) {
+      logger.warn("Max reconnect attempts reached for OpenClaw gateway");
+      return;
+    }
+    const delay = Math.min(
+      this.baseReconnectDelay * Math.pow(1.5, this.reconnectAttempts),
+      3e4
+    );
+    this.reconnectAttempts++;
+    logger.info(
+      `Reconnecting to OpenClaw in ${Math.round(delay)}ms (attempt ${this.reconnectAttempts})`
+    );
+    this.reconnectTimer = setTimeout(() => this.connect(), delay);
+  }
+  // --- Status ---
+  setStatus(status) {
+    if (this.status !== status) {
+      this.status = status;
+      this.emit("statusChange", status);
+    }
+  }
+  getStatus() {
+    return this.status;
+  }
+  // --- Exec approval resolution ---
+  async resolveExecApproval(approvalId, decision) {
+    try {
+      const res = await this.sendRequest("exec.approval.resolve", {
+        id: approvalId,
+        decision
+      });
+      if (res.ok) {
+        logger.info({ approvalId, decision }, "Exec approval resolved");
+        return true;
+      }
+      logger.error(
+        { approvalId, decision, error: res.error },
+        "Exec approval resolution rejected"
+      );
+      return false;
+    } catch (err) {
+      logger.error(
+        { err, approvalId, decision },
+        "Failed to resolve exec approval"
+      );
+      return false;
+    }
+  }
+  // --- Exec approvals file management (via gateway) ---
+  async getExecApprovals() {
+    try {
+      const res = await this.sendRequest("exec.approvals.get", {});
+      if (res.ok && res.payload) {
+        return {
+          file: res.payload.file,
+          hash: res.payload.hash
+        };
+      }
+      logger.error(
+        { error: res.error },
+        "Failed to get exec approvals from gateway"
+      );
+      return null;
+    } catch (err) {
+      logger.error({ err }, "Failed to get exec approvals from gateway");
+      return null;
+    }
+  }
+  async setExecApprovals(file, baseHash) {
+    try {
+      const res = await this.sendRequest("exec.approvals.set", {
+        file,
+        baseHash
+      });
+      if (res.ok) {
+        logger.info("Successfully updated exec approvals via gateway");
+        return true;
+      }
+      logger.error(
+        { error: res.error },
+        "Failed to set exec approvals on gateway"
+      );
+      return false;
+    } catch (err) {
+      logger.error({ err }, "Failed to set exec approvals on gateway");
+      return false;
+    }
+  }
+  // --- Lifecycle ---
+  reconnect() {
+    this.reconnectAttempts = 0;
+    this.disconnect();
+    this.connect();
+  }
+  disconnect() {
+    if (this.reconnectTimer) {
+      clearTimeout(this.reconnectTimer);
+      this.reconnectTimer = null;
+    }
+    this.cleanupPendingRequests();
+    if (this.ws) {
+      this.ws.removeAllListeners();
+      this.ws.close();
+      this.ws = null;
+    }
+    this.setStatus("disconnected");
+  }
+  destroy() {
+    this.destroyed = true;
+    this.disconnect();
+    this.removeAllListeners();
+  }
+};
+
+// src/services/session-watcher.ts
+import { EventEmitter as EventEmitter2 } from "events";
+import fs5 from "fs";
+import path2 from "path";
+var MAX_CONTENT_PREVIEW = 10 * 1024;
+var SessionWatcher = class extends EventEmitter2 {
+  watchedFiles = /* @__PURE__ */ new Map();
+  agentsDirWatcher = null;
+  scanInterval = null;
+  destroyed = false;
+  // Track current runId (user message id) per session file
+  currentRunIds = /* @__PURE__ */ new Map();
+  // Track processed tool call IDs to avoid duplicates
+  processedToolCalls = /* @__PURE__ */ new Set();
+  // Map toolCallId → pending tool call info for matching with results
+  pendingToolCalls = /* @__PURE__ */ new Map();
+  // Cache read content by "runId:targetPath" so writes can reference what was read
+  recentReadContent = /* @__PURE__ */ new Map();
+  start() {
+    if (this.destroyed) return;
+    const agentsDir = path2.join(OPENCLAW_DIR, "agents");
+    if (!fs5.existsSync(agentsDir)) {
+      logger.debug("OpenClaw agents directory not found, will retry");
+    }
+    this.scanForSessions();
+    this.scanInterval = setInterval(() => {
+      if (!this.destroyed) this.scanForSessions();
+    }, 1e4);
+    try {
+      if (fs5.existsSync(agentsDir)) {
+        this.agentsDirWatcher = fs5.watch(agentsDir, { recursive: true }, () => {
+          if (!this.destroyed) this.scanForSessions();
+        });
+      }
+    } catch {
+    }
+    logger.info("Session file watcher started");
+  }
+  stop() {
+    this.destroyed = true;
+    if (this.scanInterval) {
+      clearInterval(this.scanInterval);
+      this.scanInterval = null;
+    }
+    if (this.agentsDirWatcher) {
+      this.agentsDirWatcher.close();
+      this.agentsDirWatcher = null;
+    }
+    for (const watched of this.watchedFiles.values()) {
+      if (watched.watcher) {
+        watched.watcher.close();
+      }
+    }
+    this.watchedFiles.clear();
+    logger.info("Session file watcher stopped");
+  }
+  scanForSessions() {
+    const agentsDir = path2.join(OPENCLAW_DIR, "agents");
+    if (!fs5.existsSync(agentsDir)) return;
+    try {
+      const agentNames = fs5.readdirSync(agentsDir).filter((name) => {
+        const stat = fs5.statSync(path2.join(agentsDir, name));
+        return stat.isDirectory();
+      });
+      for (const agentName of agentNames) {
+        this.discoverSessionFiles(agentName);
+      }
+    } catch (err) {
+      logger.debug({ err }, "Failed to scan agents directory");
+    }
+  }
+  discoverSessionFiles(agentName) {
+    const sessionsDir = path2.join(OPENCLAW_DIR, "agents", agentName, "sessions");
+    if (!fs5.existsSync(sessionsDir)) return;
+    const sessionsJsonPath = path2.join(sessionsDir, "sessions.json");
+    if (fs5.existsSync(sessionsJsonPath)) {
+      try {
+        const raw = fs5.readFileSync(sessionsJsonPath, "utf-8");
+        const sessionsData = JSON.parse(raw);
+        const sessions2 = sessionsData.sessions ?? [];
+        for (const session of sessions2) {
+          const jsonlFile = session.file ? path2.join(sessionsDir, session.file) : path2.join(sessionsDir, `${session.id}.jsonl`);
+          this.watchSessionFile(jsonlFile, session.id, agentName);
+        }
+      } catch (err) {
+        logger.debug({ err, agentName }, "Failed to read sessions.json");
+      }
+    }
+    try {
+      const files = fs5.readdirSync(sessionsDir).filter((f) => f.endsWith(".jsonl"));
+      for (const file of files) {
+        const filePath = path2.join(sessionsDir, file);
+        const sessionId = path2.basename(file, ".jsonl");
+        this.watchSessionFile(filePath, sessionId, agentName);
+      }
+    } catch {
+    }
+  }
+  watchSessionFile(filePath, sessionId, agentName) {
+    if (this.watchedFiles.has(filePath)) return;
+    if (!fs5.existsSync(filePath)) return;
+    const stat = fs5.statSync(filePath);
+    const watched = {
+      path: filePath,
+      position: stat.size,
+      // Start from current end (don't replay history)
+      watcher: null,
+      sessionId,
+      agentName
+    };
+    try {
+      watched.watcher = fs5.watch(filePath, () => {
+        if (!this.destroyed) {
+          this.readNewEntries(watched);
+        }
+      });
+    } catch (err) {
+      logger.debug({ err, filePath }, "Failed to watch session file");
+      return;
+    }
+    this.watchedFiles.set(filePath, watched);
+    logger.info({ sessionId, agentName }, "Watching session JSONL file");
+  }
+  readNewEntries(watched) {
+    try {
+      const stat = fs5.statSync(watched.path);
+      if (stat.size <= watched.position) return;
+      const fd = fs5.openSync(watched.path, "r");
+      const bufferSize = stat.size - watched.position;
+      const buffer = Buffer.alloc(bufferSize);
+      fs5.readSync(fd, buffer, 0, bufferSize, watched.position);
+      fs5.closeSync(fd);
+      watched.position = stat.size;
+      const text2 = buffer.toString("utf-8");
+      const lines = text2.split("\n").filter((l) => l.trim());
+      for (const line of lines) {
+        try {
+          const entry = JSON.parse(line);
+          this.processEntry(entry, watched.sessionId);
+        } catch {
+        }
+      }
+    } catch (err) {
+      logger.debug({ err, path: watched.path }, "Failed to read new JSONL entries");
+    }
+  }
+  processEntry(entry, openclawSessionId) {
+    if (entry.type !== "message" || !entry.message) return;
+    const { role, content } = entry.message;
+    const fileKey = openclawSessionId;
+    if (role === "user") {
+      const previousRunId = this.currentRunIds.get(fileKey);
+      if (previousRunId) {
+        for (const key of this.recentReadContent.keys()) {
+          if (key.startsWith(`${previousRunId}:`)) {
+            this.recentReadContent.delete(key);
+          }
+        }
+      }
+      this.currentRunIds.set(fileKey, entry.id);
+      return;
+    }
+    const currentRunId = this.currentRunIds.get(fileKey) ?? null;
+    if (role === "assistant" && Array.isArray(content)) {
+      for (const item of content) {
+        if (item.type === "toolCall" && item.id && item.name) {
+          if (this.processedToolCalls.has(item.id)) continue;
+          this.processedToolCalls.add(item.id);
+          const args = item.arguments ?? {};
+          const { activityType, detail, targetPath } = this.mapToolToActivity(
+            item.name,
+            args
+          );
+          const timestamp = entry.timestamp || (/* @__PURE__ */ new Date()).toISOString();
+          this.pendingToolCalls.set(item.id, {
+            activityType,
+            toolName: item.name,
+            targetPath,
+            detail,
+            sessionId: openclawSessionId,
+            runId: currentRunId,
+            timestamp
+          });
+          const activity = {
+            openclawSessionId,
+            activityType,
+            detail,
+            rawPayload: JSON.stringify(entry),
+            toolName: item.name,
+            targetPath,
+            timestamp,
+            runId: currentRunId,
+            contentPreview: null,
+            readContentPreview: null
+          };
+          this.emit("activity", activity);
+        }
+      }
+      return;
+    }
+    if (role === "toolResult" && Array.isArray(content)) {
+      const toolCallId = entry.message.toolCallId;
+      if (!toolCallId) return;
+      const pending = this.pendingToolCalls.get(toolCallId);
+      if (!pending) return;
+      this.pendingToolCalls.delete(toolCallId);
+      let contentPreview = null;
+      const textParts = [];
+      for (const item of content) {
+        if (item.type === "text" && item.text) {
+          textParts.push(item.text);
+        }
+      }
+      if (textParts.length > 0) {
+        const fullContent = textParts.join("\n");
+        contentPreview = fullContent.length > MAX_CONTENT_PREVIEW ? fullContent.slice(0, MAX_CONTENT_PREVIEW) + "...[truncated]" : fullContent;
+      }
+      if (contentPreview) {
+        if (pending.activityType === "file_read" && pending.targetPath && pending.runId) {
+          this.recentReadContent.set(`${pending.runId}:${pending.targetPath}`, contentPreview);
+        }
+        let readContentPreview = null;
+        if (pending.activityType === "file_write" && pending.targetPath && pending.runId) {
+          readContentPreview = this.recentReadContent.get(`${pending.runId}:${pending.targetPath}`) ?? null;
+        }
+        const activity = {
+          openclawSessionId: pending.sessionId,
+          activityType: pending.activityType,
+          detail: `${pending.detail} [result]`,
+          rawPayload: JSON.stringify(entry),
+          toolName: pending.toolName,
+          targetPath: pending.targetPath,
+          timestamp: entry.timestamp || (/* @__PURE__ */ new Date()).toISOString(),
+          runId: pending.runId,
+          contentPreview,
+          readContentPreview
+        };
+        this.emit("activity", activity);
+      }
+      return;
+    }
+  }
+  mapToolToActivity(toolName, args) {
+    const lower = toolName.toLowerCase();
+    if (lower === "read" || lower === "attach") {
+      const targetPath = args.path ?? args.file_path ?? args.url;
+      return {
+        activityType: "file_read",
+        detail: `Read ${targetPath ?? "unknown file"}`,
+        targetPath
+      };
+    }
+    if (lower === "write" || lower === "edit" || lower === "create" || lower === "patch" || lower === "apply_patch" || lower === "notebook_edit") {
+      const targetPath = args.path ?? args.file_path ?? args.file ?? args.notebook_path;
+      const verb = lower === "edit" ? "Edit" : lower === "apply_patch" ? "Patch" : lower === "notebook_edit" ? "Edit notebook" : "Write";
+      return {
+        activityType: "file_write",
+        detail: `${verb} ${targetPath ?? "unknown file"}`,
+        targetPath
+      };
+    }
+    if (lower === "exec" || lower === "bash" || lower === "shell" || lower === "command" || lower === "terminal") {
+      const cmd = args.command ?? args.cmd ?? "";
+      return {
+        activityType: "shell_command",
+        detail: cmd || `Shell: ${toolName}`,
+        targetPath: null
+      };
+    }
+    if (lower === "browser" || lower === "browse" || lower === "fetch" || lower === "web" || lower === "http" || lower === "url") {
+      const targetPath = args.url ?? args.uri;
+      return {
+        activityType: "web_browse",
+        detail: `Browse ${targetPath ?? "unknown URL"}`,
+        targetPath
+      };
+    }
+    if (lower === "message" || lower === "send" || lower === "whatsapp" || lower === "sms" || lower === "notify") {
+      const to = args.to ?? args.target ?? args.recipient;
+      return {
+        activityType: "message",
+        detail: `${toolName} send${to ? ` to ${to}` : ""}`,
+        targetPath: to
+      };
+    }
+    if (lower === "glob" || lower === "grep" || lower === "search" || lower === "find") {
+      const pattern = args.pattern ?? args.query ?? "";
+      return {
+        activityType: "file_read",
+        detail: `${toolName}: ${pattern}`,
+        targetPath: null
+      };
+    }
+    return {
+      activityType: "tool_call",
+      detail: `Tool: ${toolName}`,
+      targetPath: null
+    };
+  }
+};
+
+// src/services/exec-approval-service.ts
+import { eq, desc, sql as sql2 } from "drizzle-orm";
+import path3 from "path";
+var DEFAULT_TIMEOUT_MS = 6e5;
+var instance = null;
+function matchesPattern(command, pattern) {
+  const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&");
+  const regexStr = "^" + escaped.replace(/\*/g, ".*") + "$";
+  return new RegExp(regexStr, "i").test(command);
+}
+var ExecApprovalService = class {
+  client;
+  io;
+  pending = /* @__PURE__ */ new Map();
+  timeoutMs;
+  /** In-memory cache of restricted patterns, loaded from DB on init */
+  restrictedPatterns = [];
+  constructor(client, io2, timeoutMs = DEFAULT_TIMEOUT_MS) {
+    this.client = client;
+    this.io = io2;
+    this.timeoutMs = timeoutMs;
+    this.loadPatternsFromDb();
+  }
+  /**
+   * Load restricted patterns from the database into the in-memory cache.
+   * Called once on construction so patterns survive restarts.
+   */
+  loadPatternsFromDb() {
+    try {
+      const db = getDb();
+      const rows = db.select({ pattern: schema_exports.restrictedPatterns.pattern }).from(schema_exports.restrictedPatterns).all();
+      this.restrictedPatterns = rows.map((r) => r.pattern);
+      logger.info(
+        { count: this.restrictedPatterns.length },
+        "Loaded restricted patterns from database"
+      );
+    } catch (err) {
+      logger.error({ err }, "Failed to load restricted patterns from database");
+    }
+  }
+  /**
+   * Handle an incoming exec approval request from the OpenClaw gateway.
+   *
+   * Blocklist model:
+   * - If the command matches a restricted pattern → queue for user approval
+   * - If it doesn't match → auto-approve immediately with "allow-once"
+   */
+  handleRequest(request) {
+    const matchedPattern = this.findMatchingPattern(request.command);
+    if (!matchedPattern) {
+      this.resolveToGateway(request.id, "allow-once");
+      logger.debug(
+        { command: request.command },
+        "Command auto-approved (not restricted)"
+      );
+      return;
+    }
+    const now = /* @__PURE__ */ new Date();
+    const expiresAt = new Date(now.getTime() + this.timeoutMs);
+    const entry = {
+      id: request.id,
+      command: request.command,
+      cwd: request.cwd,
+      security: request.security,
+      sessionKey: request.sessionKey,
+      requestedAt: now.toISOString(),
+      expiresAt: expiresAt.toISOString(),
+      decision: null,
+      decidedBy: null,
+      decidedAt: null
+    };
+    const timer = setTimeout(() => {
+      this.handleTimeout(request.id);
+    }, this.timeoutMs);
+    this.pending.set(request.id, { entry, timer, matchedPattern });
+    this.persistApproval(entry, matchedPattern);
+    this.io.emit("safeclaw:execApprovalRequested", entry);
+    logger.info(
+      {
+        command: request.command,
+        matchedPattern,
+        timeoutMs: this.timeoutMs
+      },
+      "Restricted command queued for approval"
+    );
+  }
+  /**
+   * Handle a user decision from the UI.
+   */
+  handleDecision(approvalId, decision) {
+    const pending = this.pending.get(approvalId);
+    if (!pending) {
+      logger.warn(
+        { approvalId },
+        "Decision for unknown or already-resolved approval"
+      );
+      return;
+    }
+    clearTimeout(pending.timer);
+    this.pending.delete(approvalId);
+    const entry = pending.entry;
+    entry.decision = decision;
+    entry.decidedBy = "user";
+    entry.decidedAt = (/* @__PURE__ */ new Date()).toISOString();
+    this.resolveToGateway(approvalId, decision);
+    this.updateApprovalDecision(entry);
+    if (decision === "allow-always" && pending.matchedPattern) {
+      this.removeRestrictedPattern(pending.matchedPattern);
+    }
+    this.io.emit("safeclaw:execApprovalResolved", entry);
+    logger.info(
+      { command: entry.command, decision, approvalId },
+      "Exec approval decided by user"
+    );
+  }
+  // --- Timeout handling ---
+  handleTimeout(approvalId) {
+    const pending = this.pending.get(approvalId);
+    if (!pending) return;
+    this.pending.delete(approvalId);
+    const entry = pending.entry;
+    entry.decision = "deny";
+    entry.decidedBy = "auto-deny";
+    entry.decidedAt = (/* @__PURE__ */ new Date()).toISOString();
+    this.resolveToGateway(approvalId, "deny");
+    this.updateApprovalDecision(entry);
+    this.io.emit("safeclaw:execApprovalResolved", entry);
+    logger.info(
+      { command: entry.command, approvalId },
+      "Exec approval auto-denied (timeout)"
+    );
+  }
+  // --- Gateway communication ---
+  resolveToGateway(approvalId, decision) {
+    this.client.resolveExecApproval(approvalId, decision).catch((err) => {
+      logger.error(
+        { err, approvalId, decision },
+        "Failed to send decision to gateway"
+      );
+    });
+  }
+  // --- Database persistence ---
+  persistApproval(entry, matchedPattern) {
+    try {
+      const db = getDb();
+      db.insert(schema_exports.execApprovals).values({
+        id: entry.id,
+        command: entry.command,
+        cwd: entry.cwd,
+        security: entry.security,
+        sessionKey: entry.sessionKey,
+        requestedAt: entry.requestedAt,
+        expiresAt: entry.expiresAt,
+        decision: entry.decision,
+        decidedBy: entry.decidedBy,
+        decidedAt: entry.decidedAt,
+        matchedPattern
+      }).run();
+    } catch (err) {
+      logger.error({ err, id: entry.id }, "Failed to persist exec approval");
+    }
+  }
+  updateApprovalDecision(entry) {
+    try {
+      const db = getDb();
+      db.update(schema_exports.execApprovals).set({
+        decision: entry.decision,
+        decidedBy: entry.decidedBy,
+        decidedAt: entry.decidedAt
+      }).where(eq(schema_exports.execApprovals.id, entry.id)).run();
+    } catch (err) {
+      logger.error(
+        { err, id: entry.id },
+        "Failed to update exec approval decision"
+      );
+    }
+  }
+  // --- Pattern matching ---
+  findMatchingPattern(command) {
+    for (const pattern of this.restrictedPatterns) {
+      if (matchesPattern(command, pattern)) {
+        return pattern;
+      }
+    }
+    return null;
+  }
+  // --- Restricted patterns management ---
+  getRestrictedPatterns() {
+    return [...this.restrictedPatterns];
+  }
+  addRestrictedPattern(pattern) {
+    const trimmed = pattern.trim();
+    if (!trimmed) return this.restrictedPatterns;
+    if (!this.restrictedPatterns.includes(trimmed)) {
+      this.restrictedPatterns.push(trimmed);
+      try {
+        const db = getDb();
+        db.insert(schema_exports.restrictedPatterns).values({ pattern: trimmed }).onConflictDoNothing().run();
+      } catch (err) {
+        logger.error({ err, pattern: trimmed }, "Failed to persist restricted pattern");
+      }
+      this.syncRemoveFromOpenClawAllowlist(trimmed).catch((err) => {
+        logger.error(
+          { err, pattern: trimmed },
+          "Failed to sync pattern to OpenClaw allowlist"
+        );
+      });
+      logger.info({ pattern: trimmed }, "Added restricted command pattern");
+    }
+    this.broadcastPatterns();
+    return [...this.restrictedPatterns];
+  }
+  removeRestrictedPattern(pattern) {
+    this.restrictedPatterns = this.restrictedPatterns.filter(
+      (p) => p !== pattern
+    );
+    try {
+      const db = getDb();
+      db.delete(schema_exports.restrictedPatterns).where(eq(schema_exports.restrictedPatterns.pattern, pattern)).run();
+    } catch (err) {
+      logger.error({ err, pattern }, "Failed to remove restricted pattern from database");
+    }
+    logger.info({ pattern }, "Removed restricted command pattern");
+    this.broadcastPatterns();
+    return [...this.restrictedPatterns];
+  }
+  // --- OpenClaw allowlist sync ---
+  /**
+   * Determine if an OpenClaw allowlist entry matches a SafeClaw restricted pattern.
+   *
+   * Matching strategy:
+   * 1. Extract the binary name from the SafeClaw pattern's first token
+   *    and compare against the basename of the allowlist entry's path.
+   * 2. Check entry.lastUsedCommand against the full glob pattern.
+   * 3. Check the entry.pattern itself against the full glob pattern.
+   */
+  allowlistEntryMatchesRestriction(entry, restrictedPattern) {
+    const firstToken = restrictedPattern.split(/\s+/)[0].replace(/\*+$/, "");
+    if (firstToken) {
+      const entryBasename = path3.basename(entry.pattern);
+      if (entryBasename === firstToken || entryBasename.startsWith(firstToken)) {
+        return true;
+      }
+      if (entry.lastResolvedPath) {
+        const resolvedBasename = path3.basename(entry.lastResolvedPath);
+        if (resolvedBasename === firstToken || resolvedBasename.startsWith(firstToken)) {
+          return true;
+        }
+      }
+    }
+    if (entry.lastUsedCommand && matchesPattern(entry.lastUsedCommand, restrictedPattern)) {
+      return true;
+    }
+    if (matchesPattern(entry.pattern, restrictedPattern)) {
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Remove entries from OpenClaw's exec-approvals allowlist that match
+   * the given restricted pattern. Uses optimistic locking via the gateway.
+   */
+  async syncRemoveFromOpenClawAllowlist(pattern, maxRetries = 2) {
+    for (let attempt = 0; attempt <= maxRetries; attempt++) {
+      try {
+        const result = await this.client.getExecApprovals();
+        if (!result) {
+          logger.warn("Could not read OpenClaw exec approvals for sync");
+          return;
+        }
+        const { file, hash } = result;
+        let modified = false;
+        if (file.agents) {
+          for (const agentKey of Object.keys(file.agents)) {
+            const agent = file.agents[agentKey];
+            if (!agent.allowlist || agent.allowlist.length === 0) continue;
+            const before = agent.allowlist.length;
+            agent.allowlist = agent.allowlist.filter(
+              (entry) => !this.allowlistEntryMatchesRestriction(entry, pattern)
+            );
+            const removed = before - agent.allowlist.length;
+            if (removed > 0) {
+              modified = true;
+              logger.info(
+                { agentKey, pattern, removed },
+                "Filtered OpenClaw allowlist entries matching new restriction"
+              );
+            }
+          }
+        }
+        if (!modified) return;
+        const success = await this.client.setExecApprovals(file, hash);
+        if (success) return;
+        if (attempt < maxRetries) {
+          logger.warn(
+            { attempt, pattern },
+            "Optimistic lock conflict, retrying sync"
+          );
+        }
+      } catch (err) {
+        logger.error({ err, pattern, attempt }, "Sync attempt failed");
+        if (attempt >= maxRetries) return;
+      }
+    }
+    logger.error(
+      { pattern },
+      "Exhausted retries for OpenClaw allowlist sync"
+    );
+  }
+  broadcastPatterns() {
+    this.io.emit("safeclaw:allowlistState", {
+      patterns: this.restrictedPatterns.map((p) => ({ pattern: p }))
+    });
+  }
+  // --- Query methods ---
+  getPendingApprovals() {
+    return Array.from(this.pending.values()).map((p) => p.entry);
+  }
+  getHistory(limit = 50) {
+    try {
+      const db = getDb();
+      const rows = db.select().from(schema_exports.execApprovals).where(sql2`${schema_exports.execApprovals.decision} IS NOT NULL`).orderBy(desc(schema_exports.execApprovals.decidedAt)).limit(limit).all();
+      return rows.map((r) => ({
+        id: r.id,
+        command: r.command,
+        cwd: r.cwd,
+        security: r.security,
+        sessionKey: r.sessionKey,
+        requestedAt: r.requestedAt,
+        expiresAt: r.expiresAt,
+        decision: r.decision,
+        decidedBy: r.decidedBy,
+        decidedAt: r.decidedAt
+      }));
+    } catch (err) {
+      logger.error({ err }, "Failed to load approval history from database");
+      return [];
+    }
+  }
+  /**
+   * Get total counts for exec approvals from the database.
+   */
+  getStats() {
+    try {
+      const db = getDb();
+      const rows = db.select().from(schema_exports.execApprovals).all();
+      const decided = rows.filter((r) => r.decision !== null);
+      const blocked = decided.filter((r) => r.decision === "deny").length;
+      const allowed = decided.filter(
+        (r) => r.decision === "allow-once" || r.decision === "allow-always"
+      ).length;
+      const pendingDb = rows.filter((r) => r.decision === null).length;
+      const livePending = this.pending.size;
+      return {
+        total: rows.length + livePending - pendingDb,
+        // avoid double-counting DB pending
+        blocked,
+        allowed,
+        pending: livePending
+      };
+    } catch (err) {
+      logger.error({ err }, "Failed to compute exec approval stats");
+      return { total: 0, blocked: 0, allowed: 0, pending: 0 };
+    }
+  }
+  /**
+   * Clean up all pending timers on shutdown.
+   */
+  destroy() {
+    for (const [, pending] of this.pending) {
+      clearTimeout(pending.timer);
+    }
+    this.pending.clear();
+  }
+};
+function createExecApprovalService(client, io2, timeoutMs) {
+  if (instance) {
+    instance.destroy();
+  }
+  instance = new ExecApprovalService(client, io2, timeoutMs);
+  return instance;
+}
+
+// src/lib/exec-approvals-config.ts
+import fs6 from "fs";
+function readExecApprovalsConfig() {
+  try {
+    if (!fs6.existsSync(OPENCLAW_EXEC_APPROVALS_PATH)) return null;
+    const raw = fs6.readFileSync(OPENCLAW_EXEC_APPROVALS_PATH, "utf-8");
+    return JSON.parse(raw);
+  } catch (err) {
+    logger.warn({ err }, "Failed to read exec-approvals.json");
+    return null;
+  }
+}
+function writeExecApprovalsConfig(config) {
+  fs6.writeFileSync(
+    OPENCLAW_EXEC_APPROVALS_PATH,
+    JSON.stringify(config, null, 2)
+  );
+}
+function ensureDefaults() {
+  const config = readExecApprovalsConfig();
+  if (!config) {
+    logger.warn("exec-approvals.json not found, cannot configure defaults");
+    return;
+  }
+  let changed = false;
+  if (!config.defaults) {
+    config.defaults = {};
+  }
+  if (config.defaults.security !== "allowlist") {
+    config.defaults.security = "allowlist";
+    changed = true;
+  }
+  if (config.defaults.ask !== "always") {
+    config.defaults.ask = "always";
+    changed = true;
+  }
+  if (config.defaults.askFallback !== "deny") {
+    config.defaults.askFallback = "deny";
+    changed = true;
+  }
+  if (changed) {
+    writeExecApprovalsConfig(config);
+    logger.info(
+      { defaults: config.defaults },
+      "Configured exec-approvals.json defaults for command interception"
+    );
+  }
+  const openclawConfig = readOpenClawConfig();
+  if (openclawConfig) {
+    const execHost = openclawConfig.tools?.exec?.host;
+    if (execHost !== "gateway") {
+      writeOpenClawConfig({ tools: { exec: { host: "gateway" } } });
+      logger.info(
+        "Set tools.exec.host='gateway' in openclaw.json for exec approval support"
+      );
+    }
+  }
+}
+
+// src/lib/secret-scanner.ts
+var SECRET_PATTERNS = [
+  // AWS
+  { pattern: /AKIA[0-9A-Z]{16}/, type: "AWS_ACCESS_KEY", severity: "CRITICAL" },
+  { pattern: /(?:aws_secret_access_key|AWS_SECRET_ACCESS_KEY)\s*[=:]\s*\S{20,}/, type: "AWS_SECRET_KEY", severity: "CRITICAL" },
+  // OpenAI
+  { pattern: /sk-[a-zA-Z0-9]{20,}/, type: "OPENAI_API_KEY", severity: "CRITICAL" },
+  // GitHub
+  { pattern: /ghp_[a-zA-Z0-9]{36}/, type: "GITHUB_TOKEN", severity: "CRITICAL" },
+  { pattern: /github_pat_[a-zA-Z0-9_]{22,}/, type: "GITHUB_TOKEN", severity: "CRITICAL" },
+  { pattern: /gho_[a-zA-Z0-9]{36}/, type: "GITHUB_TOKEN", severity: "CRITICAL" },
+  // GitLab
+  { pattern: /glpat-[a-zA-Z0-9\-_]{20,}/, type: "GITLAB_TOKEN", severity: "CRITICAL" },
+  // Private keys
+  { pattern: /-----BEGIN\s+(RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/, type: "PEM_PRIVATE_KEY", severity: "CRITICAL" },
+  // Stripe
+  { pattern: /[rs]k_(live|test)_[a-zA-Z0-9]{20,}/, type: "STRIPE_KEY", severity: "CRITICAL" },
+  // SendGrid
+  { pattern: /SG\.[a-zA-Z0-9\-_]{22,}\.[a-zA-Z0-9\-_]{22,}/, type: "SENDGRID_KEY", severity: "CRITICAL" },
+  // Twilio
+  { pattern: /SK[a-f0-9]{32}/, type: "TWILIO_KEY", severity: "CRITICAL" },
+  // Slack
+  { pattern: /xox[bpars]-[a-zA-Z0-9\-]{10,}/, type: "SLACK_TOKEN", severity: "HIGH" },
+  { pattern: /https:\/\/hooks\.slack\.com\/services\/T[a-zA-Z0-9_]+\/B[a-zA-Z0-9_]+\/[a-zA-Z0-9_]+/, type: "SLACK_WEBHOOK", severity: "HIGH" },
+  // Database URLs
+  { pattern: /(?:postgres|mysql|mongodb|redis|amqp):\/\/[^\s'"]+@[^\s'"]+/, type: "DATABASE_URL", severity: "HIGH" },
+  // Basic auth headers
+  { pattern: /Authorization:\s*Basic\s+[A-Za-z0-9+/=]{10,}/, type: "BASIC_AUTH_HEADER", severity: "HIGH" },
+  // Env-style password/secret assignments
+  { pattern: /(?:PASSWORD|SECRET|TOKEN|API_KEY|APIKEY|AUTH_TOKEN|ACCESS_TOKEN)\s*[=:]\s*['"]?[^\s'"]{8,}/i, type: "PASSWORD_IN_ENV", severity: "HIGH" },
+  // JWT tokens
+  { pattern: /eyJ[a-zA-Z0-9_-]{10,}\.eyJ[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}/, type: "JWT_TOKEN", severity: "MEDIUM" },
+  // Generic API key patterns
+  { pattern: /(?:api[_-]?key|apikey)\s*[=:]\s*['"]?[a-zA-Z0-9\-_]{16,}/i, type: "GENERIC_API_KEY", severity: "MEDIUM" },
+  // Generic secret patterns
+  { pattern: /(?:secret|private[_-]?key)\s*[=:]\s*['"]?[a-zA-Z0-9\-_]{16,}/i, type: "GENERIC_SECRET", severity: "MEDIUM" }
+];
+function scanForSecrets(content) {
+  if (!content) return { types: [], maxSeverity: "NONE" };
+  const found = /* @__PURE__ */ new Set();
+  let maxSeverity = "NONE";
+  const severityOrder = {
+    NONE: 0,
+    LOW: 1,
+    MEDIUM: 2,
+    HIGH: 3,
+    CRITICAL: 4
+  };
+  for (const { pattern, type, severity } of SECRET_PATTERNS) {
+    if (pattern.test(content)) {
+      found.add(type);
+      if (severityOrder[severity] > severityOrder[maxSeverity]) {
+        maxSeverity = severity;
+      }
+    }
+  }
+  return { types: Array.from(found), maxSeverity };
+}
+
+// src/lib/threat-patterns.ts
+var PROMPT_INJECTION_STRONG = [
+  /\b(?:ignore|disregard|forget|override)\s+(?:all\s+)?(?:previous|prior|above|your)\s+(?:instructions?|rules?|prompts?|guidelines?|constraints?)/i,
+  /\b(?:you\s+(?:are|must|should|will)\s+(?:now|henceforth|from\s+now)\s+(?:be|act|behave|respond)\s+(?:as|like))/i,
+  /\bsystem\s*prompt\b/i,
+  /\bnew\s+instructions?\s*:/i,
+  /\b(?:execute|run|perform)\s+(?:the\s+following|these)\s+(?:commands?|actions?|steps?)\s*:/i,
+  /<!--\s*(?:hidden|invisible|system)\s*(?:instruction|prompt|directive)/i,
+  /\[INST\]|\[\/INST\]|<\|im_start\|>|<\|im_end\|>/,
+  /\bdo\s+not\s+(?:follow|obey|listen\s+to)\s+(?:the|your|any)\s+(?:original|previous|prior)/i
+];
+var PROMPT_INJECTION_WEAK = [
+  /\b(?:as\s+an?\s+(?:AI|assistant|language\s+model|LLM|agent))/i,
+  /\b(?:your\s+(?:task|job|role|purpose)\s+is\s+(?:to|now))/i,
+  /\b(?:pretend|imagine|suppose)\s+(?:you\s+are|that\s+you)/i,
+  /\b(?:do\s+not|don'?t)\s+(?:tell|reveal|share|disclose|mention)\s+(?:the|this|any)/i,
+  /\bact\s+as\s+(?:a|an|if)\b/i
+];
+var DESTRUCTIVE_CRITICAL = [
+  { pattern: /rm\s+(-[a-z]*r[a-z]*f|--recursive\s+--force|-[a-z]*f[a-z]*r)\s+\/(?:\s|$)/, label: "rm -rf /" },
+  { pattern: /mkfs\./, label: "filesystem format" },
+  { pattern: /dd\s+if=\/dev/, label: "raw disk write (dd)" },
+  { pattern: /:\(\)\s*\{\s*:\|:\s*&\s*\}\s*;/, label: "fork bomb" },
+  { pattern: /chmod\s+777\s+\/(?:\s|$)/, label: "chmod 777 /" },
+  { pattern: />\s*\/dev\/sd[a-z]/, label: "overwrite disk device" }
+];
+var DESTRUCTIVE_HIGH = [
+  { pattern: /rm\s+-[a-z]*r[a-z]*f?\b/, label: "recursive delete (rm -rf)" },
+  { pattern: /DROP\s+(?:TABLE|DATABASE|SCHEMA)\b/i, label: "SQL DROP" },
+  { pattern: /TRUNCATE\s+TABLE\b/i, label: "SQL TRUNCATE" },
+  { pattern: /DELETE\s+FROM\s+\w+\s*(?:;|$)/i, label: "SQL DELETE without WHERE" },
+  { pattern: /git\s+push\s+.*--force/, label: "git force push" },
+  { pattern: /git\s+reset\s+--hard/, label: "git hard reset" }
+];
+var PRIVILEGE_CRITICAL = [
+  { pattern: /sudo\s+.*(?:rm|dd|mkfs|chmod\s+777)/, label: "sudo + destructive command" }
+];
+var PRIVILEGE_HIGH = [
+  { pattern: /\bsudo\b/, label: "sudo" },
+  { pattern: /\busermod\b/, label: "usermod" },
+  { pattern: /\buseradd\b/, label: "useradd" },
+  { pattern: /\bpasswd\b/, label: "passwd" },
+  { pattern: /\bsu\s+-?\s*\w/, label: "su (switch user)" },
+  { pattern: /chmod\s+[0-7]{3,4}\s+\/(?:etc|usr|sys|boot)/, label: "chmod on system path" },
+  { pattern: /chown\s+\w+[:\s]\w*\s+\/(?:etc|usr|sys|boot)/, label: "chown on system path" }
+];
+var PRIVILEGE_MEDIUM = [
+  { pattern: /\bchmod\b/, label: "chmod" },
+  { pattern: /\bchown\b/, label: "chown" }
+];
+var SUPPLY_CHAIN_HIGH = [
+  { pattern: /npm\s+install\s+(?:-g\s+)?\S+(?:\s|$)/, label: "npm install package" },
+  { pattern: /pip\s+install\s+(?!-r\s+requirements)\S+/, label: "pip install package" },
+  { pattern: /gem\s+install\s+/, label: "gem install" },
+  { pattern: /cargo\s+install\s+/, label: "cargo install" },
+  { pattern: /go\s+install\s+/, label: "go install" },
+  { pattern: /(?:curl|wget)\s+.*\|\s*(?:sh|bash|zsh|node|python)/, label: "download and execute script" },
+  { pattern: /npx\s+(?!safeclaw)\S+/, label: "npx execute remote package" }
+];
+var SUPPLY_CHAIN_MEDIUM = [
+  { pattern: /npm\s+install\b/, label: "npm install" },
+  { pattern: /pip\s+install\s+-r/, label: "pip install from requirements" },
+  { pattern: /brew\s+install\s+/, label: "brew install" },
+  { pattern: /apt(?:-get)?\s+install\s+/, label: "apt install" },
+  { pattern: /yum\s+install\s+/, label: "yum install" }
+];
+var EXFILTRATION_URLS = [
+  { pattern: /pastebin\.com/, label: "pastebin.com" },
+  { pattern: /paste\.ee/, label: "paste.ee" },
+  { pattern: /transfer\.sh/, label: "transfer.sh" },
+  { pattern: /ngrok\.io/, label: "ngrok.io" },
+  { pattern: /requestbin/, label: "requestbin" },
+  { pattern: /webhook\.site/, label: "webhook.site" },
+  { pattern: /pipedream\.net/, label: "pipedream.net" },
+  { pattern: /hookbin\.com/, label: "hookbin.com" },
+  { pattern: /beeceptor\.com/, label: "beeceptor.com" },
+  { pattern: /postb\.in/, label: "postb.in" }
+];
+var NETWORK_COMMAND_PATTERNS = [
+  { pattern: /curl\s+.*-X\s*POST\b/i, label: "curl POST" },
+  { pattern: /curl\s+.*(?:--data|-d)\s+/i, label: "curl with data" },
+  { pattern: /wget\s+.*--post-data/i, label: "wget POST" },
+  { pattern: /nc\s+-.*\d+\.\d+\.\d+\.\d+/, label: "netcat to IP" },
+  { pattern: /\bssh\s+.*@/, label: "SSH connection" },
+  { pattern: /\bscp\s+/, label: "SCP file transfer" }
+];
+var RAW_IP_URL = /^https?:\/\/\d+\.\d+\.\d+\.\d+/;
+var CODE_EXFILTRATION_PATTERNS = [
+  { pattern: /(?:fetch|axios|http|request)\s*\(.*process\.env/s, label: "HTTP request with env vars" },
+  { pattern: /(?:fetch|axios|http|request)\s*\(.*(?:readFileSync|readFile)/s, label: "HTTP request with file content" },
+  { pattern: /(?:Buffer|btoa|atob).*(?:fetch|http|request|send)/s, label: "encoded data in HTTP request" }
+];
+var OBFUSCATION_PATTERNS = [
+  { pattern: /eval\s*\(\s*(?:atob|Buffer\.from|decodeURIComponent)\s*\(/, label: "eval with decoded content" },
+  { pattern: /(?:String\.fromCharCode|\\x[0-9a-f]{2}){5,}/i, label: "character code obfuscation" },
+  { pattern: /new\s+Function\s*\(\s*['"`].*['"`]\s*\)/, label: "dynamic Function constructor" }
+];
+var SENSITIVE_PATH_RULES = [
+  // Auth files — write is CRITICAL, read is HIGH
+  { pattern: /\/etc\/passwd$/, label: "/etc/passwd", readSeverity: "HIGH", writeSeverity: "CRITICAL" },
+  { pattern: /\/etc\/shadow$/, label: "/etc/shadow", readSeverity: "HIGH", writeSeverity: "CRITICAL" },
+  { pattern: /\/etc\/sudoers/, label: "/etc/sudoers", readSeverity: "HIGH", writeSeverity: "CRITICAL" },
+  { pattern: /\.ssh\/authorized_keys$/, label: ".ssh/authorized_keys", readSeverity: "HIGH", writeSeverity: "CRITICAL" },
+  // Credential directories
+  { pattern: /\.ssh\//, label: ".ssh directory", readSeverity: "HIGH", writeSeverity: "HIGH" },
+  { pattern: /\.aws\//, label: ".aws directory", readSeverity: "HIGH", writeSeverity: "HIGH" },
+  { pattern: /\.gnupg\//, label: ".gnupg directory", readSeverity: "HIGH", writeSeverity: "HIGH" },
+  { pattern: /\.gcloud\//, label: ".gcloud directory", readSeverity: "HIGH", writeSeverity: "HIGH" },
+  // Credential files
+  { pattern: /\.env$/, label: ".env file", readSeverity: "HIGH", writeSeverity: "CRITICAL" },
+  { pattern: /\.env\.\w+$/, label: ".env.* file", readSeverity: "HIGH", writeSeverity: "HIGH" },
+  { pattern: /\.(pem|key|p12|pfx)$/i, label: "key/certificate file", readSeverity: "HIGH", writeSeverity: "CRITICAL" },
+  { pattern: /id_rsa$|id_ed25519$|id_ecdsa$/, label: "SSH private key", readSeverity: "HIGH", writeSeverity: "CRITICAL" },
+  { pattern: /\.keychain$/, label: "keychain file", readSeverity: "HIGH", writeSeverity: "HIGH" },
+  { pattern: /\.(pass|secret|token)$/i, label: "credentials file", readSeverity: "HIGH", writeSeverity: "HIGH" }
+];
+var SYSTEM_PATH_RULES = [
+  // Critical system paths (write only — reads are TC-SFA)
+  { pattern: /^\/etc\//, label: "/etc/ system config", severity: "HIGH" },
+  { pattern: /^\/usr\/bin\//, label: "/usr/bin/ system binaries", severity: "HIGH" },
+  { pattern: /^\/usr\/sbin\//, label: "/usr/sbin/ system admin binaries", severity: "HIGH" },
+  { pattern: /^\/usr\/local\/bin\//, label: "/usr/local/bin/ local binaries", severity: "HIGH" },
+  { pattern: /^\/boot\//, label: "/boot/ boot configuration", severity: "CRITICAL" },
+  { pattern: /^\/System\//, label: "/System/ macOS system", severity: "CRITICAL" },
+  { pattern: /^\/Library\/Launch/, label: "macOS LaunchDaemons/Agents", severity: "CRITICAL" },
+  // Config files
+  { pattern: /\/\.bashrc$|\/\.bash_profile$/, label: ".bashrc/.bash_profile", severity: "MEDIUM" },
+  { pattern: /\/\.zshrc$|\/\.zprofile$/, label: ".zshrc/.zprofile", severity: "MEDIUM" },
+  { pattern: /\/\.npmrc$/, label: ".npmrc", severity: "MEDIUM" },
+  { pattern: /\/\.gitconfig$/, label: ".gitconfig", severity: "MEDIUM" }
+];
+var DEPENDENCY_FILES = [
+  /package\.json$/,
+  /requirements\.txt$/,
+  /Gemfile$/,
+  /go\.mod$/,
+  /Cargo\.toml$/,
+  /pom\.xml$/,
+  /build\.gradle$/,
+  /pyproject\.toml$/,
+  /composer\.json$/
+];
+var BUILD_CI_FILES = [
+  /\.github\/workflows\//,
+  /\.gitlab-ci\.yml$/,
+  /Jenkinsfile$/,
+  /Makefile$/,
+  /Dockerfile$/,
+  /docker-compose\.ya?ml$/,
+  /\.circleci\//
+];
+
+// src/lib/threat-classifier.ts
+var SEVERITY_ORDER = {
+  NONE: 0,
+  LOW: 1,
+  MEDIUM: 2,
+  HIGH: 3,
+  CRITICAL: 4
+};
+function maxThreat(a, b) {
+  return SEVERITY_ORDER[a] >= SEVERITY_ORDER[b] ? a : b;
+}
+function finding(categoryId, categoryName, severity, reason, evidence, owaspRef) {
+  const f = { categoryId, categoryName, severity, reason };
+  if (evidence) f.evidence = evidence;
+  if (owaspRef) f.owaspRef = owaspRef;
+  return f;
+}
+function classifyActivity(input) {
+  const findings = [];
+  findings.push(...analyzeSecretExposure(input));
+  findings.push(...analyzeDataExfiltration(input));
+  findings.push(...analyzePromptInjection(input));
+  findings.push(...analyzeDestructiveOps(input));
+  findings.push(...analyzePrivilegeEscalation(input));
+  findings.push(...analyzeSupplyChain(input));
+  findings.push(...analyzeSensitiveFileAccess(input));
+  findings.push(...analyzeSystemModification(input));
+  findings.push(...analyzeNetworkActivity(input));
+  findings.push(...analyzeMcpToolPoisoning(input));
+  const threatLevel = findings.length > 0 ? findings.reduce((max, f) => maxThreat(max, f.severity), "NONE") : "NONE";
+  const secretTypes = findings.filter((f) => f.categoryId === "TC-SEC" && f.evidence).map((f) => f.evidence);
+  const secretsDetected = secretTypes.length > 0 ? secretTypes : null;
+  return { threatLevel, findings, secretsDetected };
+}
+function analyzeSecretExposure(input) {
+  const results = [];
+  const consumesContent = ["file_read", "shell_command", "web_browse", "tool_call"].includes(input.activityType);
+  const writesContent = input.activityType === "file_write";
+  if (input.contentPreview) {
+    const scan = scanForSecrets(input.contentPreview);
+    for (const secretType of scan.types) {
+      if (consumesContent) {
+        results.push(finding(
+          "TC-SEC",
+          "Secret Exposure",
+          scan.maxSeverity,
+          `Content contains ${secretType} \u2014 sent to model provider cloud as part of agent context`,
+          secretType,
+          "LLM02"
+        ));
+      } else if (writesContent) {
+        results.push(finding(
+          "TC-SEC",
+          "Secret Exposure",
+          SEVERITY_ORDER[scan.maxSeverity] >= SEVERITY_ORDER["HIGH"] ? "HIGH" : scan.maxSeverity,
+          `Writing content containing ${secretType} \u2014 creates credential leak risk`,
+          secretType,
+          "LLM02"
+        ));
+      }
+    }
+  }
+  if (writesContent && input.readContentPreview) {
+    const scan = scanForSecrets(input.readContentPreview);
+    for (const secretType of scan.types) {
+      if (!results.some((r) => r.evidence === secretType)) {
+        results.push(finding(
+          "TC-SEC",
+          "Secret Exposure",
+          scan.maxSeverity,
+          `File being edited contains ${secretType} \u2014 original content was in agent context`,
+          secretType,
+          "LLM02"
+        ));
+      }
+    }
+  }
+  return results;
+}
+function analyzeDataExfiltration(input) {
+  const results = [];
+  if (input.activityType === "shell_command") {
+    const cmd = input.detail;
+    for (const { pattern, label } of EXFILTRATION_URLS) {
+      if (pattern.test(cmd)) {
+        results.push(finding(
+          "TC-EXF",
+          "Data Exfiltration",
+          "HIGH",
+          `Command targets known exfiltration service: ${label}`,
+          label,
+          "LLM02"
+        ));
+        break;
+      }
+    }
+    for (const { pattern, label } of NETWORK_COMMAND_PATTERNS) {
+      if (pattern.test(cmd) && /(?:--data|-d\s|--post-data)/.test(cmd)) {
+        results.push(finding(
+          "TC-EXF",
+          "Data Exfiltration",
+          "MEDIUM",
+          `Outbound data transfer via ${label}`,
+          label,
+          "LLM02"
+        ));
+        break;
+      }
+    }
+  }
+  if (input.activityType === "web_browse" && input.targetPath) {
+    for (const { pattern, label } of EXFILTRATION_URLS) {
+      if (pattern.test(input.targetPath)) {
+        results.push(finding(
+          "TC-EXF",
+          "Data Exfiltration",
+          "HIGH",
+          `Browsing known exfiltration service: ${label}`,
+          label,
+          "LLM02"
+        ));
+        break;
+      }
+    }
+  }
+  if (input.activityType === "message" && input.contentPreview) {
+    const scan = scanForSecrets(input.contentPreview);
+    if (scan.types.length > 0) {
+      results.push(finding(
+        "TC-EXF",
+        "Data Exfiltration",
+        "CRITICAL",
+        `Message contains secrets (${scan.types.join(", ")}) being sent externally`,
+        scan.types.join(", "),
+        "LLM02"
+      ));
+    }
+  }
+  if (input.activityType === "file_write" && input.contentPreview) {
+    for (const { pattern, label } of CODE_EXFILTRATION_PATTERNS) {
+      if (pattern.test(input.contentPreview)) {
+        results.push(finding(
+          "TC-EXF",
+          "Data Exfiltration",
+          "HIGH",
+          `Written code contains data exfiltration pattern: ${label}`,
+          label,
+          "LLM02"
+        ));
+        break;
+      }
+    }
+    for (const { pattern, label } of OBFUSCATION_PATTERNS) {
+      if (pattern.test(input.contentPreview)) {
+        results.push(finding(
+          "TC-EXF",
+          "Data Exfiltration",
+          "HIGH",
+          `Written code contains obfuscation pattern: ${label}`,
+          label,
+          "LLM05"
+        ));
+        break;
+      }
+    }
+  }
+  return results;
+}
+function analyzePromptInjection(input) {
+  const results = [];
+  if (!["file_read", "web_browse", "shell_command", "tool_call"].includes(input.activityType)) {
+    return results;
+  }
+  if (!input.contentPreview) return results;
+  for (const pattern of PROMPT_INJECTION_STRONG) {
+    const match = input.contentPreview.match(pattern);
+    if (match) {
+      const source = input.activityType === "web_browse" ? "Web page" : input.activityType === "file_read" ? "File" : input.activityType === "shell_command" ? "Command output" : "Content";
+      results.push(finding(
+        "TC-INJ",
+        "Prompt Injection Risk",
+        "HIGH",
+        `${source} contains potential prompt injection: "${match[0].slice(0, 80)}"`,
+        match[0].slice(0, 100),
+        "LLM01"
+      ));
+      break;
+    }
+  }
+  if (results.length === 0 && (input.activityType === "web_browse" || input.activityType === "tool_call")) {
+    for (const pattern of PROMPT_INJECTION_WEAK) {
+      const match = input.contentPreview.match(pattern);
+      if (match) {
+        results.push(finding(
+          "TC-INJ",
+          "Prompt Injection Risk",
+          "MEDIUM",
+          `External content contains instruction-like pattern: "${match[0].slice(0, 80)}"`,
+          match[0].slice(0, 100),
+          "LLM01"
+        ));
+        break;
+      }
+    }
+  }
+  return results;
+}
+function analyzeDestructiveOps(input) {
+  const results = [];
+  if (input.activityType === "shell_command") {
+    const cmd = input.detail;
+    for (const { pattern, label } of DESTRUCTIVE_CRITICAL) {
+      if (pattern.test(cmd)) {
+        results.push(finding(
+          "TC-DES",
+          "Destructive Operation",
+          "CRITICAL",
+          `Destructive system command: ${label}`,
+          label,
+          "LLM06"
+        ));
+        return results;
+      }
+    }
+    for (const { pattern, label } of DESTRUCTIVE_HIGH) {
+      if (pattern.test(cmd)) {
+        results.push(finding(
+          "TC-DES",
+          "Destructive Operation",
+          "HIGH",
+          `Potentially destructive command: ${label}`,
+          label,
+          "LLM06"
+        ));
+        break;
+      }
+    }
+  }
+  if (input.activityType === "file_write" && input.contentPreview) {
+    if (/DROP\s+(?:TABLE|DATABASE|SCHEMA)\b/i.test(input.contentPreview)) {
+      results.push(finding(
+        "TC-DES",
+        "Destructive Operation",
+        "MEDIUM",
+        "File contains destructive SQL statements (DROP)",
+        "DROP TABLE/DATABASE",
+        "LLM06"
+      ));
+    }
+  }
+  return results;
+}
+function analyzePrivilegeEscalation(input) {
+  const results = [];
+  if (input.activityType !== "shell_command") return results;
+  const cmd = input.detail;
+  for (const { pattern, label } of PRIVILEGE_CRITICAL) {
+    if (pattern.test(cmd)) {
+      results.push(finding(
+        "TC-ESC",
+        "Privilege Escalation",
+        "CRITICAL",
+        `Elevated privilege with destructive command: ${label}`,
+        label,
+        "LLM06"
+      ));
+      return results;
+    }
+  }
+  for (const { pattern, label } of PRIVILEGE_HIGH) {
+    if (pattern.test(cmd)) {
+      results.push(finding(
+        "TC-ESC",
+        "Privilege Escalation",
+        "HIGH",
+        `Privilege escalation: ${label}`,
+        label,
+        "LLM06"
+      ));
+      break;
+    }
+  }
+  if (results.length === 0) {
+    for (const { pattern, label } of PRIVILEGE_MEDIUM) {
+      if (pattern.test(cmd)) {
+        results.push(finding(
+          "TC-ESC",
+          "Privilege Escalation",
+          "MEDIUM",
+          `Permission modification: ${label}`,
+          label,
+          "LLM06"
+        ));
+        break;
+      }
+    }
+  }
+  return results;
+}
+function analyzeSupplyChain(input) {
+  const results = [];
+  if (input.activityType === "shell_command") {
+    const cmd = input.detail;
+    for (const { pattern, label } of SUPPLY_CHAIN_HIGH) {
+      if (pattern.test(cmd)) {
+        results.push(finding(
+          "TC-SUP",
+          "Supply Chain Risk",
+          "HIGH",
+          `Package installation or remote execution: ${label}`,
+          label,
+          "LLM03"
+        ));
+        return results;
+      }
+    }
+    for (const { pattern, label } of SUPPLY_CHAIN_MEDIUM) {
+      if (pattern.test(cmd)) {
+        results.push(finding(
+          "TC-SUP",
+          "Supply Chain Risk",
+          "MEDIUM",
+          `Package management operation: ${label}`,
+          label,
+          "LLM03"
+        ));
+        break;
+      }
+    }
+  }
+  if (input.activityType === "file_write" && input.targetPath) {
+    for (const pattern of DEPENDENCY_FILES) {
+      if (pattern.test(input.targetPath)) {
+        results.push(finding(
+          "TC-SUP",
+          "Supply Chain Risk",
+          "MEDIUM",
+          `Modifying dependency file: ${input.targetPath.split("/").pop()}`,
+          input.targetPath,
+          "LLM03"
+        ));
+        break;
+      }
+    }
+    for (const pattern of BUILD_CI_FILES) {
+      if (pattern.test(input.targetPath)) {
+        results.push(finding(
+          "TC-SUP",
+          "Supply Chain Risk",
+          "MEDIUM",
+          `Modifying build/CI configuration: ${input.targetPath.split("/").pop()}`,
+          input.targetPath,
+          "LLM03"
+        ));
+        break;
+      }
+    }
+  }
+  return results;
+}
+function analyzeSensitiveFileAccess(input) {
+  const results = [];
+  if (!["file_read", "file_write"].includes(input.activityType)) return results;
+  if (!input.targetPath) return results;
+  const isWrite = input.activityType === "file_write";
+  for (const rule of SENSITIVE_PATH_RULES) {
+    if (rule.pattern.test(input.targetPath)) {
+      const severity = isWrite ? rule.writeSeverity : rule.readSeverity;
+      const verb = isWrite ? "Writing to" : "Reading";
+      results.push(finding(
+        "TC-SFA",
+        "Sensitive File Access",
+        severity,
+        `${verb} sensitive path: ${rule.label}`,
+        input.targetPath,
+        "LLM02"
+      ));
+      break;
+    }
+  }
+  return results;
+}
+function analyzeSystemModification(input) {
+  const results = [];
+  if (input.activityType !== "file_write") return results;
+  if (!input.targetPath) return results;
+  for (const rule of SYSTEM_PATH_RULES) {
+    if (rule.pattern.test(input.targetPath)) {
+      results.push(finding(
+        "TC-SYS",
+        "System Modification",
+        rule.severity,
+        `Modifying system path: ${rule.label}`,
+        input.targetPath,
+        "LLM06"
+      ));
+      break;
+    }
+  }
+  return results;
+}
+function analyzeNetworkActivity(input) {
+  const results = [];
+  if (input.activityType === "web_browse" && input.targetPath) {
+    if (RAW_IP_URL.test(input.targetPath)) {
+      results.push(finding(
+        "TC-NET",
+        "Suspicious Network",
+        "MEDIUM",
+        `Browsing raw IP address instead of domain name`,
+        input.targetPath
+      ));
+    }
+  }
+  if (input.activityType === "shell_command") {
+    const cmd = input.detail;
+    for (const { pattern, label } of NETWORK_COMMAND_PATTERNS) {
+      if (pattern.test(cmd)) {
+        const hasExfilUrl = EXFILTRATION_URLS.some((e) => e.pattern.test(cmd));
+        if (!hasExfilUrl) {
+          results.push(finding(
+            "TC-NET",
+            "Suspicious Network",
+            "MEDIUM",
+            `Network operation: ${label}`,
+            label
+          ));
+          break;
+        }
+      }
+    }
+  }
+  if (input.activityType === "message") {
+    results.push(finding(
+      "TC-NET",
+      "Suspicious Network",
+      "LOW",
+      "External message sent",
+      input.targetPath ?? void 0
+    ));
+  }
+  return results;
+}
+function analyzeMcpToolPoisoning(input) {
+  const results = [];
+  if (input.activityType !== "tool_call") return results;
+  if (input.contentPreview) {
+    for (const pattern of PROMPT_INJECTION_STRONG) {
+      if (pattern.test(input.contentPreview)) {
+        results.push(finding(
+          "TC-MCP",
+          "MCP/Tool Poisoning",
+          "HIGH",
+          `Tool response contains agent-directive content that may manipulate behavior`,
+          input.toolName ?? void 0,
+          "LLM01"
+        ));
+        break;
+      }
+    }
+  }
+  return results;
+}
+
+// src/interceptor.ts
+function analyzeActivityThreat(activityType, detail, targetPath, contentPreview, readContentPreview, toolName) {
+  const classification = classifyActivity({
+    activityType,
+    detail,
+    targetPath,
+    contentPreview: contentPreview ?? null,
+    readContentPreview: readContentPreview ?? null,
+    toolName: toolName ?? null
+  });
+  return {
+    threatLevel: classification.threatLevel,
+    secretsDetected: classification.secretsDetected,
+    findings: classification.findings
+  };
+}
+
+// src/services/openclaw-monitor.ts
+import { eq as eq2, ne, desc as desc2, and, sql as sql3 } from "drizzle-orm";
+var instance2 = null;
+var OpenClawMonitor = class {
+  client;
+  sessionWatcher;
+  execApprovalService;
+  io;
+  lastEventAt = null;
+  constructor(io2) {
+    this.io = io2;
+    this.client = new OpenClawClient();
+    this.sessionWatcher = new SessionWatcher();
+    this.execApprovalService = createExecApprovalService(this.client, io2);
+    this.setupListeners();
+    ensureDefaults();
+  }
+  setupListeners() {
+    this.client.on("activity", (parsed) => {
+      this.handleActivity({
+        openclawSessionId: parsed.openclawSessionId,
+        activityType: parsed.activityType,
+        detail: parsed.detail,
+        rawPayload: parsed.rawPayload,
+        toolName: parsed.toolName,
+        targetPath: parsed.targetPath,
+        timestamp: parsed.timestamp,
+        runId: parsed.runId ?? null,
+        contentPreview: null,
+        readContentPreview: null
+      }).catch(
+        (err) => logger.error({ err }, "Failed to handle OpenClaw activity")
+      );
+    });
+    this.client.on("sessionStart", (sessionId, model) => {
+      this.handleSessionStart(sessionId, model).catch(
+        (err) => logger.error({ err }, "Failed to handle OpenClaw session start")
+      );
+    });
+    this.client.on("sessionEnd", (sessionId) => {
+      this.handleSessionEnd(sessionId).catch(
+        (err) => logger.error({ err }, "Failed to handle OpenClaw session end")
+      );
+    });
+    this.client.on("statusChange", (_status) => {
+      this.broadcastStatus();
+    });
+    this.client.on("execApproval", (request) => {
+      this.execApprovalService.handleRequest(request);
+    });
+    this.sessionWatcher.on("activity", (activity) => {
+      this.handleActivity(activity).catch(
+        (err) => logger.error({ err }, "Failed to handle session file activity")
+      );
+    });
+  }
+  async handleActivity(parsed) {
+    const { threatLevel, secretsDetected, findings } = analyzeActivityThreat(
+      parsed.activityType,
+      parsed.detail,
+      parsed.targetPath,
+      parsed.contentPreview,
+      parsed.readContentPreview,
+      parsed.toolName
+    );
+    const db = getDb();
+    const existingSession = await db.select().from(schema_exports.openclawSessions).where(eq2(schema_exports.openclawSessions.id, parsed.openclawSessionId)).limit(1);
+    if (existingSession.length === 0) {
+      await db.insert(schema_exports.openclawSessions).values({
+        id: parsed.openclawSessionId,
+        status: "ACTIVE"
+      });
+    }
+    const secretsJson = secretsDetected ? JSON.stringify(secretsDetected) : null;
+    const findingsJson = findings.length > 0 ? JSON.stringify(findings) : null;
+    const [inserted] = await db.insert(schema_exports.agentActivities).values({
+      openclawSessionId: parsed.openclawSessionId,
+      activityType: parsed.activityType,
+      detail: parsed.detail,
+      rawPayload: parsed.rawPayload,
+      threatLevel,
+      timestamp: parsed.timestamp,
+      toolName: parsed.toolName,
+      targetPath: parsed.targetPath,
+      runId: parsed.runId,
+      contentPreview: parsed.contentPreview,
+      readContentPreview: parsed.readContentPreview,
+      secretsDetected: secretsJson,
+      threatFindings: findingsJson
+    }).returning();
+    this.lastEventAt = parsed.timestamp;
+    let parsedSecrets = null;
+    if (inserted.secretsDetected) {
+      try {
+        parsedSecrets = JSON.parse(inserted.secretsDetected);
+      } catch {
+        parsedSecrets = null;
+      }
+    }
+    let parsedFindings = null;
+    if (inserted.threatFindings) {
+      try {
+        parsedFindings = JSON.parse(inserted.threatFindings);
+      } catch {
+        parsedFindings = null;
+      }
+    }
+    const activity = {
+      id: inserted.id,
+      openclawSessionId: inserted.openclawSessionId,
+      activityType: inserted.activityType,
+      detail: inserted.detail,
+      rawPayload: inserted.rawPayload,
+      threatLevel: inserted.threatLevel,
+      timestamp: inserted.timestamp,
+      toolName: inserted.toolName,
+      targetPath: inserted.targetPath,
+      runId: inserted.runId,
+      contentPreview: inserted.contentPreview,
+      readContentPreview: inserted.readContentPreview,
+      secretsDetected: parsedSecrets,
+      threatFindings: parsedFindings,
+      resolved: false,
+      resolvedAt: null
+    };
+    this.io.emit("safeclaw:openclawActivity", activity);
+    if (threatLevel === "HIGH" || threatLevel === "CRITICAL") {
+      this.io.emit("safeclaw:alert", {
+        command: parsed.detail,
+        threatLevel,
+        id: inserted.id
+      });
+    }
+    if (secretsDetected && secretsDetected.length > 0) {
+      logger.warn(
+        {
+          sessionId: parsed.openclawSessionId,
+          secrets: secretsDetected,
+          threat: threatLevel
+        },
+        `Secrets detected in agent activity: ${secretsDetected.join(", ")}`
+      );
+    }
+    logger.info(
+      {
+        sessionId: parsed.openclawSessionId,
+        type: parsed.activityType,
+        threat: threatLevel,
+        runId: parsed.runId
+      },
+      `OpenClaw activity: ${parsed.detail}`
+    );
+  }
+  async handleSessionStart(sessionId, model) {
+    const db = getDb();
+    const existing = await db.select().from(schema_exports.openclawSessions).where(eq2(schema_exports.openclawSessions.id, sessionId)).limit(1);
+    if (existing.length === 0) {
+      await db.insert(schema_exports.openclawSessions).values({
+        id: sessionId,
+        status: "ACTIVE",
+        model: model ?? null
+      });
+    } else {
+      await db.update(schema_exports.openclawSessions).set({ status: "ACTIVE", model: model ?? null }).where(eq2(schema_exports.openclawSessions.id, sessionId));
+    }
+    const session = await this.buildSessionPayload(sessionId);
+    if (session) {
+      this.io.emit("safeclaw:openclawSessionUpdate", session);
+    }
+  }
+  async handleSessionEnd(sessionId) {
+    const db = getDb();
+    await db.update(schema_exports.openclawSessions).set({
+      status: "ENDED",
+      endedAt: sql3`datetime('now')`
+    }).where(eq2(schema_exports.openclawSessions.id, sessionId));
+    const session = await this.buildSessionPayload(sessionId);
+    if (session) {
+      this.io.emit("safeclaw:openclawSessionUpdate", session);
+    }
+  }
+  async buildSessionPayload(sessionId) {
+    const db = getDb();
+    const [row] = await db.select().from(schema_exports.openclawSessions).where(eq2(schema_exports.openclawSessions.id, sessionId));
+    if (!row) return null;
+    const activities = await db.select().from(schema_exports.agentActivities).where(eq2(schema_exports.agentActivities.openclawSessionId, sessionId));
+    const threatSummary = {
+      NONE: 0,
+      LOW: 0,
+      MEDIUM: 0,
+      HIGH: 0,
+      CRITICAL: 0
+    };
+    for (const a of activities) {
+      threatSummary[a.threatLevel]++;
+    }
+    return {
+      id: row.id,
+      startedAt: row.startedAt,
+      endedAt: row.endedAt,
+      status: row.status,
+      model: row.model,
+      activityCount: activities.length,
+      threatSummary
+    };
+  }
+  mapRowToActivity(r) {
+    let parsedSecrets = null;
+    if (r.secretsDetected) {
+      try {
+        parsedSecrets = JSON.parse(r.secretsDetected);
+      } catch {
+        parsedSecrets = null;
+      }
+    }
+    let parsedFindings = null;
+    if (r.threatFindings) {
+      try {
+        parsedFindings = JSON.parse(r.threatFindings);
+      } catch {
+        parsedFindings = null;
+      }
+    }
+    return {
+      id: r.id,
+      openclawSessionId: r.openclawSessionId,
+      activityType: r.activityType,
+      detail: r.detail,
+      rawPayload: r.rawPayload,
+      threatLevel: r.threatLevel,
+      timestamp: r.timestamp,
+      toolName: r.toolName,
+      targetPath: r.targetPath,
+      runId: r.runId,
+      contentPreview: r.contentPreview,
+      readContentPreview: r.readContentPreview,
+      secretsDetected: parsedSecrets,
+      threatFindings: parsedFindings,
+      resolved: Boolean(r.resolved),
+      resolvedAt: r.resolvedAt ?? null
+    };
+  }
+  async resolveActivity(activityId, resolved) {
+    const db = getDb();
+    await db.update(schema_exports.agentActivities).set({
+      resolved: resolved ? 1 : 0,
+      resolvedAt: resolved ? (/* @__PURE__ */ new Date()).toISOString() : null
+    }).where(eq2(schema_exports.agentActivities.id, activityId));
+    const [row] = await db.select().from(schema_exports.agentActivities).where(eq2(schema_exports.agentActivities.id, activityId));
+    if (!row) return null;
+    return this.mapRowToActivity(row);
+  }
+  async getThreats(severity, resolved, limit = 100) {
+    const db = getDb();
+    const conditions = [ne(schema_exports.agentActivities.threatLevel, "NONE")];
+    if (severity) {
+      conditions.push(eq2(schema_exports.agentActivities.threatLevel, severity));
+    }
+    if (resolved !== void 0) {
+      conditions.push(eq2(schema_exports.agentActivities.resolved, resolved ? 1 : 0));
+    }
+    const rows = await db.select().from(schema_exports.agentActivities).where(and(...conditions)).orderBy(desc2(schema_exports.agentActivities.id)).limit(limit);
+    return rows.map((r) => this.mapRowToActivity(r));
+  }
+  async getActivities(sessionId, limit = 50) {
+    const db = getDb();
+    let rows;
+    if (sessionId) {
+      rows = await db.select().from(schema_exports.agentActivities).where(eq2(schema_exports.agentActivities.openclawSessionId, sessionId)).orderBy(desc2(schema_exports.agentActivities.id)).limit(limit);
+    } else {
+      rows = await db.select().from(schema_exports.agentActivities).orderBy(desc2(schema_exports.agentActivities.id)).limit(limit);
+    }
+    return rows.map((r) => this.mapRowToActivity(r));
+  }
+  async getAllSessions() {
+    const db = getDb();
+    const rows = await db.select().from(schema_exports.openclawSessions).orderBy(desc2(schema_exports.openclawSessions.startedAt));
+    const results = [];
+    for (const row of rows) {
+      const session = await this.buildSessionPayload(row.id);
+      if (session) results.push(session);
+    }
+    return results;
+  }
+  broadcastStatus() {
+    const config = readOpenClawConfig();
+    this.io.emit("safeclaw:openclawMonitorStatus", {
+      connectionStatus: this.client.getStatus(),
+      gatewayPort: config?.gateway?.port ?? null,
+      lastEventAt: this.lastEventAt,
+      activeSessionCount: 0
+    });
+  }
+  getExecApprovalService() {
+    return this.execApprovalService;
+  }
+  start() {
+    this.client.connect();
+    this.sessionWatcher.start();
+  }
+  reconnect() {
+    this.client.reconnect();
+  }
+  stop() {
+    this.execApprovalService.destroy();
+    this.client.destroy();
+    this.sessionWatcher.stop();
+  }
+  getStatus() {
+    return this.client.getStatus();
+  }
+};
+function createOpenClawMonitor(io2) {
+  if (instance2) {
+    instance2.stop();
+  }
+  instance2 = new OpenClawMonitor(io2);
+  return instance2;
+}
+function getOpenClawMonitor() {
+  return instance2;
+}
+
+// src/services/access-control.ts
+import { eq as eq3, and as and2, sql as sql4 } from "drizzle-orm";
+var TOOL_GROUP_MAP = {
+  filesystem: "group:fs",
+  system_commands: "group:runtime",
+  network: "group:web"
+};
+function deriveMcpServerStates(config, denyList) {
+  const pluginEntries = config.plugins?.entries ?? {};
+  return Object.keys(pluginEntries).map((name) => {
+    const pluginEnabled = pluginEntries[name].enabled !== false;
+    const toolsDenyBlocked = denyList.includes(`mcp__${name}`);
+    return {
+      name,
+      pluginEnabled,
+      toolsDenyBlocked,
+      effectivelyEnabled: pluginEnabled && !toolsDenyBlocked
+    };
+  });
+}
+function deriveAccessState() {
+  const config = readOpenClawConfig();
+  if (!config) {
+    return {
+      toggles: [
+        { category: "filesystem", enabled: true },
+        { category: "mcp_servers", enabled: true },
+        { category: "network", enabled: true },
+        { category: "system_commands", enabled: true }
+      ],
+      mcpServers: [],
+      openclawConfigAvailable: false
+    };
+  }
+  const denyList = config.tools?.deny ?? [];
+  const filesystemEnabled = !denyList.includes("group:fs");
+  const systemCommandsEnabled = !denyList.includes("group:runtime");
+  const networkEnabled = !denyList.includes("group:web") && config.browser?.enabled !== false;
+  const pluginEntries = config.plugins?.entries ?? {};
+  const pluginNames = Object.keys(pluginEntries);
+  const mcpEnabled = pluginNames.length === 0 || pluginNames.some((name) => pluginEntries[name].enabled !== false);
+  const toggles = [
+    { category: "filesystem", enabled: filesystemEnabled },
+    { category: "mcp_servers", enabled: mcpEnabled },
+    { category: "network", enabled: networkEnabled },
+    { category: "system_commands", enabled: systemCommandsEnabled }
+  ];
+  const mcpServers = deriveMcpServerStates(config, denyList);
+  return { toggles, mcpServers, openclawConfigAvailable: true };
+}
+async function applyAccessToggle(category, enabled) {
+  const config = readOpenClawConfig();
+  if (!config) {
+    throw new Error("OpenClaw config not found");
+  }
+  if (category === "mcp_servers") {
+    await applyMcpToggle(config, enabled);
+  } else if (category === "network") {
+    applyNetworkToggle(config, enabled);
+  } else {
+    applyToolGroupToggle(config, category, enabled);
+  }
+  await updateAuditDb(category, enabled);
+  return deriveAccessState();
+}
+async function applyMcpServerToggle(serverName, enabled) {
+  const config = readOpenClawConfig();
+  if (!config) {
+    throw new Error("OpenClaw config not found");
+  }
+  const denyPattern = `mcp__${serverName}`;
+  const currentDeny = [...config.tools?.deny ?? []];
+  if (enabled) {
+    const filtered = currentDeny.filter((entry) => entry !== denyPattern);
+    writeOpenClawConfig({ tools: { deny: filtered } });
+  } else {
+    if (!currentDeny.includes(denyPattern)) {
+      currentDeny.push(denyPattern);
+    }
+    writeOpenClawConfig({ tools: { deny: currentDeny } });
+  }
+  await updateAuditDb(`mcp_server:${serverName}`, enabled);
+  return deriveAccessState();
+}
+function applyToolGroupToggle(config, category, enabled) {
+  const groupName = TOOL_GROUP_MAP[category];
+  if (!groupName) return;
+  const currentDeny = [...config.tools?.deny ?? []];
+  if (enabled) {
+    const filtered = currentDeny.filter((entry) => entry !== groupName);
+    writeOpenClawConfig({ tools: { deny: filtered } });
+  } else {
+    if (!currentDeny.includes(groupName)) {
+      currentDeny.push(groupName);
+    }
+    writeOpenClawConfig({ tools: { deny: currentDeny } });
+  }
+}
+function applyNetworkToggle(config, enabled) {
+  const currentDeny = [...config.tools?.deny ?? []];
+  const groupName = "group:web";
+  if (enabled) {
+    const filtered = currentDeny.filter((entry) => entry !== groupName);
+    writeOpenClawConfig({
+      tools: { deny: filtered },
+      browser: { enabled: true }
+    });
+  } else {
+    if (!currentDeny.includes(groupName)) {
+      currentDeny.push(groupName);
+    }
+    writeOpenClawConfig({
+      tools: { deny: currentDeny },
+      browser: { enabled: false }
+    });
+  }
+}
+async function applyMcpToggle(config, enabled) {
+  const pluginEntries = config.plugins?.entries ?? {};
+  const pluginNames = Object.keys(pluginEntries);
+  if (pluginNames.length === 0) return;
+  const currentDeny = [...config.tools?.deny ?? []];
+  if (!enabled) {
+    const stateMap = {};
+    for (const name of pluginNames) {
+      stateMap[name] = pluginEntries[name].enabled !== false;
+    }
+    await savePreviousPluginState(stateMap);
+    const disabledEntries = {};
+    for (const name of pluginNames) {
+      disabledEntries[name] = { enabled: false };
+    }
+    for (const name of pluginNames) {
+      const denyPattern = `mcp__${name}`;
+      if (!currentDeny.includes(denyPattern)) {
+        currentDeny.push(denyPattern);
+      }
+    }
+    writeOpenClawConfig({
+      plugins: { entries: disabledEntries },
+      tools: { deny: currentDeny }
+    });
+  } else {
+    const previousState = await loadPreviousPluginState();
+    const restoredEntries = {};
+    for (const name of pluginNames) {
+      restoredEntries[name] = {
+        enabled: previousState?.[name] ?? true
+      };
+    }
+    const mcpDenyPatterns = new Set(pluginNames.map((n) => `mcp__${n}`));
+    const filteredDeny = currentDeny.filter(
+      (entry) => !mcpDenyPatterns.has(entry)
+    );
+    writeOpenClawConfig({
+      plugins: { entries: restoredEntries },
+      tools: { deny: filteredDeny }
+    });
+  }
+}
+async function savePreviousPluginState(stateMap) {
+  const db = getDb();
+  const existing = await db.select().from(schema_exports.accessConfig).where(
+    and2(
+      eq3(schema_exports.accessConfig.category, "mcp_servers"),
+      eq3(schema_exports.accessConfig.key, "previous_plugin_state")
+    )
+  );
+  if (existing.length > 0) {
+    await db.update(schema_exports.accessConfig).set({
+      value: JSON.stringify(stateMap),
+      updatedAt: sql4`datetime('now')`
+    }).where(
+      and2(
+        eq3(schema_exports.accessConfig.category, "mcp_servers"),
+        eq3(schema_exports.accessConfig.key, "previous_plugin_state")
+      )
+    );
+  } else {
+    await db.insert(schema_exports.accessConfig).values({
+      category: "mcp_servers",
+      key: "previous_plugin_state",
+      value: JSON.stringify(stateMap)
+    });
+  }
+}
+async function loadPreviousPluginState() {
+  const db = getDb();
+  const rows = await db.select().from(schema_exports.accessConfig).where(
+    and2(
+      eq3(schema_exports.accessConfig.category, "mcp_servers"),
+      eq3(schema_exports.accessConfig.key, "previous_plugin_state")
+    )
+  );
+  if (rows.length === 0) return null;
+  try {
+    return JSON.parse(rows[0].value);
+  } catch {
+    return null;
+  }
+}
+async function updateAuditDb(category, enabled) {
+  const db = getDb();
+  try {
+    await db.update(schema_exports.accessConfig).set({
+      value: enabled ? "true" : "false",
+      updatedAt: sql4`datetime('now')`
+    }).where(
+      and2(
+        eq3(schema_exports.accessConfig.category, category),
+        eq3(schema_exports.accessConfig.key, "enabled")
+      )
+    );
+  } catch (err) {
+    logger.warn({ err, category, enabled }, "Failed to update audit DB");
+  }
+}
+
+// src/server/socket.ts
+var io = null;
+function setupSocketIO(httpServer) {
+  io = new SocketIOServer(
+    httpServer,
+    {
+      cors: {
+        origin: "*",
+        methods: ["GET", "POST"]
+      }
+    }
+  );
+  io.on("connection", (socket) => {
+    logger.info(`Client connected: ${socket.id}`);
+    socket.on("safeclaw:getStats", async () => {
+      const db = getDb();
+      const allLogs = await db.select().from(schema_exports.commandLogs);
+      const activeSessions = await db.select().from(schema_exports.sessions).where(eq4(schema_exports.sessions.status, "ACTIVE"));
+      const allActivities = await db.select().from(schema_exports.agentActivities);
+      const openclawActiveSessions = await db.select().from(schema_exports.openclawSessions).where(eq4(schema_exports.openclawSessions.status, "ACTIVE"));
+      let execApprovalTotal = 0;
+      let execApprovalBlocked = 0;
+      let execApprovalAllowed = 0;
+      let execApprovalPending = 0;
+      const monitor = getOpenClawMonitor();
+      if (monitor) {
+        const approvalService = monitor.getExecApprovalService();
+        const approvalStats = approvalService.getStats();
+        execApprovalTotal = approvalStats.total;
+        execApprovalBlocked = approvalStats.blocked;
+        execApprovalAllowed = approvalStats.allowed;
+        execApprovalPending = approvalStats.pending;
+      }
+      const stats = {
+        totalCommands: allLogs.length,
+        blockedCommands: allLogs.filter((l) => l.status === "BLOCKED").length,
+        allowedCommands: allLogs.filter((l) => l.status === "ALLOWED").length,
+        activeSessions: activeSessions.length,
+        threatBreakdown: {
+          NONE: allLogs.filter((l) => l.threatLevel === "NONE").length,
+          LOW: allLogs.filter((l) => l.threatLevel === "LOW").length,
+          MEDIUM: allLogs.filter((l) => l.threatLevel === "MEDIUM").length,
+          HIGH: allLogs.filter((l) => l.threatLevel === "HIGH").length,
+          CRITICAL: allLogs.filter((l) => l.threatLevel === "CRITICAL").length
+        },
+        openclawActivities: allActivities.length,
+        openclawActiveSessions: openclawActiveSessions.length,
+        openclawThreatBreakdown: {
+          NONE: allActivities.filter((a) => a.threatLevel === "NONE").length,
+          LOW: allActivities.filter((a) => a.threatLevel === "LOW").length,
+          MEDIUM: allActivities.filter((a) => a.threatLevel === "MEDIUM").length,
+          HIGH: allActivities.filter((a) => a.threatLevel === "HIGH").length,
+          CRITICAL: allActivities.filter((a) => a.threatLevel === "CRITICAL").length
+        },
+        resolvedThreatBreakdown: {
+          NONE: allActivities.filter((a) => a.threatLevel === "NONE" && a.resolved === 1).length,
+          LOW: allActivities.filter((a) => a.threatLevel === "LOW" && a.resolved === 1).length,
+          MEDIUM: allActivities.filter((a) => a.threatLevel === "MEDIUM" && a.resolved === 1).length,
+          HIGH: allActivities.filter((a) => a.threatLevel === "HIGH" && a.resolved === 1).length,
+          CRITICAL: allActivities.filter((a) => a.threatLevel === "CRITICAL" && a.resolved === 1).length
+        },
+        threatDetectionRate: {
+          activitiesWithThreats: allActivities.filter((a) => a.threatLevel !== "NONE").length,
+          totalActivities: allActivities.length
+        },
+        execApprovalTotal,
+        execApprovalBlocked,
+        execApprovalAllowed,
+        execApprovalPending
+      };
+      socket.emit("safeclaw:stats", stats);
+    });
+    socket.on("safeclaw:decision", async ({ commandId, action }) => {
+      const db = getDb();
+      const newStatus = action === "ALLOW" ? "ALLOWED" : "BLOCKED";
+      await db.update(schema_exports.commandLogs).set({ status: newStatus, decisionBy: "USER" }).where(eq4(schema_exports.commandLogs.id, commandId));
+      logger.info(`Command ${commandId} ${newStatus} by user`);
+      const [updated] = await db.select().from(schema_exports.commandLogs).where(eq4(schema_exports.commandLogs.id, commandId));
+      if (updated) {
+        io.emit("safeclaw:commandLogged", {
+          id: updated.id,
+          command: updated.command,
+          status: updated.status,
+          threatLevel: updated.threatLevel,
+          timestamp: updated.timestamp,
+          sessionId: updated.sessionId,
+          decisionBy: updated.decisionBy
+        });
+      }
+    });
+    socket.on("safeclaw:getRecentCommands", async ({ limit }) => {
+      const db = getDb();
+      const commands = await db.select().from(schema_exports.commandLogs).orderBy(desc3(schema_exports.commandLogs.id)).limit(limit);
+      for (const cmd of commands) {
+        socket.emit("safeclaw:commandLogged", {
+          id: cmd.id,
+          command: cmd.command,
+          status: cmd.status,
+          threatLevel: cmd.threatLevel,
+          timestamp: cmd.timestamp,
+          sessionId: cmd.sessionId,
+          decisionBy: cmd.decisionBy
+        });
+      }
+    });
+    socket.on("safeclaw:getAccessConfig", async () => {
+      const db = getDb();
+      const config = await db.select().from(schema_exports.accessConfig);
+      socket.emit("safeclaw:accessConfig", config);
+    });
+    socket.on("safeclaw:getAccessControlState", () => {
+      const state = deriveAccessState();
+      socket.emit("safeclaw:accessControlState", state);
+    });
+    socket.on("safeclaw:toggleAccess", async ({ category, enabled }) => {
+      try {
+        const newState = await applyAccessToggle(
+          category,
+          enabled
+        );
+        logger.info(`Access toggle: ${category} set to ${enabled}`);
+        io.emit("safeclaw:accessControlState", newState);
+      } catch (err) {
+        logger.error({ err, category, enabled }, "Failed to apply access toggle");
+        const state = deriveAccessState();
+        io.emit("safeclaw:accessControlState", state);
+      }
+    });
+    socket.on("safeclaw:toggleMcpServer", async ({ serverName, enabled }) => {
+      try {
+        const newState = await applyMcpServerToggle(serverName, enabled);
+        logger.info(`MCP server toggle: ${serverName} set to ${enabled}`);
+        io.emit("safeclaw:accessControlState", newState);
+      } catch (err) {
+        logger.error({ err, serverName, enabled }, "Failed to toggle MCP server");
+        const state = deriveAccessState();
+        io.emit("safeclaw:accessControlState", state);
+      }
+    });
+    socket.on("safeclaw:getSettings", async () => {
+      const config = readConfig();
+      socket.emit("safeclaw:settingsData", config);
+    });
+    socket.on("safeclaw:updateSettings", async (updates) => {
+      const current = readConfig();
+      const updated = { ...current, ...updates };
+      writeConfig(updated);
+      logger.info({ updates }, "Settings updated");
+      socket.emit("safeclaw:settingsData", updated);
+    });
+    socket.on("safeclaw:getOpenclawConfig", async () => {
+      const config = readOpenClawConfig();
+      socket.emit("safeclaw:openclawConfig", config);
+    });
+    socket.on("safeclaw:updateOpenclawConfig", async (updates) => {
+      const updated = writeOpenClawConfig(updates);
+      logger.info({ updates }, "OpenClaw config updated");
+      socket.emit("safeclaw:openclawConfig", updated);
+    });
+    socket.on("safeclaw:getOpenclawSessions", async () => {
+      const monitor = getOpenClawMonitor();
+      if (!monitor) return;
+      const sessions2 = await monitor.getAllSessions();
+      for (const session of sessions2) {
+        socket.emit("safeclaw:openclawSessionUpdate", session);
+      }
+    });
+    socket.on("safeclaw:getOpenclawActivities", async ({ sessionId, limit }) => {
+      const monitor = getOpenClawMonitor();
+      if (!monitor) return;
+      const activities = await monitor.getActivities(sessionId, limit);
+      for (const activity of activities) {
+        socket.emit("safeclaw:openclawActivity", activity);
+      }
+    });
+    socket.on("safeclaw:getOpenclawMonitorStatus", async () => {
+      const monitor = getOpenClawMonitor();
+      if (!monitor) return;
+      monitor.broadcastStatus();
+    });
+    socket.on("safeclaw:reconnectOpenclaw", () => {
+      const monitor = getOpenClawMonitor();
+      if (!monitor) return;
+      monitor.reconnect();
+    });
+    socket.on("safeclaw:resolveActivity", async ({ activityId, resolved }) => {
+      const monitor = getOpenClawMonitor();
+      if (!monitor) return;
+      const updated = await monitor.resolveActivity(activityId, resolved);
+      if (updated) {
+        io.emit("safeclaw:threatResolved", updated);
+      }
+    });
+    socket.on("safeclaw:getThreats", async ({ severity, resolved, limit }) => {
+      const monitor = getOpenClawMonitor();
+      if (!monitor) return;
+      const threats = await monitor.getThreats(severity, resolved, limit);
+      for (const threat of threats) {
+        socket.emit("safeclaw:openclawActivity", threat);
+      }
+    });
+    socket.on("safeclaw:execDecision", ({ approvalId, decision }) => {
+      const monitor = getOpenClawMonitor();
+      if (!monitor) return;
+      const service = monitor.getExecApprovalService();
+      service.handleDecision(approvalId, decision);
+    });
+    socket.on("safeclaw:getPendingApprovals", () => {
+      const monitor = getOpenClawMonitor();
+      if (!monitor) return;
+      const service = monitor.getExecApprovalService();
+      const pending = service.getPendingApprovals();
+      for (const entry of pending) {
+        socket.emit("safeclaw:execApprovalRequested", entry);
+      }
+    });
+    socket.on("safeclaw:getApprovalHistory", ({ limit }) => {
+      const monitor = getOpenClawMonitor();
+      if (!monitor) return;
+      const service = monitor.getExecApprovalService();
+      const history = service.getHistory(limit);
+      socket.emit("safeclaw:approvalHistoryBatch", history);
+    });
+    socket.on("safeclaw:getAllowlist", () => {
+      const monitor = getOpenClawMonitor();
+      if (!monitor) return;
+      const service = monitor.getExecApprovalService();
+      const patterns = service.getRestrictedPatterns();
+      socket.emit("safeclaw:allowlistState", {
+        patterns: patterns.map((p) => ({ pattern: p }))
+      });
+    });
+    socket.on("safeclaw:addAllowlistPattern", ({ pattern }) => {
+      const monitor = getOpenClawMonitor();
+      if (!monitor) return;
+      const service = monitor.getExecApprovalService();
+      try {
+        service.addRestrictedPattern(pattern);
+      } catch (err) {
+        logger.error({ err, pattern }, "Failed to add restricted pattern");
+      }
+    });
+    socket.on("safeclaw:removeAllowlistPattern", ({ pattern }) => {
+      const monitor = getOpenClawMonitor();
+      if (!monitor) return;
+      const service = monitor.getExecApprovalService();
+      try {
+        service.removeRestrictedPattern(pattern);
+      } catch (err) {
+        logger.error({ err, pattern }, "Failed to remove restricted pattern");
+      }
+    });
+    socket.on("disconnect", () => {
+      logger.info(`Client disconnected: ${socket.id}`);
+    });
+  });
+  return io;
+}
+
+// src/server/routes.ts
+import { desc as desc4, eq as eq5, and as and4, sql as sql6 } from "drizzle-orm";
+async function registerRoutes(app) {
+  app.get("/api/health", async () => {
+    return { status: "ok", timestamp: (/* @__PURE__ */ new Date()).toISOString() };
+  });
+  app.get("/api/commands", async (request) => {
+    const db = getDb();
+    const { limit = 50 } = request.query;
+    const commands = await db.select().from(schema_exports.commandLogs).orderBy(desc4(schema_exports.commandLogs.id)).limit(Number(limit));
+    return commands;
+  });
+  app.get("/api/sessions", async () => {
+    const db = getDb();
+    const sessionList = await db.select().from(schema_exports.sessions).orderBy(desc4(schema_exports.sessions.startedAt));
+    return sessionList;
+  });
+  app.get("/api/config", async () => {
+    const db = getDb();
+    const config = await db.select().from(schema_exports.accessConfig);
+    return config;
+  });
+  app.get("/api/access-control/state", async () => {
+    return deriveAccessState();
+  });
+  app.put("/api/config/access", async (request) => {
+    const { category, enabled } = request.body;
+    try {
+      return await applyAccessToggle(
+        category,
+        enabled
+      );
+    } catch {
+      const db = getDb();
+      await db.update(schema_exports.accessConfig).set({
+        value: enabled ? "true" : "false",
+        updatedAt: sql6`datetime('now')`
+      }).where(
+        and4(
+          eq5(schema_exports.accessConfig.category, category),
+          eq5(schema_exports.accessConfig.key, "enabled")
+        )
+      );
+      return deriveAccessState();
+    }
+  });
+  app.put("/api/config/access/mcp-server", async (request) => {
+    const { serverName, enabled } = request.body;
+    try {
+      return await applyMcpServerToggle(serverName, enabled);
+    } catch {
+      return deriveAccessState();
+    }
+  });
+  app.get("/api/settings", async () => {
+    return readConfig();
+  });
+  app.put("/api/settings", async (request) => {
+    const updates = request.body;
+    const current = readConfig();
+    const updated = { ...current, ...updates };
+    writeConfig(updated);
+    return updated;
+  });
+  app.put("/api/commands/:id/decision", async (request) => {
+    const { id } = request.params;
+    const { action } = request.body;
+    const db = getDb();
+    const newStatus = action === "ALLOW" ? "ALLOWED" : "BLOCKED";
+    await db.update(schema_exports.commandLogs).set({ status: newStatus, decisionBy: "USER" }).where(eq5(schema_exports.commandLogs.id, Number(id)));
+    const [updated] = await db.select().from(schema_exports.commandLogs).where(eq5(schema_exports.commandLogs.id, Number(id)));
+    return updated;
+  });
+  app.get("/api/openclaw/config", async () => {
+    const config = readOpenClawConfig();
+    return config ?? { error: "OpenClaw config not found" };
+  });
+  app.put("/api/openclaw/config", async (request) => {
+    const updates = request.body;
+    const updated = writeOpenClawConfig(updates);
+    if (!updated) {
+      return { error: "OpenClaw config not found" };
+    }
+    return updated;
+  });
+  app.get("/api/openclaw/sessions", async () => {
+    const monitor = getOpenClawMonitor();
+    if (!monitor) return [];
+    return monitor.getAllSessions();
+  });
+  app.get("/api/openclaw/activities", async (request) => {
+    const { sessionId, limit = 50 } = request.query;
+    const monitor = getOpenClawMonitor();
+    if (!monitor) return [];
+    return monitor.getActivities(sessionId, Number(limit));
+  });
+  app.get("/api/openclaw/threats", async (request) => {
+    const { severity, resolved, limit = 100 } = request.query;
+    const monitor = getOpenClawMonitor();
+    if (!monitor) return [];
+    return monitor.getThreats(
+      severity,
+      resolved === void 0 ? void 0 : resolved === "true",
+      Number(limit)
+    );
+  });
+  app.put("/api/openclaw/activities/:id/resolve", async (request) => {
+    const { id } = request.params;
+    const { resolved } = request.body;
+    const monitor = getOpenClawMonitor();
+    if (!monitor) return { error: "Monitor not available" };
+    const updated = await monitor.resolveActivity(Number(id), resolved);
+    if (!updated) return { error: "Activity not found" };
+    return updated;
+  });
+  app.get("/api/openclaw/status", async () => {
+    const monitor = getOpenClawMonitor();
+    const config = readOpenClawConfig();
+    if (!monitor) {
+      return {
+        connectionStatus: "not_configured",
+        gatewayPort: config?.gateway?.port ?? null,
+        lastEventAt: null,
+        activeSessionCount: 0
+      };
+    }
+    return {
+      connectionStatus: monitor.getStatus(),
+      gatewayPort: config?.gateway?.port ?? null,
+      lastEventAt: null,
+      activeSessionCount: 0
+    };
+  });
+  app.get("/api/exec-approvals/pending", async () => {
+    const monitor = getOpenClawMonitor();
+    if (!monitor) return [];
+    return monitor.getExecApprovalService().getPendingApprovals();
+  });
+  app.get("/api/exec-approvals/history", async (request) => {
+    const { limit = 50 } = request.query;
+    const monitor = getOpenClawMonitor();
+    if (!monitor) return [];
+    return monitor.getExecApprovalService().getHistory(Number(limit));
+  });
+  app.put("/api/exec-approvals/:id/decision", async (request) => {
+    const { id } = request.params;
+    const { decision } = request.body;
+    const monitor = getOpenClawMonitor();
+    if (!monitor) return { error: "Monitor not available" };
+    monitor.getExecApprovalService().handleDecision(id, decision);
+    return { ok: true };
+  });
+  app.get("/api/allowlist", async () => {
+    const monitor = getOpenClawMonitor();
+    if (!monitor) return { patterns: [] };
+    const patterns = monitor.getExecApprovalService().getRestrictedPatterns();
+    return { patterns: patterns.map((p) => ({ pattern: p })) };
+  });
+  app.post("/api/allowlist", async (request) => {
+    const { pattern } = request.body;
+    const monitor = getOpenClawMonitor();
+    if (!monitor) return { error: "Monitor not available" };
+    const patterns = monitor.getExecApprovalService().addRestrictedPattern(pattern);
+    return { patterns: patterns.map((p) => ({ pattern: p })) };
+  });
+  app.delete("/api/allowlist", async (request) => {
+    const { pattern } = request.body;
+    const monitor = getOpenClawMonitor();
+    if (!monitor) return { error: "Monitor not available" };
+    const patterns = monitor.getExecApprovalService().removeRestrictedPattern(pattern);
+    return { patterns: patterns.map((p) => ({ pattern: p })) };
+  });
+}
+
+// src/server/index.ts
+async function createAppServer(port) {
+  const app = Fastify({
+    logger: false
+  });
+  await app.register(fastifyCors, { origin: "*" });
+  await registerRoutes(app);
+  const publicDir = getPublicDir();
+  if (fs7.existsSync(publicDir) && fs7.readdirSync(publicDir).filter((f) => f !== ".gitkeep").length > 0) {
+    await app.register(fastifyStatic, {
+      root: publicDir,
+      prefix: "/",
+      wildcard: true
+    });
+    app.setNotFoundHandler(async (request, reply) => {
+      if (request.url.startsWith("/api/") || request.url.startsWith("/socket.io/")) {
+        return reply.status(404).send({ error: "Not found" });
+      }
+      return reply.sendFile("index.html");
+    });
+  } else {
+    logger.warn(
+      "No frontend build found in public/. Run 'pnpm build:web' first."
+    );
+  }
+  await app.ready();
+  const httpServer = app.server;
+  const io2 = setupSocketIO(httpServer);
+  const monitor = createOpenClawMonitor(io2);
+  monitor.start();
+  return { app, io: io2, httpServer, monitor };
+}
+
+// src/db/migrate.ts
+import Database2 from "better-sqlite3";
+var DEFAULT_ACCESS_CONFIG = [
+  { category: "filesystem", key: "enabled", value: "true" },
+  { category: "mcp_servers", key: "enabled", value: "true" },
+  { category: "network", key: "enabled", value: "true" },
+  { category: "system_commands", key: "enabled", value: "false" }
+];
+function pushSchema() {
+  ensureDataDir();
+  const sqlite = new Database2(DB_PATH);
+  sqlite.pragma("journal_mode = WAL");
+  sqlite.exec(`
+    CREATE TABLE IF NOT EXISTS command_logs (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      command TEXT NOT NULL,
+      status TEXT NOT NULL DEFAULT 'PENDING',
+      threat_level TEXT NOT NULL DEFAULT 'NONE',
+      timestamp TEXT NOT NULL DEFAULT (datetime('now')),
+      session_id TEXT,
+      decision_by TEXT
+    );
+
+    CREATE TABLE IF NOT EXISTS sessions (
+      id TEXT PRIMARY KEY,
+      started_at TEXT NOT NULL DEFAULT (datetime('now')),
+      ended_at TEXT,
+      status TEXT NOT NULL DEFAULT 'ACTIVE'
+    );
+
+    CREATE TABLE IF NOT EXISTS access_config (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      category TEXT NOT NULL,
+      key TEXT NOT NULL,
+      value TEXT NOT NULL,
+      updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS openclaw_sessions (
+      id TEXT PRIMARY KEY,
+      started_at TEXT NOT NULL DEFAULT (datetime('now')),
+      ended_at TEXT,
+      status TEXT NOT NULL DEFAULT 'ACTIVE',
+      model TEXT
+    );
+
+    CREATE TABLE IF NOT EXISTS agent_activities (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      openclaw_session_id TEXT NOT NULL,
+      activity_type TEXT NOT NULL,
+      detail TEXT NOT NULL,
+      raw_payload TEXT NOT NULL DEFAULT '{}',
+      threat_level TEXT NOT NULL DEFAULT 'NONE',
+      timestamp TEXT NOT NULL DEFAULT (datetime('now')),
+      tool_name TEXT,
+      target_path TEXT
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_agent_activities_session
+      ON agent_activities(openclaw_session_id);
+    CREATE INDEX IF NOT EXISTS idx_agent_activities_threat
+      ON agent_activities(threat_level);
+  `);
+  const columns = sqlite.prepare("PRAGMA table_info(agent_activities)").all();
+  const columnNames = new Set(columns.map((c) => c.name));
+  if (!columnNames.has("run_id")) {
+    sqlite.exec("ALTER TABLE agent_activities ADD COLUMN run_id TEXT");
+  }
+  if (!columnNames.has("content_preview")) {
+    sqlite.exec(
+      "ALTER TABLE agent_activities ADD COLUMN content_preview TEXT"
+    );
+  }
+  if (!columnNames.has("secrets_detected")) {
+    sqlite.exec(
+      "ALTER TABLE agent_activities ADD COLUMN secrets_detected TEXT"
+    );
+  }
+  if (!columnNames.has("read_content_preview")) {
+    sqlite.exec(
+      "ALTER TABLE agent_activities ADD COLUMN read_content_preview TEXT"
+    );
+  }
+  if (!columnNames.has("threat_findings")) {
+    sqlite.exec(
+      "ALTER TABLE agent_activities ADD COLUMN threat_findings TEXT"
+    );
+  }
+  if (!columnNames.has("resolved")) {
+    sqlite.exec(
+      "ALTER TABLE agent_activities ADD COLUMN resolved INTEGER NOT NULL DEFAULT 0"
+    );
+  }
+  if (!columnNames.has("resolved_at")) {
+    sqlite.exec(
+      "ALTER TABLE agent_activities ADD COLUMN resolved_at TEXT"
+    );
+  }
+  sqlite.exec(
+    "CREATE INDEX IF NOT EXISTS idx_agent_activities_run_id ON agent_activities(run_id)"
+  );
+  sqlite.exec(`
+    CREATE TABLE IF NOT EXISTS restricted_patterns (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      pattern TEXT NOT NULL UNIQUE,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS exec_approvals (
+      id TEXT PRIMARY KEY,
+      command TEXT NOT NULL,
+      cwd TEXT NOT NULL,
+      security TEXT NOT NULL,
+      session_key TEXT NOT NULL,
+      requested_at TEXT NOT NULL,
+      expires_at TEXT NOT NULL,
+      decision TEXT,
+      decided_by TEXT,
+      decided_at TEXT,
+      matched_pattern TEXT
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_exec_approvals_decision
+      ON exec_approvals(decision);
+    CREATE INDEX IF NOT EXISTS idx_exec_approvals_decided_at
+      ON exec_approvals(decided_at);
+  `);
+  const count = sqlite.prepare("SELECT COUNT(*) as cnt FROM access_config").get();
+  if (count.cnt === 0) {
+    const insert = sqlite.prepare(
+      "INSERT INTO access_config (category, key, value) VALUES (?, ?, ?)"
+    );
+    const seedAll = sqlite.transaction(() => {
+      for (const entry of DEFAULT_ACCESS_CONFIG) {
+        insert.run(entry.category, entry.key, entry.value);
+      }
+    });
+    seedAll();
+  }
+  const unknownSession = sqlite.prepare("SELECT id FROM openclaw_sessions WHERE id = 'unknown'").get();
+  if (unknownSession) {
+    sqlite.exec(`
+      DELETE FROM agent_activities WHERE openclaw_session_id = 'unknown';
+      DELETE FROM openclaw_sessions WHERE id = 'unknown';
+    `);
+  }
+  sqlite.exec("DELETE FROM access_config WHERE category = 'database'");
+  sqlite.close();
+}
+
+// src/lib/banner.ts
+import pc from "picocolors";
+function printBanner(port) {
+  const lines = [
+    ["   _____       ___       ", "________"],
+    ["  / ___/____ _/ __/__   ", "/ ____/ /___ __      __"],
+    ["  \\__ \\/ __ `/ /_/ _ \\ ", "/ /   / / __ `| | /| / /"],
+    [" ___/ / /_/ / __/  __/", "/ /___/ / /_/ /| |/ |/ /"],
+    ["/____/\\__,_/_/  \\___/ ", "\\____/_/\\__,_/ |__/|__/"]
+  ];
+  console.log();
+  for (const [safe, claw] of lines) {
+    console.log(pc.bold(pc.white(safe)) + pc.red(claw));
+  }
+  console.log();
+  console.log(
+    pc.bold(pc.white("Safe")) + pc.bold(pc.red("Claw")) + pc.dim(` v${VERSION}`) + " - AI Agent Security Dashboard"
+  );
+  console.log(pc.dim("\u2500".repeat(48)));
+  console.log(`${pc.dim("Dashboard:")}  ${pc.cyan(`http://localhost:${port}`)}`);
+  console.log(`${pc.dim("Data dir:")}   ~/.safeclaw/`);
+  console.log();
+}
+
+// src/commands/start.ts
+import pc2 from "picocolors";
+import open from "open";
+async function startCommand(options) {
+  if (options.verbose) {
+    setVerbose(true);
+    logger.debug("Verbose logging enabled");
+  }
+  ensureDataDir();
+  const config = readConfig();
+  const port = options.port ? parseInt(options.port, 10) : config.port;
+  if (isNaN(port) || port < 1024 || port > 65535) {
+    process.stderr.write(
+      pc2.red(`Invalid port: ${options.port}. Must be between 1024 and 65535.
+`)
+    );
+    process.exit(1);
+  }
+  pushSchema();
+  printBanner(port);
+  try {
+    const { app, monitor } = await createAppServer(port);
+    await app.listen({ port, host: "0.0.0.0" });
+    logger.info(`Server listening on http://localhost:${port}`);
+    const shouldOpen = options.open && config.autoOpenBrowser;
+    if (shouldOpen) {
+      await open(`http://localhost:${port}`);
+    }
+    const shutdown = async () => {
+      logger.info("Shutting down SafeClaw...");
+      monitor.stop();
+      await app.close();
+      process.exit(0);
+    };
+    process.on("SIGINT", shutdown);
+    process.on("SIGTERM", shutdown);
+  } catch (err) {
+    const error = err;
+    if (error.code === "EADDRINUSE") {
+      process.stderr.write(
+        pc2.red(`
+Port ${port} is already in use.
+`) + pc2.dim(`Try: safeclaw start --port ${port + 1}
+`) + pc2.dim(`Or stop the process using port ${port} first.
+`)
+      );
+      process.exit(1);
+    }
+    if (error.code === "EACCES") {
+      process.stderr.write(
+        pc2.red(`
+Permission denied for port ${port}.
+`) + pc2.dim(`Ports below 1024 require elevated privileges.
+`) + pc2.dim(`Try: safeclaw start --port 54335
+`)
+      );
+      process.exit(1);
+    }
+    throw err;
+  }
+}
+
+// src/commands/reset.ts
+import fs8 from "fs";
+import readline from "readline/promises";
+import pc3 from "picocolors";
+async function resetCommand(options) {
+  if (!options.force) {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout
+    });
+    const answer = await rl.question(
+      pc3.yellow("This will delete the database and reset config to defaults.\n") + "Are you sure? (y/N) "
+    );
+    rl.close();
+    if (answer.toLowerCase() !== "y" && answer.toLowerCase() !== "yes") {
+      console.log("Reset cancelled.");
+      return;
+    }
+  }
+  console.log(pc3.bold("Resetting SafeClaw..."));
+  if (fs8.existsSync(DB_PATH)) {
+    fs8.unlinkSync(DB_PATH);
+    const walPath = DB_PATH + "-wal";
+    const shmPath = DB_PATH + "-shm";
+    if (fs8.existsSync(walPath)) fs8.unlinkSync(walPath);
+    if (fs8.existsSync(shmPath)) fs8.unlinkSync(shmPath);
+    console.log(pc3.green("  Database deleted."));
+  } else {
+    console.log(pc3.dim("  No database found, skipping."));
+  }
+  resetConfig();
+  console.log(pc3.green("  Config reset to defaults."));
+  console.log(
+    pc3.bold("\nDone.") + " Run " + pc3.cyan("safeclaw start") + " to start fresh."
+  );
+}
+
+// src/commands/status.ts
+import fs9 from "fs";
+import Database3 from "better-sqlite3";
+import pc4 from "picocolors";
+async function statusCommand(options) {
+  const exists = fs9.existsSync(SAFECLAW_DIR);
+  if (!exists) {
+    if (options.json) {
+      console.log(JSON.stringify({ initialized: false }, null, 2));
+    } else {
+      console.log(
+        pc4.yellow("SafeClaw is not initialized.") + " Run " + pc4.cyan("safeclaw start") + " first."
+      );
+    }
+    return;
+  }
+  const config = readConfig();
+  let logCount = 0;
+  let activityCount = 0;
+  const dbExists = fs9.existsSync(DB_PATH);
+  if (dbExists) {
+    try {
+      const sqlite = new Database3(DB_PATH, { readonly: true });
+      const cmdRow = sqlite.prepare("SELECT COUNT(*) as count FROM command_logs").get();
+      logCount = cmdRow.count;
+      const actRow = sqlite.prepare("SELECT COUNT(*) as count FROM agent_activities").get();
+      activityCount = actRow.count;
+      sqlite.close();
+    } catch {
+      logCount = -1;
+      activityCount = -1;
+    }
+  }
+  const openclawConfigExists = fs9.existsSync(OPENCLAW_CONFIG_PATH);
+  if (options.json) {
+    const data = {
+      version: VERSION,
+      initialized: true,
+      dataDir: SAFECLAW_DIR,
+      database: dbExists ? "exists" : "not_found",
+      config: fs9.existsSync(CONFIG_PATH) ? "exists" : "not_found",
+      port: config.port,
+      autoOpenBrowser: config.autoOpenBrowser,
+      premium: config.premium,
+      commandLogs: logCount,
+      agentActivities: activityCount,
+      openclawConfigured: openclawConfigExists
+    };
+    console.log(JSON.stringify(data, null, 2));
+    return;
+  }
+  console.log(pc4.bold("\nSafeClaw Status") + pc4.dim(` v${VERSION}`));
+  console.log(pc4.dim("\u2500".repeat(40)));
+  console.log(`  ${pc4.dim("Data dir:")}   ${SAFECLAW_DIR}`);
+  console.log(
+    `  ${pc4.dim("Database:")}   ${dbExists ? pc4.green("exists") : pc4.red("not found")}`
+  );
+  console.log(
+    `  ${pc4.dim("Config:")}     ${fs9.existsSync(CONFIG_PATH) ? pc4.green("exists") : pc4.red("not found")}`
+  );
+  console.log(`  ${pc4.dim("Port:")}       ${config.port}`);
+  console.log(`  ${pc4.dim("Auto-open:")}  ${config.autoOpenBrowser ? "Yes" : "No"}`);
+  console.log(`  ${pc4.dim("Premium:")}    ${config.premium ? "Yes" : "No"}`);
+  console.log(
+    `  ${pc4.dim("Cmd logs:")}   ${logCount >= 0 ? logCount.toLocaleString() : pc4.red("error reading")}`
+  );
+  console.log(
+    `  ${pc4.dim("Activities:")} ${activityCount >= 0 ? activityCount.toLocaleString() : pc4.red("error reading")}`
+  );
+  console.log(
+    `  ${pc4.dim("OpenClaw:")}   ${openclawConfigExists ? pc4.green("configured") : pc4.yellow("not found")}`
+  );
+  console.log();
+}
+
+// src/commands/doctor.ts
+import fs10 from "fs";
+import net from "net";
+import Database4 from "better-sqlite3";
+import pc5 from "picocolors";
+function checkNodeVersion() {
+  const major = parseInt(process.versions.node.split(".")[0], 10);
+  if (major >= 20) {
+    return {
+      name: "Node.js version",
+      status: "pass",
+      message: `v${process.versions.node}`
+    };
+  }
+  return {
+    name: "Node.js version",
+    status: "fail",
+    message: `v${process.versions.node} (requires >= 20.0.0)`
+  };
+}
+function checkDataDir() {
+  try {
+    ensureDataDir();
+    fs10.accessSync(SAFECLAW_DIR, fs10.constants.W_OK);
+    return {
+      name: "Data directory writable",
+      status: "pass",
+      message: SAFECLAW_DIR
+    };
+  } catch {
+    return {
+      name: "Data directory writable",
+      status: "fail",
+      message: `Cannot write to ${SAFECLAW_DIR}`
+    };
+  }
+}
+function checkDatabase() {
+  if (!fs10.existsSync(DB_PATH)) {
+    return {
+      name: "Database",
+      status: "warn",
+      message: "Not created yet (run 'safeclaw start' first)"
+    };
+  }
+  try {
+    const sqlite = new Database4(DB_PATH, { readonly: true });
+    const tables = sqlite.prepare("SELECT name FROM sqlite_master WHERE type='table'").all();
+    sqlite.close();
+    const expected = [
+      "command_logs",
+      "sessions",
+      "access_config",
+      "openclaw_sessions",
+      "agent_activities",
+      "restricted_patterns",
+      "exec_approvals"
+    ];
+    const tableNames = new Set(tables.map((t) => t.name));
+    const missing = expected.filter((t) => !tableNames.has(t));
+    if (missing.length > 0) {
+      return {
+        name: "Database",
+        status: "warn",
+        message: `Missing tables: ${missing.join(", ")}`
+      };
+    }
+    return {
+      name: "Database",
+      status: "pass",
+      message: `${tables.length} tables`
+    };
+  } catch (err) {
+    return {
+      name: "Database",
+      status: "fail",
+      message: `Cannot open database: ${err.message}`
+    };
+  }
+}
+function checkConfig() {
+  if (!fs10.existsSync(CONFIG_PATH)) {
+    return {
+      name: "Config file",
+      status: "warn",
+      message: "Not created yet (will use defaults)"
+    };
+  }
+  try {
+    readConfig();
+    return { name: "Config file", status: "pass", message: CONFIG_PATH };
+  } catch (err) {
+    return {
+      name: "Config file",
+      status: "fail",
+      message: `Invalid config: ${err.message}`
+    };
+  }
+}
+function isPortAvailable(port) {
+  return new Promise((resolve) => {
+    const server = net.createServer();
+    server.once("error", () => resolve(false));
+    server.once("listening", () => {
+      server.close(() => resolve(true));
+    });
+    server.listen(port, "0.0.0.0");
+  });
+}
+async function checkPort() {
+  const config = readConfig();
+  const port = config.port;
+  const available = await isPortAvailable(port);
+  if (available) {
+    return { name: `Port ${port} available`, status: "pass", message: "" };
+  }
+  return {
+    name: `Port ${port} available`,
+    status: "warn",
+    message: `Port ${port} is in use (server may already be running)`
+  };
+}
+function checkOpenClawConfig() {
+  if (!fs10.existsSync(OPENCLAW_DIR)) {
+    return {
+      name: "OpenClaw directory",
+      status: "warn",
+      message: `${OPENCLAW_DIR} not found`
+    };
+  }
+  if (!fs10.existsSync(OPENCLAW_CONFIG_PATH)) {
+    return {
+      name: "OpenClaw config",
+      status: "warn",
+      message: "Config not found (OpenClaw may not be installed)"
+    };
+  }
+  return {
+    name: "OpenClaw config",
+    status: "pass",
+    message: OPENCLAW_CONFIG_PATH
+  };
+}
+function isPortInUse(port) {
+  return new Promise((resolve) => {
+    const socket = new net.Socket();
+    socket.setTimeout(2e3);
+    socket.once("connect", () => {
+      socket.destroy();
+      resolve(true);
+    });
+    socket.once("timeout", () => {
+      socket.destroy();
+      resolve(false);
+    });
+    socket.once("error", () => {
+      resolve(false);
+    });
+    socket.connect(port, "127.0.0.1");
+  });
+}
+async function checkOpenClawGateway() {
+  if (!fs10.existsSync(OPENCLAW_CONFIG_PATH)) {
+    return {
+      name: "OpenClaw gateway",
+      status: "warn",
+      message: "Skipped (no OpenClaw config)"
+    };
+  }
+  try {
+    const raw = JSON.parse(fs10.readFileSync(OPENCLAW_CONFIG_PATH, "utf-8"));
+    const port = raw?.gateway?.port ?? 18789;
+    const reachable = await isPortInUse(port);
+    if (reachable) {
+      return {
+        name: "OpenClaw gateway",
+        status: "pass",
+        message: `Reachable on port ${port}`
+      };
+    }
+    return {
+      name: "OpenClaw gateway",
+      status: "warn",
+      message: `Not reachable on port ${port}`
+    };
+  } catch {
+    return {
+      name: "OpenClaw gateway",
+      status: "warn",
+      message: "Could not read OpenClaw config"
+    };
+  }
+}
+function checkLogDir() {
+  try {
+    if (!fs10.existsSync(LOGS_DIR)) {
+      fs10.mkdirSync(LOGS_DIR, { recursive: true });
+    }
+    fs10.accessSync(LOGS_DIR, fs10.constants.W_OK);
+    return {
+      name: "Log directory writable",
+      status: "pass",
+      message: LOGS_DIR
+    };
+  } catch {
+    return {
+      name: "Log directory writable",
+      status: "fail",
+      message: `Cannot write to ${LOGS_DIR}`
+    };
+  }
+}
+async function doctorCommand() {
+  console.log(pc5.bold("\nSafeClaw Doctor") + pc5.dim(` v${VERSION}`));
+  console.log(pc5.dim("\u2500".repeat(40)));
+  console.log();
+  const checks = [];
+  checks.push(checkNodeVersion());
+  checks.push(checkDataDir());
+  checks.push(checkDatabase());
+  checks.push(checkConfig());
+  checks.push(await checkPort());
+  checks.push(checkOpenClawConfig());
+  checks.push(await checkOpenClawGateway());
+  checks.push(checkLogDir());
+  let hasFailures = false;
+  for (const check of checks) {
+    const icon = check.status === "pass" ? pc5.green("PASS") : check.status === "warn" ? pc5.yellow("WARN") : pc5.red("FAIL");
+    console.log(`  ${icon}  ${check.name}`);
+    if (check.status !== "pass") {
+      console.log(pc5.dim(`         ${check.message}`));
+    }
+    if (check.status === "fail") hasFailures = true;
+  }
+  console.log();
+  const passCount = checks.filter((c) => c.status === "pass").length;
+  const warnCount = checks.filter((c) => c.status === "warn").length;
+  const failCount = checks.filter((c) => c.status === "fail").length;
+  console.log(
+    `${pc5.green(`${passCount} passed`)}` + (warnCount ? `, ${pc5.yellow(`${warnCount} warnings`)}` : "") + (failCount ? `, ${pc5.red(`${failCount} failed`)}` : "")
+  );
+  console.log();
+  if (hasFailures) process.exit(1);
+}
+
+// src/commands/config.ts
+import pc6 from "picocolors";
+var SETTABLE_KEYS = {
+  port: {
+    type: "number",
+    description: "Server port (1024-65535)",
+    validate: (v) => {
+      const n = parseInt(v, 10);
+      if (isNaN(n) || n < 1024 || n > 65535)
+        return "Port must be an integer between 1024 and 65535";
+      return null;
+    }
+  },
+  autoOpenBrowser: {
+    type: "boolean",
+    description: "Auto-open browser on start (true/false)",
+    validate: (v) => {
+      if (v !== "true" && v !== "false")
+        return 'Value must be "true" or "false"';
+      return null;
+    }
+  },
+  premium: {
+    type: "boolean",
+    description: "Premium features enabled (true/false)",
+    validate: (v) => {
+      if (v !== "true" && v !== "false")
+        return 'Value must be "true" or "false"';
+      return null;
+    }
+  }
+};
+async function configListCommand() {
+  ensureDataDir();
+  const config = readConfig();
+  console.log(pc6.bold("\nSafeClaw Configuration"));
+  console.log(pc6.dim("\u2500".repeat(40)));
+  for (const [key, value] of Object.entries(config)) {
+    const meta = SETTABLE_KEYS[key];
+    const displayValue = typeof value === "string" ? `"${value}"` : String(value);
+    const settable = meta ? "" : pc6.dim(" (read-only)");
+    console.log(`  ${pc6.cyan(key)}: ${displayValue}${settable}`);
+  }
+  console.log();
+}
+async function configGetCommand(key) {
+  ensureDataDir();
+  const config = readConfig();
+  if (!(key in config)) {
+    process.stderr.write(
+      pc6.red(`Unknown config key: ${key}
+`) + pc6.dim(`Available keys: ${Object.keys(config).join(", ")}
+`)
+    );
+    process.exit(1);
+  }
+  const value = config[key];
+  console.log(value);
+}
+async function configSetCommand(key, value) {
+  ensureDataDir();
+  const config = readConfig();
+  const meta = SETTABLE_KEYS[key];
+  if (!meta) {
+    if (key in config) {
+      process.stderr.write(pc6.red(`Config key "${key}" is read-only.
+`));
+    } else {
+      process.stderr.write(
+        pc6.red(`Unknown config key: ${key}
+`) + pc6.dim(
+          `Settable keys: ${Object.keys(SETTABLE_KEYS).join(", ")}
+`
+        )
+      );
+    }
+    process.exit(1);
+  }
+  if (meta.validate) {
+    const error = meta.validate(value);
+    if (error) {
+      process.stderr.write(pc6.red(`Invalid value: ${error}
+`));
+      process.exit(1);
+    }
+  }
+  let coerced = value;
+  if (meta.type === "number") coerced = parseInt(value, 10);
+  if (meta.type === "boolean") coerced = value === "true";
+  const updated = { ...config, [key]: coerced };
+  writeConfig(updated);
+  console.log(pc6.green(`Set ${key} = ${coerced}`));
+}
+
+// src/commands/logs.ts
+import fs11 from "fs";
+import pc7 from "picocolors";
+async function logsCommand(options) {
+  if (options.clear) {
+    await clearLogs();
+    return;
+  }
+  if (!fs11.existsSync(DEBUG_LOG_PATH)) {
+    console.log(
+      pc7.yellow("No log file found.") + " Run " + pc7.cyan("safeclaw start") + " to generate logs."
+    );
+    return;
+  }
+  if (options.follow) {
+    await followLogs();
+  } else {
+    await tailLogs(parseInt(options.lines, 10) || 50);
+  }
+}
+async function tailLogs(lineCount) {
+  const content = fs11.readFileSync(DEBUG_LOG_PATH, "utf-8");
+  const lines = content.split("\n").filter(Boolean);
+  const tail = lines.slice(-lineCount);
+  if (tail.length === 0) {
+    console.log(pc7.dim("Log file is empty."));
+    return;
+  }
+  console.log(
+    pc7.dim(`Showing last ${tail.length} lines from ${DEBUG_LOG_PATH}
+`)
+  );
+  for (const line of tail) {
+    process.stdout.write(line + "\n");
+  }
+}
+async function followLogs() {
+  console.log(pc7.dim(`Following ${DEBUG_LOG_PATH} (Ctrl+C to stop)
+`));
+  if (fs11.existsSync(DEBUG_LOG_PATH)) {
+    const content = fs11.readFileSync(DEBUG_LOG_PATH, "utf-8");
+    const lines = content.split("\n").filter(Boolean);
+    const tail = lines.slice(-20);
+    for (const line of tail) {
+      process.stdout.write(line + "\n");
+    }
+  }
+  let position = fs11.existsSync(DEBUG_LOG_PATH) ? fs11.statSync(DEBUG_LOG_PATH).size : 0;
+  const watcher = fs11.watch(DEBUG_LOG_PATH, () => {
+    try {
+      const stat = fs11.statSync(DEBUG_LOG_PATH);
+      if (stat.size > position) {
+        const fd = fs11.openSync(DEBUG_LOG_PATH, "r");
+        const buffer = Buffer.alloc(stat.size - position);
+        fs11.readSync(fd, buffer, 0, buffer.length, position);
+        fs11.closeSync(fd);
+        process.stdout.write(buffer.toString("utf-8"));
+        position = stat.size;
+      } else if (stat.size < position) {
+        position = 0;
+      }
+    } catch {
+    }
+  });
+  process.on("SIGINT", () => {
+    watcher.close();
+    console.log(pc7.dim("\nStopped following logs."));
+    process.exit(0);
+  });
+  await new Promise(() => {
+  });
+}
+async function clearLogs() {
+  if (!fs11.existsSync(DEBUG_LOG_PATH)) {
+    console.log(pc7.dim("No log file to clear."));
+    return;
+  }
+  fs11.writeFileSync(DEBUG_LOG_PATH, "");
+  console.log(pc7.green("Log file cleared."));
+}
+
+// src/main.ts
+import pc8 from "picocolors";
+var program = new Command();
+program.name("safeclaw").description("Security management dashboard for AI agents").version(VERSION, "-V, --version");
+program.command("start").description("Launch the SafeClaw dashboard server").option("-p, --port <port>", "override server port").option("--no-open", "skip auto-opening browser").option("--verbose", "enable debug logging to console", false).action(async (options) => {
+  await startCommand(options);
+});
+program.command("reset").description("Reset database and configuration to defaults").option("--force", "skip confirmation prompt", false).action(async (options) => {
+  await resetCommand(options);
+});
+program.command("status").description("Show current SafeClaw status").option("--json", "output as JSON for scripting", false).action(async (options) => {
+  await statusCommand(options);
+});
+program.command("doctor").description("Check system health and prerequisites").action(async () => {
+  await doctorCommand();
+});
+var configCmd = program.command("config").description("Manage SafeClaw configuration");
+configCmd.command("list").description("Show all configuration values").action(async () => {
+  await configListCommand();
+});
+configCmd.command("get").description("Get a configuration value").argument("<key>", "configuration key").action(async (key) => {
+  await configGetCommand(key);
+});
+configCmd.command("set").description("Set a configuration value").argument("<key>", "configuration key").argument("<value>", "new value").action(async (key, value) => {
+  await configSetCommand(key, value);
+});
+program.command("logs").description("View SafeClaw debug logs").option("-n, --lines <count>", "number of lines to show", "50").option("-f, --follow", "follow log output in real-time", false).option("--clear", "clear the log file", false).action(async (options) => {
+  await logsCommand(options);
+});
+program.parseAsync(process.argv).catch((err) => {
+  const error = err instanceof Error ? err : new Error(String(err));
+  process.stderr.write(pc8.red(`Fatal error: ${error.message}
+`));
+  process.exit(1);
+});
+//# sourceMappingURL=main.js.map