securityclaw 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +49 -0
- package/LICENSE +21 -0
- package/README.md +135 -0
- package/README.zh-CN.md +135 -0
- package/admin/public/app.js +148 -0
- package/admin/public/favicon.svg +21 -0
- package/admin/public/index.html +31 -0
- package/admin/public/styles.css +2715 -0
- package/admin/server.ts +1053 -0
- package/bin/install-lib.mjs +88 -0
- package/bin/securityclaw.mjs +66 -0
- package/config/policy.default.yaml +520 -0
- package/index.ts +2662 -0
- package/install.sh +22 -0
- package/openclaw.plugin.json +60 -0
- package/package.json +69 -0
- package/src/admin/build.ts +113 -0
- package/src/admin/console_notice.ts +195 -0
- package/src/admin/dashboard_url_state.ts +80 -0
- package/src/admin/openclaw_session_catalog.ts +137 -0
- package/src/admin/runtime_guard.ts +51 -0
- package/src/admin/skill_interception_store.ts +1606 -0
- package/src/application/commands/approval_commands.ts +189 -0
- package/src/approvals/chat_approval_store.ts +433 -0
- package/src/config/live_config.ts +144 -0
- package/src/config/loader.ts +168 -0
- package/src/config/runtime_override.ts +66 -0
- package/src/config/strategy_store.ts +121 -0
- package/src/config/validator.ts +222 -0
- package/src/domain/models/resource_context.ts +31 -0
- package/src/domain/ports/approval_repository.ts +40 -0
- package/src/domain/ports/notification_port.ts +29 -0
- package/src/domain/ports/openclaw_adapter.ts +22 -0
- package/src/domain/services/account_policy_engine.ts +163 -0
- package/src/domain/services/approval_service.ts +336 -0
- package/src/domain/services/approval_subject_resolver.ts +37 -0
- package/src/domain/services/context_inference_service.ts +502 -0
- package/src/domain/services/file_rule_registry.ts +171 -0
- package/src/domain/services/formatting_service.ts +101 -0
- package/src/domain/services/path_candidate_inference.ts +111 -0
- package/src/domain/services/sensitive_path_registry.ts +288 -0
- package/src/domain/services/sensitivity_label_inference.ts +161 -0
- package/src/domain/services/shell_filesystem_inference.ts +360 -0
- package/src/engine/approval_fsm.ts +104 -0
- package/src/engine/decision_engine.ts +39 -0
- package/src/engine/dlp_engine.ts +91 -0
- package/src/engine/rule_engine.ts +208 -0
- package/src/events/emitter.ts +86 -0
- package/src/events/schema.ts +27 -0
- package/src/hooks/context_guard.ts +36 -0
- package/src/hooks/output_guard.ts +66 -0
- package/src/hooks/persist_guard.ts +69 -0
- package/src/hooks/policy_guard.ts +222 -0
- package/src/hooks/result_guard.ts +88 -0
- package/src/i18n/locale.ts +36 -0
- package/src/index.ts +255 -0
- package/src/infrastructure/adapters/notification_adapter.ts +173 -0
- package/src/infrastructure/adapters/openclaw_adapter_impl.ts +59 -0
- package/src/infrastructure/config/plugin_config_parser.ts +105 -0
- package/src/monitoring/status_store.ts +612 -0
- package/src/types.ts +409 -0
- package/src/utils.ts +97 -0
package/CHANGELOG.md
ADDED
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
## [0.1.0] - 2026-03-15
|
|
4
|
+
|
|
5
|
+
### 架构重构
|
|
6
|
+
|
|
7
|
+
#### 新增
|
|
8
|
+
- 引入分层架构(领域层、应用层、基础设施层)
|
|
9
|
+
- 新增 `ContextInferenceService` - 上下文推断服务(350 行)
|
|
10
|
+
- 新增 `ApprovalService` - 审批业务逻辑服务(200 行)
|
|
11
|
+
- 新增 `NotificationAdapter` - 7 个消息渠道适配器(150 行)
|
|
12
|
+
- 新增 `ApprovalCommands` - 命令处理器(180 行)
|
|
13
|
+
- 新增 `OpenClawAdapter` - OpenClaw API 封装(60 行)
|
|
14
|
+
- 新增 `FormattingService` - 格式化工具(60 行)
|
|
15
|
+
- 新增 `ApprovalSubjectResolver` - 审批主题解析(35 行)
|
|
16
|
+
- 新增 `PluginConfigParser` - 配置解析(130 行)
|
|
17
|
+
|
|
18
|
+
#### 接口定义
|
|
19
|
+
- 新增 `NotificationPort` - 通知接口
|
|
20
|
+
- 新增 `ApprovalRepository` - 审批仓储接口
|
|
21
|
+
- 新增 `OpenClawAdapter` - OpenClaw 适配器接口
|
|
22
|
+
|
|
23
|
+
#### 改进
|
|
24
|
+
- 代码行数减少 35.7%(2032 → 1305 行)
|
|
25
|
+
- 最大文件行数减少 82.8%(2032 → 350 行)
|
|
26
|
+
- 实现单一职责原则
|
|
27
|
+
- 实现依赖倒置原则
|
|
28
|
+
- 提升可测试性和可维护性
|
|
29
|
+
|
|
30
|
+
#### 修复
|
|
31
|
+
- 修复 `escapeRegExp` 函数错误(`src/engine/rule_engine.ts:23`)
|
|
32
|
+
- 修复正则表达式未闭合问题(`src/engine/rule_engine.ts:46`)
|
|
33
|
+
|
|
34
|
+
#### 文档
|
|
35
|
+
- 新增 `README.md` - 项目说明
|
|
36
|
+
- 新增 `docs/ARCHITECTURE.md` - 架构文档
|
|
37
|
+
- 更新 `docs/TECHNICAL_SOLUTION.md` - 包含重构后架构
|
|
38
|
+
- 更新 `docs/RUNBOOK.md` - 包含新组件使用示例
|
|
39
|
+
|
|
40
|
+
### 测试
|
|
41
|
+
- ✅ 所有测试通过(48/48)
|
|
42
|
+
- ✅ 类型检查通过(0 errors)
|
|
43
|
+
- ✅ 向后兼容(100%)
|
|
44
|
+
- ✅ 无性能损失
|
|
45
|
+
|
|
46
|
+
### 性能
|
|
47
|
+
- Hook 延迟 p95: ~5ms
|
|
48
|
+
- 内存占用: ~20MB
|
|
49
|
+
- 启动时间: ~50ms
|
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 SecurityClaw contributors
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/README.md
ADDED
|
@@ -0,0 +1,135 @@
|
|
|
1
|
+
# SecurityClaw Security Plugin
|
|
2
|
+
|
|
3
|
+
[中文文档](./README.zh-CN.md)
|
|
4
|
+
|
|
5
|
+
SecurityClaw is a runtime security plugin for [OpenClaw](https://github.com/openclaw/openclaw). It enforces policy decisions on tool calls, supports approval workflows, sanitizes sensitive outputs, and exposes audit-ready decision telemetry.
|
|
6
|
+
|
|
7
|
+
## Why SecurityClaw
|
|
8
|
+
|
|
9
|
+
LLM agents can execute powerful tools. SecurityClaw provides a policy guardrail layer so risky operations are either blocked, challenged for approval, or allowed with warning and traceability.
|
|
10
|
+
|
|
11
|
+
## Core Capabilities
|
|
12
|
+
|
|
13
|
+
- Runtime policy enforcement for OpenClaw hooks (`before_tool_call`, `after_tool_call`, etc.)
|
|
14
|
+
- Rule-first security model (`allow`, `warn`, `challenge`, `block`)
|
|
15
|
+
- Challenge approval workflow with command-based admin handling
|
|
16
|
+
- Dynamic sensitive-path registry that maps paths to asset labels before rule evaluation
|
|
17
|
+
- Sensitive data scanning and sanitization (DLP)
|
|
18
|
+
- Admin dashboard for strategy and account policy operations
|
|
19
|
+
- Decision events for audit and observability
|
|
20
|
+
- Built-in internationalization (`en` and `zh-CN`) for runtime/admin text
|
|
21
|
+
|
|
22
|
+
## Architecture
|
|
23
|
+
|
|
24
|
+
SecurityClaw follows a layered architecture:
|
|
25
|
+
|
|
26
|
+
- `domain`: policy, approval, context inference, formatting
|
|
27
|
+
- `domain/services/sensitive_path_registry.ts`: built-in + runtime-overridden sensitive path mappings
|
|
28
|
+
- `engine`: rule matching, decisioning, DLP scanning
|
|
29
|
+
- `config`: base YAML + SQLite runtime override
|
|
30
|
+
- `admin`: dashboard backend + frontend
|
|
31
|
+
- `monitoring`: runtime status and decision snapshots
|
|
32
|
+
|
|
33
|
+
See [Architecture](./docs/ARCHITECTURE.md) and [Technical Solution](./docs/TECHNICAL_SOLUTION.md).
|
|
34
|
+
|
|
35
|
+
## Quick Start
|
|
36
|
+
|
|
37
|
+
### 1. Install dependencies
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
npm install
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
### 2. Install into OpenClaw
|
|
44
|
+
|
|
45
|
+
```bash
|
|
46
|
+
npm run openclaw:install
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
Alternative install paths for end users:
|
|
50
|
+
|
|
51
|
+
```bash
|
|
52
|
+
npx securityclaw install
|
|
53
|
+
curl -fsSL https://raw.githubusercontent.com/znary/securityclaw/main/install.sh | bash
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
### 3. Run verification
|
|
57
|
+
|
|
58
|
+
```bash
|
|
59
|
+
npm test
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
### 4. Start admin dashboard (standalone)
|
|
63
|
+
|
|
64
|
+
```bash
|
|
65
|
+
npm run admin
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
Default dashboard URL: `http://127.0.0.1:4780`
|
|
69
|
+
|
|
70
|
+
## OpenClaw Integration
|
|
71
|
+
|
|
72
|
+
Preferred local install:
|
|
73
|
+
|
|
74
|
+
```bash
|
|
75
|
+
npm run openclaw:install
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
This creates a versioned plugin archive, installs it through `openclaw plugins install`, restarts the gateway, and verifies gateway health.
|
|
79
|
+
See [OpenClaw Install Guide](./docs/OPENCLAW_INSTALL.md) for details.
|
|
80
|
+
|
|
81
|
+
## Approval Commands
|
|
82
|
+
|
|
83
|
+
After setting one account policy with `is_admin=true`, the admin can run:
|
|
84
|
+
|
|
85
|
+
- `/securityclaw-approve <approval_id>`
|
|
86
|
+
- `/securityclaw-approve <approval_id> long`
|
|
87
|
+
- `/securityclaw-reject <approval_id>`
|
|
88
|
+
- `/securityclaw-pending`
|
|
89
|
+
|
|
90
|
+
## Admin Dashboard
|
|
91
|
+
|
|
92
|
+
Dashboard supports English and Chinese UI switching and stores language preference in local storage.
|
|
93
|
+
By default, it follows the host system language.
|
|
94
|
+
|
|
95
|
+
Main panels:
|
|
96
|
+
|
|
97
|
+
- Overview: posture and trend signals, plus a skill-risk snapshot for high-priority installed skills
|
|
98
|
+
- Decisions: recent decision events and reasons
|
|
99
|
+
- Policies: grouped rule strategy controls plus sensitive-path registry management
|
|
100
|
+
- Skill Interception: installed skill inventory, risk scoring, undeclared-change detection, rescan/quarantine/trust override actions, and interception policy matrix
|
|
101
|
+
- Accounts: admin approver account selection and mode settings
|
|
102
|
+
|
|
103
|
+
Sensitive path registry behavior:
|
|
104
|
+
|
|
105
|
+
- Built-in path patterns cover credentials, personal content, download staging, browser profiles, browser secret stores, and communication stores.
|
|
106
|
+
- Registry entries are persisted in SQLite runtime strategy overrides together with rule decisions.
|
|
107
|
+
- Built-in entries can be disabled from the dashboard, and custom path rules can be added without editing the base YAML.
|
|
108
|
+
|
|
109
|
+
Skill interception behavior:
|
|
110
|
+
|
|
111
|
+
- Dashboard discovers installed skills from local OpenClaw / Codex skill roots and stores scan results in SQLite.
|
|
112
|
+
- A skill can be flagged when its content changes without a matching version update.
|
|
113
|
+
- Overview surfaces the most important skill signals directly so admins can see high-risk items without switching tabs.
|
|
114
|
+
- The dedicated Skill Interception panel supports rescan, quarantine, temporary trust override, and risk-matrix editing.
|
|
115
|
+
|
|
116
|
+
## Documentation
|
|
117
|
+
|
|
118
|
+
- [Documentation Index](./docs/README.md)
|
|
119
|
+
- [OpenClaw Install Guide](./docs/OPENCLAW_INSTALL.md)
|
|
120
|
+
- [Admin Dashboard](./docs/ADMIN_DASHBOARD.md)
|
|
121
|
+
- [Runbook](./docs/RUNBOOK.md)
|
|
122
|
+
- [Integration Guide](./docs/INTEGRATION_GUIDE.md)
|
|
123
|
+
|
|
124
|
+
## Development
|
|
125
|
+
|
|
126
|
+
```bash
|
|
127
|
+
npm run typecheck
|
|
128
|
+
npm run test:unit
|
|
129
|
+
npm test
|
|
130
|
+
npm run admin:build
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
## License
|
|
134
|
+
|
|
135
|
+
MIT. See [LICENSE](./LICENSE).
|
package/README.zh-CN.md
ADDED
|
@@ -0,0 +1,135 @@
|
|
|
1
|
+
# SecurityClaw 安全插件
|
|
2
|
+
|
|
3
|
+
[English](./README.md)
|
|
4
|
+
|
|
5
|
+
SecurityClaw 是面向 [OpenClaw](https://github.com/openclaw/openclaw) 的运行时安全插件。它在工具调用链路上执行安全策略,支持审批流程、敏感信息净化与审计级决策记录。
|
|
6
|
+
|
|
7
|
+
## SecurityClaw 解决什么问题
|
|
8
|
+
|
|
9
|
+
LLM Agent 具备高权限工具调用能力。SecurityClaw 在运行时提供策略护栏,将高风险操作按规则执行为拦截、审批确认、提醒或放行,并保留可追溯审计信息。
|
|
10
|
+
|
|
11
|
+
## 核心能力
|
|
12
|
+
|
|
13
|
+
- 基于 OpenClaw Hook 的运行时策略执行(`before_tool_call` 等)
|
|
14
|
+
- 规则优先决策模型(`allow` / `warn` / `challenge` / `block`)
|
|
15
|
+
- Challenge 审批流程与管理员命令处理
|
|
16
|
+
- 动态敏感路径注册表,在规则判断前先把路径映射成资产标签
|
|
17
|
+
- DLP 扫描与敏感输出净化
|
|
18
|
+
- 管理后台(策略与账号策略配置)
|
|
19
|
+
- 决策事件与状态观测
|
|
20
|
+
- 中英文国际化(`en` / `zh-CN`)
|
|
21
|
+
|
|
22
|
+
## 架构说明
|
|
23
|
+
|
|
24
|
+
分层结构如下:
|
|
25
|
+
|
|
26
|
+
- `domain`:策略、审批、上下文推断、格式化
|
|
27
|
+
- `domain/services/sensitive_path_registry.ts`:内置 + 运行时覆写的敏感路径映射
|
|
28
|
+
- `engine`:规则匹配、决策引擎、DLP
|
|
29
|
+
- `config`:YAML 基线配置 + SQLite 运行时覆盖
|
|
30
|
+
- `admin`:管理后台前后端
|
|
31
|
+
- `monitoring`:运行状态与决策快照
|
|
32
|
+
|
|
33
|
+
详见 [架构文档](./docs/ARCHITECTURE.md) 与 [技术方案](./docs/TECHNICAL_SOLUTION.md)。
|
|
34
|
+
|
|
35
|
+
## 快速开始
|
|
36
|
+
|
|
37
|
+
### 1. 安装依赖
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
npm install
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
### 2. 安装到 OpenClaw
|
|
44
|
+
|
|
45
|
+
```bash
|
|
46
|
+
npm run openclaw:install
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
终端用户也可以直接使用:
|
|
50
|
+
|
|
51
|
+
```bash
|
|
52
|
+
npx securityclaw install
|
|
53
|
+
curl -fsSL https://raw.githubusercontent.com/znary/securityclaw/main/install.sh | bash
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
### 3. 执行验证
|
|
57
|
+
|
|
58
|
+
```bash
|
|
59
|
+
npm test
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
### 4. 启动管理后台(独立模式)
|
|
63
|
+
|
|
64
|
+
```bash
|
|
65
|
+
npm run admin
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
默认地址:`http://127.0.0.1:4780`
|
|
69
|
+
|
|
70
|
+
## OpenClaw 集成
|
|
71
|
+
|
|
72
|
+
推荐本地安装方式:
|
|
73
|
+
|
|
74
|
+
```bash
|
|
75
|
+
npm run openclaw:install
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
这条命令会生成带版本号的插件压缩包,通过 `openclaw plugins install` 安装,随后自动重启 gateway 并校验状态。
|
|
79
|
+
详情见 [OpenClaw 安装指南](./docs/OPENCLAW_INSTALL.md)。
|
|
80
|
+
|
|
81
|
+
## 审批命令
|
|
82
|
+
|
|
83
|
+
当账号策略中配置 `is_admin=true` 后,管理员可在聊天渠道执行:
|
|
84
|
+
|
|
85
|
+
- `/securityclaw-approve <approval_id>`
|
|
86
|
+
- `/securityclaw-approve <approval_id> long`
|
|
87
|
+
- `/securityclaw-reject <approval_id>`
|
|
88
|
+
- `/securityclaw-pending`
|
|
89
|
+
|
|
90
|
+
## 管理后台
|
|
91
|
+
|
|
92
|
+
管理后台支持中英文切换,并将语言偏好保存在本地存储。
|
|
93
|
+
默认跟随系统语言。
|
|
94
|
+
|
|
95
|
+
核心模块:
|
|
96
|
+
|
|
97
|
+
- 概览:总体态势、趋势,以及高优先级已安装 skill 的风险快照
|
|
98
|
+
- 决策记录:最近决策事件与原因
|
|
99
|
+
- 规则策略:按分组编辑规则动作,并维护敏感路径注册表
|
|
100
|
+
- Skill 拦截:已安装 skill 清单、风险打分、未声明变更检测、重扫 / 隔离 / 受信覆盖操作,以及拦截策略矩阵
|
|
101
|
+
- 账号策略:管理员审批账号与模式配置
|
|
102
|
+
|
|
103
|
+
敏感路径注册表说明:
|
|
104
|
+
|
|
105
|
+
- 内置覆盖凭据目录、个人内容目录、下载暂存区、浏览器资料目录、浏览器密钥库和通信存储。
|
|
106
|
+
- 路径注册表与规则动作一起持久化到 SQLite 运行时策略覆盖中。
|
|
107
|
+
- 可在后台删除内置项,也可直接添加自定义路径,无需手改基线 YAML。
|
|
108
|
+
|
|
109
|
+
Skill 拦截说明:
|
|
110
|
+
|
|
111
|
+
- 后台会从本地 OpenClaw / Codex skill 目录自动发现已安装 skills,并把扫描结果持久化到 SQLite。
|
|
112
|
+
- 当 skill 内容发生变化、但版本号没有同步更新时,会被标记为“内容变了但版本没变”。
|
|
113
|
+
- 概览页会直接展示最值得优先处理的 skill 风险信号,不需要先切到 Skill 页签。
|
|
114
|
+
- `Skill 拦截` 面板支持重扫、隔离、临时受信覆盖,以及风险矩阵配置。
|
|
115
|
+
|
|
116
|
+
## 文档导航
|
|
117
|
+
|
|
118
|
+
- [文档索引](./docs/README.zh-CN.md)
|
|
119
|
+
- [OpenClaw 安装指南](./docs/OPENCLAW_INSTALL.md)
|
|
120
|
+
- [管理后台说明](./docs/ADMIN_DASHBOARD.md)
|
|
121
|
+
- [运行手册](./docs/RUNBOOK.md)
|
|
122
|
+
- [集成指南](./docs/INTEGRATION_GUIDE.md)
|
|
123
|
+
|
|
124
|
+
## 开发命令
|
|
125
|
+
|
|
126
|
+
```bash
|
|
127
|
+
npm run typecheck
|
|
128
|
+
npm run test:unit
|
|
129
|
+
npm test
|
|
130
|
+
npm run admin:build
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
## 许可证
|
|
134
|
+
|
|
135
|
+
MIT,详见 [LICENSE](./LICENSE)。
|