shellward 0.4.0 → 0.5.0

package/src/auto-check.ts

@@ -0,0 +1,177 @@
+// src/auto-check.ts — 启动时自动安全检查，减少人为操作
+// 异步执行，不阻塞启动；发现问题时通过 logger 告警
+
+import { execSync } from 'child_process'
+import { existsSync, readFileSync, readdirSync } from 'fs'
+import { join } from 'path'
+import { getHomeDir } from './utils'
+import { fetchVulnDB, compareVersions } from './update-check'
+
+const OPENCLAW_DIR = join(getHomeDir(), '.openclaw')
+
+export interface AutoCheckResult {
+  openclawVulns: { id: string; severity: string; description: string }[]
+  pluginRisks: { plugin: string; risk: string }[]
+  mcpRisks: { config: string; risk: string }[]
+  rootWarning: boolean
+}
+
+const SUSPICIOUS_PATTERNS = [
+  { pattern: /eval\s*\(/, name: 'eval()' },
+  { pattern: /\/dev\/tcp|nc\s+-e|ncat/, name: 'reverse shell' },
+  { pattern: /webhook|exfil|callback.*http/i, name: 'data exfil' },
+]
+
+/**
+ * 获取 OpenClaw 版本
+ */
+function getOpenClawVersion(): string {
+  try {
+    const out = execSync('openclaw --version 2>&1', { timeout: 5000 }).toString().trim()
+    const match = out.match(/(\d{4}\.\d+\.\d+|\d+\.\d+\.\d+)/)
+    return match ? match[1] : 'unknown'
+  } catch {
+    return 'unknown'
+  }
+}
+
+/**
+ * 检查 OpenClaw 是否受已知漏洞影响
+ */
+async function checkOpenClawVulns(version: string): Promise<{ id: string; severity: string; description: string }[]> {
+  const vulns: { id: string; severity: string; description: string }[] = []
+  try {
+    const { vulns: db } = await fetchVulnDB()
+    const list = db.length > 0 ? db : [
+      { affectedBelow: '1.0.111', severity: 'HIGH' as const, id: 'CVE-2025-59536', description_zh: 'RCE via Hooks/MCP', description_en: 'RCE via Hooks/MCP' },
+      { affectedBelow: '2.0.65', severity: 'MEDIUM' as const, id: 'CVE-2026-21852', description_zh: 'API Key exfil', description_en: 'API Key exfil' },
+    ]
+    for (const v of list) {
+      if (version !== 'unknown' && compareVersions(version, v.affectedBelow) < 0) {
+        vulns.push({
+          id: v.id,
+          severity: v.severity || 'MEDIUM',
+          description: (v as any).description_zh || (v as any).description_en || v.id,
+        })
+      }
+    }
+  } catch { /* ignore */ }
+  return vulns
+}
+
+/**
+ * 快速扫描插件中的高风险模式
+ */
+function scanPluginsQuick(): { plugin: string; risk: string }[] {
+  const risks: { plugin: string; risk: string }[] = []
+  const dirs = [
+    join(OPENCLAW_DIR, 'extensions'),
+    join(OPENCLAW_DIR, 'plugins'),
+  ]
+  for (const dir of dirs) {
+    if (!existsSync(dir)) continue
+    try {
+      for (const name of readdirSync(dir)) {
+        const p = join(dir, name)
+        if (name.startsWith('.')) continue
+        try {
+          const files = readdirSync(p)
+          for (const f of files) {
+            if (!/\.(ts|js)$/.test(f)) continue
+            const content = readFileSync(join(p, f), 'utf-8').slice(0, 50000)
+            for (const { pattern, name: riskName } of SUSPICIOUS_PATTERNS) {
+              if (pattern.test(content)) {
+                risks.push({ plugin: name, risk: riskName })
+                break
+              }
+            }
+          }
+        } catch { /* skip */ }
+      }
+    } catch { /* skip */ }
+  }
+  return risks
+}
+
+/**
+ * 扫描 MCP 配置中的可疑项
+ */
+function scanMcpConfig(): { config: string; risk: string }[] {
+  const risks: { config: string; risk: string }[] = []
+  const configPaths = [
+    join(OPENCLAW_DIR, 'mcp.json'),
+    join(OPENCLAW_DIR, 'config', 'mcp.json'),
+    join(OPENCLAW_DIR, 'settings.json'),
+  ]
+  for (const p of configPaths) {
+    if (!existsSync(p)) continue
+    try {
+      const content = readFileSync(p, 'utf-8')
+      if (/webhook|exfil|callback|pastebin|requestbin/i.test(content)) {
+        risks.push({ config: p, risk: 'suspicious URL in config' })
+      }
+      if (/command.*:.*["'](?:curl|wget|nc)\s/i.test(content)) {
+        risks.push({ config: p, risk: 'network command in MCP' })
+      }
+    } catch { /* skip */ }
+  }
+  return risks
+}
+
+/**
+ * 执行全部自动检查，返回结果（供启动时告警用）
+ */
+export async function runAutoCheck(): Promise<AutoCheckResult> {
+  const ocVersion = getOpenClawVersion()
+  const [openclawVulns, pluginRisks, mcpRisks] = await Promise.all([
+    checkOpenClawVulns(ocVersion),
+    Promise.resolve(scanPluginsQuick()),
+    Promise.resolve(scanMcpConfig()),
+  ])
+  const rootWarning = typeof process.getuid === 'function' && process.getuid() === 0
+  return { openclawVulns, pluginRisks, mcpRisks, rootWarning }
+}
+
+/**
+ * 启动时执行检查，发现问题时通过 logger 告警
+ */
+export function runAutoCheckOnStartup(logger: { warn: (s: string) => void }, locale: 'zh' | 'en'): void {
+  runAutoCheck().then(result => {
+    const zh = locale === 'zh'
+    const lines: string[] = []
+
+    if (result.openclawVulns.length > 0) {
+      lines.push(zh ? '⚠️ OpenClaw 存在已知漏洞:' : '⚠️ OpenClaw has known vulnerabilities:')
+      for (const v of result.openclawVulns) {
+        lines.push(`  ${v.id} [${v.severity}]: ${v.description}`)
+      }
+      lines.push(zh ? '  请运行 /check-updates 查看详情并升级' : '  Run /check-updates for details and upgrade')
+    }
+
+    if (result.pluginRisks.length > 0) {
+      lines.push(zh ? '⚠️ 插件扫描发现可疑模式:' : '⚠️ Plugin scan found suspicious patterns:')
+      for (const r of result.pluginRisks.slice(0, 3)) {
+        lines.push(`  ${r.plugin}: ${r.risk}`)
+      }
+      if (result.pluginRisks.length > 3) {
+        lines.push(`  ... 共 ${result.pluginRisks.length} 项`)
+      }
+      lines.push(zh ? '  请运行 /scan-plugins 查看详情' : '  Run /scan-plugins for details')
+    }
+
+    if (result.mcpRisks.length > 0) {
+      lines.push(zh ? '⚠️ MCP 配置存在可疑项:' : '⚠️ Suspicious items in MCP config:')
+      for (const r of result.mcpRisks) {
+        lines.push(`  ${r.config}: ${r.risk}`)
+      }
+    }
+
+    if (result.rootWarning) {
+      lines.push(zh ? '⚠️ 正在以 root 运行，建议使用普通用户' : '⚠️ Running as root, consider using non-root user')
+    }
+
+    if (lines.length > 0) {
+      logger.warn('[ShellWard] 自动安全检查:\n' + lines.join('\n'))
+    }
+  }).catch(() => { /* 静默失败，不阻塞 */ })
+}

package/src/commands/audit.ts

@@ -2,10 +2,11 @@
 
 import { readFileSync, statSync } from 'fs'
 import { join } from 'path'
+import { getHomeDir } from '../utils'
 import type { ShellWardConfig } from '../types'
 import { resolveLocale } from '../types'
 
-const LOG_FILE = join(process.env.HOME || '~', '.openclaw', 'shellward', 'audit.jsonl')
+const LOG_FILE = join(getHomeDir(), '.openclaw', 'shellward', 'audit.jsonl')
 
 export function registerAuditCommand(api: any, config: ShellWardConfig) {
   const locale = resolveLocale(config)
@@ -13,8 +14,8 @@ export function registerAuditCommand(api: any, config: ShellWardConfig) {
   api.registerCommand({
     name: 'audit',
     description: locale === 'zh'
-      ? '📋 查看 ShellWard 审计日志 (用法: /audit [数量] [block|redact|critical])'
-      : '📋 View ShellWard audit log (usage: /audit [count] [block|redact|critical])',
+      ? '📋 查看 ShellWard 审计日志 (用法: /audit [数量] [block|audit|critical])'
+      : '📋 View ShellWard audit log (usage: /audit [count] [block|audit|critical])',
     acceptsArgs: true,
     handler: (ctx: any) => {
       const zh = locale === 'zh'
@@ -43,6 +44,8 @@ export function registerAuditCommand(api: any, config: ShellWardConfig) {
       // Apply filter
       if (filter === 'block') {
         lines = lines.filter(l => l.includes('"action":"block"'))
+      } else if (filter === 'audit') {
+        lines = lines.filter(l => l.includes('"action":"audit"'))
       } else if (filter === 'redact') {
         lines = lines.filter(l => l.includes('"action":"redact"'))
       } else if (filter === 'critical') {
@@ -65,7 +68,7 @@ export function registerAuditCommand(api: any, config: ShellWardConfig) {
       const formatted = recent.map(line => {
         try {
           const e = JSON.parse(line)
-          const icon = e.action === 'block' ? '🚫' : e.action === 'redact' ? '🔒' : e.level === 'CRITICAL' ? '🔴' : 'ℹ️'
+          const icon = e.action === 'block' ? '🚫' : e.action === 'audit' ? '📋' : e.action === 'redact' ? '🔒' : e.level === 'CRITICAL' ? '🔴' : 'ℹ️'
           const time = e.ts?.slice(11, 19) || '??:??:??'
           return `${icon} \`${time}\` **${e.layer}** ${e.action}: ${e.detail?.slice(0, 80) || ''}${e.pattern ? ` [${e.pattern}]` : ''}`
         } catch {

package/src/commands/harden.ts

@@ -6,7 +6,8 @@ import { execSync } from 'child_process'
 import type { ShellWardConfig } from '../types'
 import { resolveLocale } from '../types'
 
-const HOME = process.env.HOME || '~'
+import { getHomeDir } from '../utils'
+const HOME = getHomeDir()
 
 export function registerHardenCommand(api: any, config: ShellWardConfig) {
   const locale = resolveLocale(config)
@@ -171,6 +172,43 @@ export function registerHardenCommand(api: any, config: ShellWardConfig) {
       }
       lines.push('')
 
+      // === 5. One-click scripts ===
+      lines.push(zh ? '### 一键安全脚本' : '### One-click Security Scripts')
+
+      // Dockerfile
+      lines.push(zh ? '**容器隔离** — 复制以下 Dockerfile:' : '**Container isolation** — copy this Dockerfile:')
+      lines.push('```dockerfile')
+      lines.push('FROM node:22-slim')
+      lines.push('RUN useradd -m -s /bin/bash openclaw')
+      lines.push('USER openclaw')
+      lines.push('WORKDIR /home/openclaw')
+      lines.push('RUN npm install -g openclaw')
+      lines.push('COPY .env .env')
+      lines.push('EXPOSE 19000')
+      lines.push('CMD ["openclaw", "agent", "--local"]')
+      lines.push('```')
+      lines.push(zh
+        ? '运行: `docker build -t openclaw-safe . && docker run --rm -it openclaw-safe`'
+        : 'Run: `docker build -t openclaw-safe . && docker run --rm -it openclaw-safe`')
+      lines.push('')
+
+      // Firewall
+      lines.push(zh ? '**防火墙限制** — 仅允许必要出站:' : '**Firewall** — allow only necessary outbound:')
+      lines.push('```bash')
+      lines.push('# 只允许 HTTPS 出站（API 调用），禁止其他出站')
+      lines.push('sudo iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT')
+      lines.push('sudo iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT')
+      lines.push('sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT  # DNS')
+      lines.push('sudo iptables -A OUTPUT -o lo -j ACCEPT               # localhost')
+      lines.push('sudo iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT')
+      lines.push('sudo iptables -A OUTPUT -j LOG --log-prefix "BLOCKED: "')
+      lines.push('sudo iptables -A OUTPUT -j DROP')
+      lines.push('```')
+      lines.push(zh
+        ? '⚠️ 执行前请确认不会影响其他服务'
+        : '⚠️ Review before applying — may affect other services')
+      lines.push('')
+
       // === Summary ===
       lines.push('---')
       if (issues.length === 0) {

package/src/commands/index.ts

@@ -7,6 +7,7 @@ import { registerAuditCommand } from './audit'
 import { registerHardenCommand } from './harden'
 import { registerScanPluginsCommand } from './scan-plugins'
 import { registerCheckUpdatesCommand } from './check-updates'
+import { registerUpgradeOpenClawCommand } from './upgrade-openclaw'
 
 export function registerAllCommands(api: any, config: ShellWardConfig) {
   const locale = resolveLocale(config)
@@ -17,6 +18,7 @@ export function registerAllCommands(api: any, config: ShellWardConfig) {
   registerHardenCommand(api, config)
   registerScanPluginsCommand(api, config)
   registerCheckUpdatesCommand(api, config)
+  registerUpgradeOpenClawCommand(api, config)
 
   // Register /cg shortcut with help
   api.registerCommand({
@@ -31,23 +33,25 @@ export function registerAllCommands(api: any, config: ShellWardConfig) {
 | 命令 | 说明 |
 |------|------|
 | \`/security\` | 安全状态总览（防御层、审计统计、系统检查） |
-| \`/audit [数量] [过滤]\` | 查看审计日志 (过滤: block/redact/critical/high) |
+| \`/audit [数量] [过滤]\` | 查看审计日志 (过滤: block/audit/critical/high) |
 | \`/harden\` | 安全扫描 · \`/harden fix\` 自动修复权限 |
 | \`/scan-plugins\` | 扫描已安装插件的安全风险 |
 | \`/check-updates\` | 检查 OpenClaw 版本和已知漏洞 |
+| \`/upgrade-openclaw\` | 一键升级 OpenClaw · \`/upgrade-openclaw yes\` 直接执行 |
 
 **当前防御层 (8层):**
-L1 提示注入 · L2 输出脱敏 · L3 工具拦截 · L4 注入检测
-L5 安全门 · L6 回复脱敏 · L7 数据流监控 · L8 会话安全`
+L1 提示注入 · L2 输出审计 · L3 工具拦截 · L4 注入检测
+L5 安全门 · L6 回复审计 · L7 数据流监控 · L8 会话安全`
         : `🛡️ **ShellWard Quick Commands**
 
 | Command | Description |
 |---------|-------------|
 | \`/security\` | Security status overview (layers, audit stats, system checks) |
-| \`/audit [count] [filter]\` | View audit log (filter: block/redact/critical/high) |
+| \`/audit [count] [filter]\` | View audit log (filter: block/audit/critical/high) |
 | \`/harden\` | Security scan · \`/harden fix\` to auto-fix permissions |
 | \`/scan-plugins\` | Scan installed plugins for security risks |
 | \`/check-updates\` | Check OpenClaw version and known vulnerabilities |
+| \`/upgrade-openclaw\` | Upgrade OpenClaw · \`/upgrade-openclaw yes\` to execute |
 
 **Active Defense Layers (8):**
 L1 Prompt Guard · L2 Output Scanner · L3 Tool Blocker · L4 Input Auditor

package/src/commands/scan-plugins.ts

@@ -5,7 +5,8 @@ import { join } from 'path'
 import type { ShellWardConfig } from '../types'
 import { resolveLocale } from '../types'
 
-const HOME = process.env.HOME || '~'
+import { getHomeDir } from '../utils'
+const HOME = getHomeDir()
 const OPENCLAW_DIR = join(HOME, '.openclaw')
 
 // Known suspicious patterns in plugin code
@@ -74,6 +75,7 @@ export function registerScanPluginsCommand(api: any, config: ShellWardConfig) {
       lines.push('')
 
       let totalRisks = 0
+      const riskyPluginNames = new Set<string>()
 
       for (const plugin of pluginDirs) {
         const risks: string[] = []
@@ -147,11 +149,14 @@ export function registerScanPluginsCommand(api: any, config: ShellWardConfig) {
             lines.push(`  ${risk}`)
             totalRisks++
           }
+          if (risks.some(r => r.startsWith('🔴') || (r.startsWith('⚠️') && !r.includes('签名') && !r.includes('signature') && !r.includes('依赖') && !r.includes('deps')))) {
+            riskyPluginNames.add(plugin.name)
+          }
         }
         lines.push('')
       }
 
-      // Summary
+      // Summary + removal commands
       lines.push('---')
       if (totalRisks === 0) {
         lines.push(zh ? '✅ **所有插件扫描通过**' : '✅ **All plugins passed scan**')
@@ -159,6 +164,17 @@ export function registerScanPluginsCommand(api: any, config: ShellWardConfig) {
         lines.push(zh
           ? `⚠️ **发现 ${totalRisks} 个潜在风险** — 请审查标记的插件`
           : `⚠️ **${totalRisks} potential risks found** — review flagged plugins`)
+
+        if (riskyPluginNames.size > 0) {
+          lines.push('')
+          lines.push(zh ? '**一键移除高风险插件** — 复制执行:' : '**Remove risky plugins** — copy & run:')
+          lines.push('```bash')
+          for (const name of riskyPluginNames) {
+            lines.push(`openclaw plugins uninstall ${name}`)
+          }
+          lines.push('```')
+        }
+
         lines.push(zh
           ? '💡 建议: 仅从可信渠道安装插件，定期运行 `/scan-plugins` 检查'
           : '💡 Tip: Only install plugins from trusted sources, run `/scan-plugins` regularly')

package/src/commands/security.ts

@@ -3,10 +3,11 @@
 import { readFileSync, statSync, existsSync, readdirSync } from 'fs'
 import { join } from 'path'
 import { execSync } from 'child_process'
+import { getHomeDir } from '../utils'
 import type { ShellWardConfig } from '../types'
 import { resolveLocale } from '../types'
 
-const LOG_DIR = join(process.env.HOME || '~', '.openclaw', 'shellward')
+const LOG_DIR = join(getHomeDir(), '.openclaw', 'shellward')
 const LOG_FILE = join(LOG_DIR, 'audit.jsonl')
 
 export function registerSecurityCommand(api: any, config: ShellWardConfig) {
@@ -33,6 +34,9 @@ export function registerSecurityCommand(api: any, config: ShellWardConfig) {
         ['L3 Tool Blocker', config.layers.toolBlocker],
         ['L4 Input Auditor', config.layers.inputAuditor],
         ['L5 Security Gate', config.layers.securityGate],
+        ['L6 Outbound Guard', config.layers.outboundGuard],
+        ['L7 Data Flow Guard', config.layers.dataFlowGuard],
+        ['L8 Session Guard', config.layers.sessionGuard],
       ]
       for (const [name, enabled] of layers) {
         lines.push(`  ${enabled ? '✅' : '❌'} ${name}`)
@@ -54,15 +58,15 @@ export function registerSecurityCommand(api: any, config: ShellWardConfig) {
         const allLines = content.trim().split('\n').filter(Boolean)
         const total = allLines.length
         let blocks = 0
-        let redacts = 0
+        let audits = 0
         let criticals = 0
         for (const line of allLines) {
           if (line.includes('"action":"block"')) blocks++
-          if (line.includes('"action":"redact"')) redacts++
+          if (line.includes('"action":"audit"')) audits++
           if (line.includes('"level":"CRITICAL"')) criticals++
         }
         lines.push(`  ${zh ? '总事件' : 'Total events'}: ${total}`)
-        lines.push(`  ${zh ? '拦截' : 'Blocked'}: ${blocks} | ${zh ? '脱敏' : 'Redacted'}: ${redacts} | ${zh ? '严重' : 'Critical'}: ${criticals}`)
+        lines.push(`  ${zh ? '拦截' : 'Blocked'}: ${blocks} | ${zh ? '审计' : 'Audited'}: ${audits} | ${zh ? '严重' : 'Critical'}: ${criticals}`)
       } catch {
         lines.push(zh ? '  ⚠️ 日志文件不存在' : '  ⚠️ Log file not found')
       }

package/src/commands/upgrade-openclaw.ts

@@ -0,0 +1,58 @@
+// src/commands/upgrade-openclaw.ts — 一键升级 OpenClaw，减少手动操作
+
+import { execSync } from 'child_process'
+import type { ShellWardConfig } from '../types'
+import { resolveLocale } from '../types'
+
+export function registerUpgradeOpenClawCommand(api: any, config: ShellWardConfig) {
+  const locale = resolveLocale(config)
+
+  api.registerCommand({
+    name: 'upgrade-openclaw',
+    description: locale === 'zh'
+      ? '⬆️ 升级 OpenClaw 到最新版本（一键执行）'
+      : '⬆️ Upgrade OpenClaw to latest (one-click)',
+    acceptsArgs: true,
+    handler: (ctx: any) => {
+      const zh = locale === 'zh'
+      const args = (ctx.args || '').trim().toLowerCase()
+      const doUpgrade = args === 'yes' || args === 'y' || args === '--yes'
+
+      let currentVer = 'unknown'
+      try {
+        const out = execSync('openclaw --version 2>&1', { timeout: 5000 }).toString()
+        const m = out.match(/(\d{4}\.\d+\.\d+|\d+\.\d+\.\d+)/)
+        if (m) currentVer = m[1]
+      } catch { /* skip */ }
+
+      const cmd = 'npm update -g openclaw'
+      const lines: string[] = []
+
+      if (doUpgrade) {
+        try {
+          execSync(cmd, { stdio: 'inherit', timeout: 120000 })
+          const newOut = execSync('openclaw --version 2>&1', { timeout: 5000 }).toString()
+          const newM = newOut.match(/(\d{4}\.\d+\.\d+|\d+\.\d+\.\d+)/)
+          const newVer = newM ? newM[1] : 'unknown'
+          lines.push(zh ? `✅ 升级完成！当前版本: ${newVer}` : `✅ Upgrade done! Current version: ${newVer}`)
+        } catch (e: any) {
+          lines.push(zh ? `❌ 升级失败: ${e?.message || e}` : `❌ Upgrade failed: ${e?.message || e}`)
+          lines.push(zh ? `请手动执行: \`${cmd}\`` : `Run manually: \`${cmd}\``)
+        }
+      } else {
+        lines.push(zh ? `当前版本: ${currentVer}` : `Current version: ${currentVer}`)
+        lines.push('')
+        lines.push(zh ? '**一键升级**（复制执行）:' : '**One-click upgrade** (copy & run):')
+        lines.push('```bash')
+        lines.push(cmd)
+        lines.push('```')
+        lines.push('')
+        lines.push(zh
+          ? '或在 OpenClaw 中执行: `/upgrade-openclaw yes` 自动升级'
+          : 'Or run in OpenClaw: `/upgrade-openclaw yes` to auto-upgrade')
+      }
+
+      return { text: lines.join('\n') }
+    },
+  })
+}