npm - shroud-privacy - Versions diffs - 2.0.8 → 2.0.10 - Mend

shroud-privacy 2.0.8 → 2.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -16,13 +16,12 @@ Privacy obfuscation plugin for [OpenClaw](https://openclaw.ai). Detects sensitiv
 | Hook | Direction | What happens |
 |------|-----------|-------------|
 | `before_prompt_build` | User → LLM | Obfuscate user prompt, prepend privacy context |
-| `before_message_write` | Any → History | Obfuscate every message written to the session transcript |
-| `before_llm_send` | Context → LLM | Obfuscate LLM messages + install `transformResponse` for deobfuscation (>=2026.3.14) |
+| `before_message_write` | Any → History | Obfuscate non-assistant messages; deobfuscate assistant messages |
 | `before_tool_call` | LLM → Tool | Deobfuscate tool parameters + track tool chain depth |
 | `tool_result_persist` | Tool → History | Obfuscate tool results before storing |
-| `message_sending` | Agent → User | Deobfuscate outbound messages (WhatsApp, auto-reply, etc.) |
+| `message_sending` | Agent → User | Deobfuscate outbound messages (fallback) |
-> **Streaming deobfuscation:** On first load, Shroud automatically patches pi-ai's EventStream to deobfuscate LLM responses. A restart is required to activate the patch.
+> **Streaming deobfuscation:** On first load, Shroud patches pi-ai's EventStream to deobfuscate ALL LLM responses at the stream level — every provider (Anthropic, OpenAI, Google), every channel (Slack, WhatsApp, Telegram, etc.). A single gateway restart activates the patch.
 ## Install

package/dist/detectors/regex.js CHANGED Viewed

@@ -423,7 +423,7 @@ export const BUILTIN_PATTERNS = [
         confidence: 0.75,
     },
     // ==========================================================================
-    // Wave 1: Enterprise / Regulated / Critical Infrastructure
+    // Wave 1: Regulated / Critical Infrastructure
     // ==========================================================================
     // --- Austrian / EU identifiers ---
     {

package/dist/index.js CHANGED Viewed

@@ -5,9 +5,8 @@
  * and deobfuscates responses before they reach the user.
  */
 import { existsSync, readFileSync, writeFileSync, copyFileSync, readdirSync, rmSync } from "node:fs";
-import { join, dirname } from "node:path";
+import { join } from "node:path";
 import { createRequire } from "node:module";
-import { execSync } from "node:child_process";
 import { resolveConfig } from "./config.js";
 import { Obfuscator } from "./obfuscator.js";
 import { registerHooks } from "./hooks.js";
@@ -42,22 +41,6 @@ function findEventStreamPath(logger) {
         }
     }
     catch { }
-    // Fallback: resolve from the openclaw binary
-    try {
-        const bin = execSync("command -v openclaw", { encoding: "utf8" }).trim();
-        if (bin) {
-            const binDir = dirname(bin);
-            const candidates = [
-                join(binDir, "../lib/node_modules/openclaw/node_modules/@mariozechner/pi-ai/dist/utils/event-stream.js"),
-                join(binDir, "../node_modules/@mariozechner/pi-ai/dist/utils/event-stream.js"),
-            ];
-            for (const c of candidates) {
-                if (existsSync(c))
-                    return c;
-            }
-        }
-    }
-    catch { }
     return null;
 }
 function ensureEventStreamPatched(logger) {
@@ -98,8 +81,17 @@ function ensureEventStreamPatched(logger) {
             }
             catch { }
         }
-        logger?.warn("[shroud] Patched pi-ai EventStream for streaming deobfuscation. " +
-            "Restart OpenClaw to activate: openclaw gateway restart");
+        logger?.warn("[shroud] Patched pi-ai EventStream for streaming deobfuscation. Restarting gateway...");
+        // Auto-restart: send SIGUSR1 to self after a short delay.
+        // OpenClaw handles SIGUSR1 as a graceful restart signal.
+        setTimeout(() => {
+            try {
+                process.kill(process.pid, "SIGUSR1");
+            }
+            catch {
+                logger?.warn("[shroud] Auto-restart failed. Run: openclaw gateway restart");
+            }
+        }, 3000);
     }
     catch (err) {
         logger?.warn(`[shroud] Failed to patch event-stream.js: ${String(err)}`);

package/dist/types.js CHANGED Viewed

@@ -24,7 +24,7 @@ export var Category;
     Category["ROUTE_MAP"] = "route_map";
     Category["OSPF_ID"] = "ospf_id";
     Category["ACL_NAME"] = "acl_name";
-    // Regulated / enterprise categories
+    // Regulated / extended categories
     Category["IBAN"] = "iban";
     Category["NATIONAL_ID"] = "national_id";
     Category["JWT"] = "jwt";

package/openclaw.plugin.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "id": "shroud-privacy",
   "name": "Shroud",
-  "version": "2.0.8",
+  "version": "2.0.10",
   "description": "Privacy obfuscation with deterministic fake values and deobfuscation — PII never reaches the LLM, tool calls still work",
   "configSchema": {
     "type": "object",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "shroud-privacy",
-  "version": "2.0.8",
+  "version": "2.0.10",
   "description": "Privacy obfuscation plugin for OpenClaw — detects sensitive data and replaces with deterministic fake values",
   "type": "module",
   "main": "dist/index.js",