shroud-privacy 2.2.4 → 2.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +13 -9
  2. package/openclaw.plugin.json +1 -1
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -21,14 +21,16 @@
21
21
 
22
22
  | Hook | Direction | What happens |
23
23
  |------|-----------|-------------|
24
- | `before_prompt_build` | User → LLM | Obfuscate user prompt, prepend privacy context |
25
- | `before_message_write` | AnyHistory | Obfuscate non-assistant messages; deobfuscate assistant messages |
24
+ | `globalThis.fetch` intercept | User → LLM | Obfuscate all outbound LLM API requests; deobfuscate SSE responses per content block |
25
+ | `before_prompt_build` | UserLLM | Pre-seed mapping store so the fetch intercept has mappings ready |
26
+ | `before_message_write` | Any → History | Deobfuscate assistant messages for transcript; re-obfuscate on next turn |
26
27
  | `before_tool_call` | LLM → Tool | Deobfuscate tool parameters + track tool chain depth |
27
28
  | `tool_result_persist` | Tool → History | Obfuscate tool results before storing |
28
- | `message_sending` | Agent → User | Deobfuscate outbound messages (all channels) |
29
+ | `message_sending` | Agent → User | Deobfuscate outbound messages (backup — fetch intercept handles primary deob) |
30
+ | `globalThis.__shroudStreamDeobfuscate` | LLM → Agent | Streaming event deobfuscation hook |
29
31
  | `globalThis.__shroudDeobfuscate` | Agent → Channel | Global deobfuscation hook — called by OpenClaw before ANY channel send |
30
32
 
31
- > **Privacy guarantee:** Shroud intercepts ALL outbound LLM API calls (Anthropic, OpenAI, Google, any provider) at the `fetch` level and obfuscates PII in every message — including assistant history and Slack `<mailto:>` markup — before it leaves the process. No PII reaches the LLM. On the channel delivery side, Shroud registers `globalThis.__shroudDeobfuscate` — a single function that OpenClaw calls before sending to ANY channel (Slack, WhatsApp, Signal, web, etc.). One hook, all channels, transparent no-op if Shroud isn't loaded.
33
+ > **Privacy guarantee:** Shroud intercepts ALL outbound LLM API calls (Anthropic, OpenAI, Google, any provider) at the `fetch` level and obfuscates detected PII in every message — including assistant history and Slack `<mailto:>` markup — before it leaves the process. Detected PII never reaches the LLM. Detection covers 100+ entity types; see [SECURITY.md](SECURITY.md) for known limitations. On the channel delivery side, Shroud registers `globalThis.__shroudDeobfuscate` — a single function that OpenClaw calls before sending to ANY channel (Slack, WhatsApp, Signal, web, etc.). One hook, all channels, transparent no-op if Shroud isn't loaded.
32
34
 
33
35
  > **Requires OpenClaw 2026.3.24 or later** with the channel delivery patch (see [OpenClaw patch](#openclaw-channel-delivery-patch) below).
34
36
 
@@ -81,7 +83,7 @@ node node_modules/shroud-privacy/app-server.mjs node_modules/shroud-privacy/dist
81
83
 
82
84
  Handshake (server writes on startup):
83
85
  ```json
84
- {"app":"1.0","engine":"shroud","version":"2.1.0","capabilities":["obfuscate","deobfuscate","batch","stats","health","configure","audit","partitions"]}
86
+ {"app":"1.0","engine":"shroud","version":"2.2.5","capabilities":["obfuscate","deobfuscate","batch","stats","health","configure","audit","partitions"]}
85
87
  ```
86
88
 
87
89
  Obfuscate:
@@ -213,8 +215,6 @@ Shroud registers tools that the LLM can call during conversations:
213
215
  | Tool | What it does |
214
216
  |------|-------------|
215
217
  | `shroud-stats` | Show all detection rules with status, confidence, hit counts, store size, and config summary |
216
- | `shroud_status` | Quick stats: entity counts, session info, audit status (JSON) |
217
- | `shroud_reset` | Clear all mappings and start a fresh privacy session |
218
218
 
219
219
  You can also run the stats CLI from the terminal:
220
220
 
@@ -297,7 +297,7 @@ Shroud includes a `ContextDetector` that wraps the regex engine with post-detect
297
297
  - **Proximity clustering**: When a name, email, and phone appear within 200 characters, each gets a confidence boost.
298
298
  - **Hostname propagation**: `hostname FCNETR1` in one place → bare `FCNETR1` detected everywhere in the text.
299
299
  - **Learned entities**: Hostnames and infra identifiers seen in previous messages are remembered and detected in future messages without requiring config-line context.
300
- - **Documentation filtering**: RFC 5737 TEST-NET IPs (192.0.2.x, 198.51.100.x, 203.0.113.x), RFC 3849 IPv6 doc prefix (`2001:db8::/32`), IPv6 loopback (`::1`), `example.com` emails, and well-known placeholders are automatically skipped.
300
+ - **Documentation filtering**: RFC 3849 IPv6 doc prefix (`2001:db8::/32`), IPv6 loopback (`::1`), `example.com` emails, and well-known placeholders are automatically skipped. RFC 5737 TEST-NET IPs (192.0.2.x, 198.51.100.x, 203.0.113.x) are obfuscated because they commonly appear in real configs as stand-in addresses.
301
301
  - **Public URL filtering**: URLs pointing to well-known public platforms (YouTube, GitHub, Wikipedia, Google, Reddit, Stack Overflow, npm, PyPI, Docker Hub, etc.) are never obfuscated — they aren't PII. Emails at these domains are still detected.
302
302
  - **Common word decay**: Words like `permit`, `deny`, `default` that happen to match patterns get 50% confidence reduction.
303
303
  - **Recursive deobfuscation**: Up to 3 passes for nested structures (fakes inside JSON-encoded strings).
@@ -374,7 +374,7 @@ APP is an open protocol for adding privacy obfuscation to any AI agent. Shroud i
374
374
  On startup, the server writes a single JSON line to stdout:
375
375
 
376
376
  ```json
377
- {"app":"1.0","engine":"shroud","version":"2.1.0","capabilities":["obfuscate","deobfuscate","batch","stats","health","configure","audit","partitions"]}
377
+ {"app":"1.0","engine":"shroud","version":"2.2.5","capabilities":["obfuscate","deobfuscate","batch","stats","health","configure","audit","partitions"]}
378
378
  ```
379
379
 
380
380
  The agent must read this line before sending requests. Fields:
@@ -509,6 +509,10 @@ The repo includes `.github/workflows/ci.yml` which runs lint + test + build on e
509
509
 
510
510
  `person_name`, `email`, `phone`, `ip_address`, `api_key`, `url`, `org_name`, `location`, `file_path`, `credit_card`, `ssn`, `mac_address`, `hostname`, `snmp_community`, `bgp_asn`, `network_credential`, `vlan_id`, `interface_desc`, `route_map`, `ospf_id`, `acl_name`, `iban`, `national_id`, `jwt`, `ics_identifier`, `gps_coordinate`, `certificate`, `custom`
511
511
 
512
+ ## Disclaimer
513
+
514
+ This software is provided "as is", without warranty of any kind, express or implied. Shroud uses regex-based detection which may not catch all sensitive data. It reduces PII exposure but does not eliminate it. See [SECURITY.md](SECURITY.md) for known limitations. The authors assume no responsibility for data leakage, compliance failures, or any damages arising from use of this software.
515
+
512
516
  ## License
513
517
 
514
518
  [Apache 2.0](LICENSE)
package/openclaw.plugin.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "id": "shroud-privacy",
3
3
  "name": "Shroud",
4
- "version": "2.2.3",
4
+ "version": "2.2.5",
5
5
  "description": "Privacy obfuscation with deterministic fake values and deobfuscation — PII never reaches the LLM, tool calls still work",
6
6
  "configSchema": {
7
7
  "type": "object",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shroud-privacy",
3
- "version": "2.2.4",
3
+ "version": "2.2.6",
4
4
  "description": "Privacy obfuscation for AI agents — detects PII and replaces with deterministic fake values before anything reaches the LLM. Works with OpenClaw (plugin) or any agent (APP protocol).",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",