npm - shroud-privacy - Versions diffs - 2.2.8 → 2.2.10 - Mend

shroud-privacy 2.2.8 → 2.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -77,16 +77,16 @@ Shroud does not guarantee compliance — regex-based detection has limitations (
 > **How it works:** Shroud intercepts ALL outbound LLM API calls (Anthropic, OpenAI, Google, any provider) at the `fetch` level and obfuscates detected entities in every message — including assistant history and Slack `<mailto:>` markup — before it leaves the process. On the response side, SSE streaming is deobfuscated per content block with buffered flushing. Every delivery path (Slack, WhatsApp, TUI, Telegram, Discord, Signal, web) gets real text automatically. Zero host patches required.
-> **Requires OpenClaw 2026.3.24 or later.**
+> **Requires OpenClaw 2026.3.22 or later.**
 ---
 ## Install
-### OpenClaw (2026.3.24+)
+### OpenClaw (2026.3.22+)
 ```bash
-openclaw --version    # ensure 2026.3.24+
+openclaw --version    # ensure 2026.3.22+
 openclaw plugins install shroud-privacy
 ```
@@ -127,7 +127,7 @@ node node_modules/shroud-privacy/app-server.mjs node_modules/shroud-privacy/dist
 Handshake (server writes on startup):
 ```json
-{"app":"1.0","engine":"shroud","version":"2.2.7","capabilities":["obfuscate","deobfuscate","batch","stats","health","configure","audit","partitions"]}
+{"app":"1.0","engine":"shroud","version":"2.2.9","capabilities":["obfuscate","deobfuscate","batch","stats","health","configure","audit","partitions"]}
 ```
 Obfuscate:
@@ -406,14 +406,36 @@ client.stop()
 ```bash
 npm install
-npm test          # all 3 suites: unit + harness + openclaw
-npm run test:unit      # vitest (819 tests)
-npm run test:integration  # APP harness (359 tests)
-npm run test:openclaw  # OpenClaw sandbox (14 tests)
-npm run build     # compile TypeScript
-npm run lint      # type-check without emitting
+npm run build               # compile TypeScript
+npm run lint                # type-check without emitting
+npm test                    # unit + harness (1,229 tests, no Docker)
+npm run test:docker         # Docker E2E — real OpenClaw, all channels (192 tests)
+npm run test:all            # everything (1,421 tests)
 ```
+### Test layers
+| Layer | Command | Tests | What it covers |
+|-------|---------|-------|---------------|
+| Unit | `npm run test:unit` | 870 | Obfuscator, detectors, generators, store, config |
+| APP Harness | `npm run test:integration` | 359 | 48 scenario files via mock LLM, no OpenClaw |
+| Docker E2E | `npm run test:docker` | 192 | Real OpenClaw gateway, Slack/WhatsApp/Cron/TUI channels, 153 regression scenarios |
+| Sandbox E2E | `run-compat.sh <ver> --sandbox` | +8 | Docker-in-Docker, sandboxed agent exec, tool call deobfuscation |
+Docker E2E runs inside an isolated container (`--internal` network, no external routing). Both OpenClaw and Shroud are installed from npm — the same path real users take. A single gateway process handles all tests via WebSocket RPC. Channel tests use mock servers with real SDK code paths (Slack via Bolt HTTP, WhatsApp via Baileys intercept).
+### OpenClaw compatibility matrix
+```bash
+bash compat/run-compat.sh latest           # test against latest OpenClaw
+bash compat/run-compat.sh latest --sandbox # include sandboxed agent exec tests
+bash compat/run-matrix.sh                  # interactive: current or current + last 3
+bash compat/run-matrix.sh --latest 3       # latest 3 versions
+bash compat/run-matrix.sh --parallel       # parallel execution
+```
+Supported versions are tracked in `compat/versions.json`. CI checks for new OpenClaw releases daily.
 ---
 ## Disclaimer

package/dist/detectors/context.js CHANGED Viewed

@@ -316,6 +316,13 @@ export class ContextDetector {
             "regex:device_name_dotted",
             "regex:device_name_short",
             "context:hostname_propagation",
+            // Network credentials — context-dependent detectors that need learning
+            // so bare values are re-detected in multi-turn assistant history
+            "regex:snmp_community",
+            "regex:prose_snmp_community",
+            "regex:bgp_neighbor_password",
+            "regex:cisco_enable_secret",
+            "regex:cisco_type7",
         ]);
         for (const e of entities) {
             if (e.confidence >= 0.80 &&

package/dist/detectors/regex.js CHANGED Viewed

@@ -42,6 +42,24 @@ const PUBLIC_DOMAINS = new Set([
     "w3.org",
     "archive.org",
 ]);
+/**
+ * Operational path prefixes — local system/workspace paths that agents need
+ * to function. These are NOT sensitive infrastructure to hide from the LLM.
+ */
+const OPERATIONAL_PATH_PREFIXES = [
+    "/home/", // user home directories (workspace, scripts, media)
+    "/tmp/", // temp files
+    "/proc/", // procfs
+    "/sys/", // sysfs
+    "/dev/", // devices
+    "/run/", // runtime data
+    "/snap/", // snap packages
+    "/root/", // root home
+    "/nix/", // nix store
+    // NOTE: /etc/, /usr/, /var/, /bin/, /sbin/, /lib/, /opt/ are NOT included —
+    // they may contain infrastructure config paths (nginx, systemd units, etc.)
+    // that should be obfuscated in network/OT contexts.
+];
 const DOC_HOSTNAMES = new Set([
     "localhost", "HOSTNAME", "EXAMPLE", "CHANGEME",
     "YOUR_HOST", "YOURHOST", "hostname", "example",
@@ -114,12 +132,18 @@ export function isDocExample(value, category) {
             // Private ASNs are real infra identifiers — don't skip them
             return false;
         case Category.FILE_PATH: {
-            // Skip paths that are clearly URL path components from public domains.
-            // e.g., /www.npmjs.com/package/shroud-privacy, /github.com/org/repo
-            // This is a safety net — the span fix in detect() should prevent these,
-            // but production environments may have edge cases we can't reproduce.
             if (value.startsWith("/")) {
                 const pathLower = value.toLowerCase();
+                // Skip operational/system paths — these are local workspace paths the
+                // agent needs to function, not sensitive infrastructure to hide from the LLM.
+                // Sensitive paths are things like /opt/network-configs/router.cfg on internal
+                // servers — those won't match these prefixes.
+                for (const pfx of OPERATIONAL_PATH_PREFIXES) {
+                    if (pathLower.startsWith(pfx))
+                        return true;
+                }
+                // Skip paths that are clearly URL path components from public domains.
+                // e.g., /www.npmjs.com/package/shroud-privacy, /github.com/org/repo
                 for (const d of PUBLIC_DOMAINS) {
                     if (pathLower.startsWith(`/${d}/`) || pathLower.startsWith(`/${d}`)
                         || pathLower.startsWith(`/www.${d}/`) || pathLower.startsWith(`/www.${d}`)) {
@@ -616,7 +640,11 @@ export const BUILTIN_PATTERNS = [
     },
     {
         name: "gps_coordinate",
-        pattern: /(?<!\w)-?\d{1,3}\.\d{4,8}[,\s]+-?\d{1,3}\.\d{4,8}(?!\w)/g,
+        // Require realistic lat/lon ranges: lat [-90,90], lon [-180,180].
+        // Must be comma-separated (not just whitespace — that matches too many
+        // false positives in financial data, ML weights, research metrics).
+        // Require 4-8 decimal places (GPS precision).
+        pattern: /(?<!\w)-?(?:[0-8]?\d(?:\.\d{4,8})|90(?:\.0{4,8}))\s*,\s*-?(?:1[0-7]\d(?:\.\d{4,8})|0?\d{1,2}(?:\.\d{4,8})|180(?:\.0{4,8}))(?!\w)/g,
         category: Category.GPS_COORDINATE,
         confidence: 0.85,
     },

package/openclaw.plugin.json CHANGED Viewed

@@ -1,33 +1,109 @@
 {
   "id": "shroud-privacy",
   "name": "Shroud",
-  "version": "2.2.8",
+  "version": "2.2.10",
   "description": "Privacy obfuscation with deterministic fake values and deobfuscation — PII never reaches the LLM, tool calls still work",
   "configSchema": {
     "type": "object",
     "additionalProperties": false,
     "properties": {
-      "secretKey": { "type": "string", "description": "HMAC secret for deterministic mapping. Auto-generated if empty." },
-      "persistentSalt": { "type": "string", "description": "Fixed salt for cross-session consistency. Empty = random per session." },
-      "minConfidence": { "type": "number", "minimum": 0, "maximum": 1, "default": 0, "description": "Minimum detector confidence to obfuscate" },
-      "allowlist": { "type": "array", "items": { "type": "string" }, "default": [], "description": "Values to never obfuscate (supports * and ? wildcards)" },
-      "denylist": { "type": "array", "items": { "type": "string" }, "default": [], "description": "Values to always obfuscate" },
-      "canaryEnabled": { "type": "boolean", "default": false, "description": "Inject tracking tokens to detect data leakage" },
-      "canaryPrefix": { "type": "string", "default": "SHROUD-CANARY", "description": "Prefix for canary tokens" },
-      "auditEnabled": { "type": "boolean", "default": false, "description": "Track obfuscation events with tamper-evident chain hashing" },
-      "verboseLogging": { "type": "boolean", "default": false, "description": "Alias for auditEnabled — enable verbose audit lines" },
-      "auditLogFormat": { "type": "string", "enum": ["human", "json"], "default": "human", "description": "Audit log output format" },
-      "auditIncludeProofHashes": { "type": "boolean", "default": false, "description": "Include salted SHA-256 proof hashes in audit lines" },
-      "auditHashSalt": { "type": "string", "default": "", "description": "Salt for proof hashes" },
-      "auditHashTruncate": { "type": "integer", "default": 12, "minimum": 4, "maximum": 64, "description": "Truncate proof hashes to N hex chars" },
-      "auditMaxFakesSample": { "type": "integer", "default": 0, "minimum": 0, "maximum": 20, "description": "Include up to N fake replacement values in audit log (0 = disabled)" },
+      "secretKey": {
+        "type": "string",
+        "description": "HMAC secret for deterministic mapping. Auto-generated if empty."
+      },
+      "persistentSalt": {
+        "type": "string",
+        "description": "Fixed salt for cross-session consistency. Empty = random per session."
+      },
+      "minConfidence": {
+        "type": "number",
+        "minimum": 0,
+        "maximum": 1,
+        "default": 0,
+        "description": "Minimum detector confidence to obfuscate"
+      },
+      "allowlist": {
+        "type": "array",
+        "items": {
+          "type": "string"
+        },
+        "default": [],
+        "description": "Values to never obfuscate (supports * and ? wildcards)"
+      },
+      "denylist": {
+        "type": "array",
+        "items": {
+          "type": "string"
+        },
+        "default": [],
+        "description": "Values to always obfuscate"
+      },
+      "canaryEnabled": {
+        "type": "boolean",
+        "default": false,
+        "description": "Inject tracking tokens to detect data leakage"
+      },
+      "canaryPrefix": {
+        "type": "string",
+        "default": "SHROUD-CANARY",
+        "description": "Prefix for canary tokens"
+      },
+      "auditEnabled": {
+        "type": "boolean",
+        "default": false,
+        "description": "Track obfuscation events with tamper-evident chain hashing"
+      },
+      "verboseLogging": {
+        "type": "boolean",
+        "default": false,
+        "description": "Alias for auditEnabled — enable verbose audit lines"
+      },
+      "auditLogFormat": {
+        "type": "string",
+        "enum": [
+          "human",
+          "json"
+        ],
+        "default": "human",
+        "description": "Audit log output format"
+      },
+      "auditIncludeProofHashes": {
+        "type": "boolean",
+        "default": false,
+        "description": "Include salted SHA-256 proof hashes in audit lines"
+      },
+      "auditHashSalt": {
+        "type": "string",
+        "default": "",
+        "description": "Salt for proof hashes"
+      },
+      "auditHashTruncate": {
+        "type": "integer",
+        "default": 12,
+        "minimum": 4,
+        "maximum": 64,
+        "description": "Truncate proof hashes to N hex chars"
+      },
+      "auditMaxFakesSample": {
+        "type": "integer",
+        "default": 0,
+        "minimum": 0,
+        "maximum": 20,
+        "description": "Include up to N fake replacement values in audit log (0 = disabled)"
+      },
       "detectorOverrides": {
         "type": "object",
         "additionalProperties": {
           "type": "object",
           "properties": {
-            "enabled": { "type": "boolean" },
-            "confidence": { "type": "number", "minimum": 0, "maximum": 1 }
+            "enabled": {
+              "type": "boolean"
+            },
+            "confidence": {
+              "type": "number",
+              "minimum": 0,
+              "maximum": 1
+            }
           }
         },
         "default": {},
@@ -38,27 +114,76 @@
         "items": {
           "type": "object",
           "properties": {
-            "name": { "type": "string" },
-            "pattern": { "type": "string" },
-            "category": { "type": "string" }
+            "name": {
+              "type": "string"
+            },
+            "pattern": {
+              "type": "string"
+            },
+            "category": {
+              "type": "string"
+            }
           },
-          "required": ["name", "pattern"]
+          "required": [
+            "name",
+            "pattern"
+          ]
         },
         "default": [],
         "description": "User-defined regex patterns for custom PII detection"
       },
-      "maxToolDepth": { "type": "integer", "default": 10, "minimum": 1, "maximum": 100, "description": "Max nested tool call depth before warning" },
-      "redactionLevel": { "type": "string", "enum": ["full", "masked", "stats"], "default": "full", "description": "Output mode: full (fake values), masked (partial masking), stats (category placeholders)" },
-      "dryRun": { "type": "boolean", "default": false, "description": "Detect entities but don't replace — useful for testing detection rules" },
-      "maxStoreMappings": { "type": "integer", "default": 0, "minimum": 0, "description": "Max mapping store size; oldest entries evicted when exceeded. 0 = unlimited." }
+      "maxToolDepth": {
+        "type": "integer",
+        "default": 10,
+        "minimum": 1,
+        "maximum": 100,
+        "description": "Max nested tool call depth before warning"
+      },
+      "redactionLevel": {
+        "type": "string",
+        "enum": [
+          "full",
+          "masked",
+          "stats"
+        ],
+        "default": "full",
+        "description": "Output mode: full (fake values), masked (partial masking), stats (category placeholders)"
+      },
+      "dryRun": {
+        "type": "boolean",
+        "default": false,
+        "description": "Detect entities but don't replace — useful for testing detection rules"
+      },
+      "maxStoreMappings": {
+        "type": "integer",
+        "default": 0,
+        "minimum": 0,
+        "description": "Max mapping store size; oldest entries evicted when exceeded. 0 = unlimited."
+      }
     }
   },
   "uiHints": {
-    "secretKey": { "label": "Secret Key", "help": "HMAC secret for deterministic mapping. Auto-generated if empty.", "sensitive": true },
-    "persistentSalt": { "label": "Persistent Salt", "help": "Fixed salt for cross-session mapping consistency." },
-    "minConfidence": { "label": "Min Confidence", "help": "Detection confidence threshold (0.0-1.0)" },
-    "canaryEnabled": { "label": "Enable Canary Tokens", "help": "Inject tracking tokens to detect PII leakage" },
-    "auditEnabled": { "label": "Enable Audit Log", "help": "Tamper-evident obfuscation event tracking" }
+    "secretKey": {
+      "label": "Secret Key",
+      "help": "HMAC secret for deterministic mapping. Auto-generated if empty.",
+      "sensitive": true
+    },
+    "persistentSalt": {
+      "label": "Persistent Salt",
+      "help": "Fixed salt for cross-session mapping consistency."
+    },
+    "minConfidence": {
+      "label": "Min Confidence",
+      "help": "Detection confidence threshold (0.0-1.0)"
+    },
+    "canaryEnabled": {
+      "label": "Enable Canary Tokens",
+      "help": "Inject tracking tokens to detect PII leakage"
+    },
+    "auditEnabled": {
+      "label": "Enable Audit Log",
+      "help": "Tamper-evident obfuscation event tracking"
+    }
   },
   "enterpriseAgent": {
     "adapter": "ncg_adapter.py",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "shroud-privacy",
-  "version": "2.2.8",
+  "version": "2.2.10",
   "description": "Privacy and infrastructure protection for AI agents — detects sensitive data (PII, network topology, credentials, OT/SCADA) and replaces with deterministic fakes before anything reaches the LLM.",
   "type": "module",
   "main": "dist/index.js",
@@ -19,11 +19,11 @@
   },
   "scripts": {
     "build": "tsc",
-    "test": "npm run test:unit && npm run test:integration; npm run test:openclaw",
+    "test": "npm run test:unit && npm run test:integration",
     "test:unit": "vitest run",
     "test:integration": "node tests/harness/run.mjs",
-    "test:openclaw": "node tests/harness/run.mjs --openclaw",
-    "test:all": "npm run test:unit && npm run test:integration && npm run test:openclaw",
+    "test:docker": "bash compat/run-compat.sh latest",
+    "test:all": "npm run test:unit && npm run test:integration && npm run test:docker",
     "test:watch": "vitest",
     "lint": "tsc --noEmit",
     "prepublishOnly": "npm run lint && npm run test:unit && npm run test:integration && npm run build"