npm - squad-openclaw - Versions diffs - 2026.2.2019 → 2026.2.2021 - Mend

squad-openclaw 2026.2.2019 → 2026.2.2021

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -10,6 +10,7 @@ OpenClaw gateway plugin for [Squad](https://squad.ceo) — provides entity regis
 | `fs_read`, `fs_write`, `fs_list`, `fs_delete`, `fs_rename`, `fs_mkdir` | Remote filesystem access for browser clients (subject to security restrictions below) |
 | `sql_query` | Restricted SQLite query tool — `sqlite3` only, scoped to `~/.openclaw/squad-ceo-data/` |
 | `squad.version.check`, `squad.version.update` | Plugin version management and self-update |
+| `squad.agents.set-identity`, `squad.agents.patch-config` | Gateway-native, surgical agent config updates (identity/tools/skills/default/model only) |
 | `tools.invoke` | RPC-based tool invocation for relay mode — **only invokes this plugin's own tools**, each with its own security restrictions (see below) |
 | Cloud relay client | Connects outbound to `relay.squad.ceo` for remote browser access. **Only activates when a claim token or room ID exists** (see Relay Security below) |
@@ -101,15 +102,22 @@ Filesystem operations are restricted to configured root directories. By default,
 Operators can customize via the `fs.allowedRoots` config option.
-### Layer 4: Write Protection (hardcoded, non-configurable)
+### Layer 4: Filesystem Write Protection + Surgical Gateway Mutations
-These files/directories cannot be written to, even if they fall within `allowedRoots`:
+These files/directories cannot be written via filesystem tools (`fs_write`, `fs_rename`, etc.), even if they fall within `allowedRoots`:
-- `~/.openclaw/openclaw.json` — operator configuration (read-only with redaction)
+- `~/.openclaw/openclaw.json` — operator configuration (tool-level read-only with redaction)
 - `~/.openclaw/squad-ceo-data/relay/squad-relay.json` — relay device private key
 - All blocked directories above (credentials, devices, identity)
 - All `.bak` files at `~/.openclaw/` top level
+For agent editing UX, this plugin also exposes **whitelisted gateway RPC mutators** that call `config.get` + `config.patch` inside the gateway process (single-writer path):
+- `squad.agents.set-identity` — writes only `agents.list[].identity.{name,emoji,theme}`
+- `squad.agents.patch-config` — writes only `agents.list[].{tools,skills,default,model}`
+These methods do **not** permit arbitrary file writes and do not expose credentials. They are intentionally narrow so the UI can update agent metadata safely without direct `openclaw.json` filesystem writes.
 ## Relay Security
 The cloud relay enables remote browser access to the gateway through `relay.squad.ceo`. This section explains the full architecture for security reviewers.

package/dist/index.d.ts CHANGED Viewed

@@ -1,37 +1,3 @@
-/**
- * squad-openclaw — OpenClaw gateway plugin for Squad
- *
- * Provides:
- *   - In-memory entity registry with filesystem watching (entity_list, entity_search, entity_sync)
- *   - Filesystem tools for remote clients (fs_read, fs_write, fs_list, fs_delete, fs_rename)
- *   - Restricted SQL query tool (sql_query) — sqlite3 only, squad-ceo-data/ only
- *   - Version check and self-update gateway methods (squad.version.*)
- *   - Cloud relay client for remote browser access (relay-client)
- *
- * ┌──────────────────────────────────────────────────────────────────────────┐
- * │  SECURITY POLICY — Credential Protection                                │
- * │                                                                         │
- * │  This plugin enforces hard-coded security rules in filesystem.ts:       │
- * │                                                                         │
- * │  BLOCKED directories (no read, write, list, delete, or rename):         │
- * │    • ~/.openclaw/credentials/                                           │
- * │    • ~/.openclaw/devices/                                               │
- * │    • ~/.openclaw/identity/                                              │
- * │                                                                         │
- * │  REDACTED on read (sensitive fields replaced with "[REDACTED]"):       │
- * │    • ~/.openclaw/openclaw.json → channel.*.botToken                    │
- * │    • ~/.openclaw/openclaw.json → gateway.auth.*                        │
- * │    • squad-ceo-data/relay/squad-relay.json → deviceKeys.privateKeyPem   │
- * │                                                                         │
- * │  WRITE-PROTECTED (no writes, deletes, or renames):                      │
- * │    • ~/.openclaw/openclaw.json                                          │
- * │    • squad-ceo-data/relay/squad-relay.json                               │
- * │    • All blocked directories above                                      │
- * │                                                                         │
- * │  The bundle is NOT minified to allow security auditing of the           │
- * │  distributed code. See tsup.config.ts for build configuration.          │
- * └──────────────────────────────────────────────────────────────────────────┘
- */
 declare function squadAppPlugin(api: any): void;
 export { squadAppPlugin as default };