tweek 0.1.0__py3-none-any.whl → 0.2.0__py3-none-any.whl

tweek/integrations/openclaw_server.py

@@ -0,0 +1,385 @@
+#!/usr/bin/env python3
+"""
+Tweek OpenClaw Scanning Server
+
+HTTP server exposing Tweek's security scanning pipeline for the OpenClaw
+Gateway plugin. Runs on localhost and provides endpoints for skill scanning,
+tool screening, output scanning, and fingerprint management.
+
+Endpoints:
+    POST /scan               — Run 7-layer SkillScanner on a skill directory
+    POST /screen             — Screen a tool call (pre-execution)
+    POST /output             — Scan tool output (post-execution)
+    POST /fingerprint/check  — Check if skill is known/approved
+    POST /fingerprint/register — Register approved skill hash
+    GET  /health             — Server health + scanner status
+    GET  /report/<skill>     — Retrieve scan report
+
+Usage:
+    python -m tweek.integrations.openclaw_server [--port 9878]
+"""
+
+import json
+import os
+import sys
+from http.server import HTTPServer, BaseHTTPRequestHandler
+from pathlib import Path
+from typing import Any, Dict, Optional
+from urllib.parse import urlparse
+
+# Default port for the OpenClaw scanning server
+DEFAULT_PORT = 9878
+
+
+def _scan_skill(skill_dir: str) -> Dict[str, Any]:
+    """
+    Run the 7-layer SkillScanner on a skill directory.
+
+    Args:
+        skill_dir: Path to the directory containing SKILL.md
+
+    Returns:
+        Scan report as a JSON-serializable dict
+    """
+    from tweek.skills.scanner import SkillScanner
+
+    scanner = SkillScanner()
+    report = scanner.scan(Path(skill_dir))
+
+    return {
+        "verdict": report.verdict,
+        "risk_level": report.risk_level,
+        "skill_name": report.skill_name,
+        "layers_passed": report.layers_passed,
+        "layers_total": report.layers_total,
+        "findings": [
+            {
+                "layer": f.layer,
+                "severity": f.severity,
+                "description": f.description,
+                "matched_text": getattr(f, "matched_text", ""),
+            }
+            for f in report.findings
+        ],
+        "severity_counts": {
+            "critical": report.critical_count,
+            "high": report.high_count,
+            "medium": report.medium_count,
+            "low": report.low_count,
+        },
+        "report_path": str(report.report_path) if report.report_path else None,
+    }
+
+
+def _screen_tool(tool: str, input_data: Dict, tier: str = "default") -> Dict[str, Any]:
+    """
+    Screen a tool call through Tweek's pattern matcher and LLM reviewer.
+
+    Args:
+        tool: Tool name (e.g., "bash", "file_write", "web_fetch")
+        input_data: Tool input parameters
+        tier: Security tier ("safe", "default", "risky", "dangerous")
+
+    Returns:
+        Screening decision dict
+    """
+    from tweek.hooks.pre_tool_use import process_hook
+    from unittest.mock import MagicMock
+
+    logger = MagicMock()
+    logger.log_quick = MagicMock()
+
+    # Build the hook input matching Tweek's expected format
+    command = ""
+    if tool == "bash":
+        command = input_data.get("command", "")
+    elif tool in ("file_write", "Write"):
+        command = input_data.get("content", "") or input_data.get("file_path", "")
+    elif tool in ("web_fetch", "WebFetch"):
+        command = input_data.get("url", "") or input_data.get("prompt", "")
+    else:
+        command = json.dumps(input_data)[:500]
+
+    hook_input = {
+        "tool_name": tool,
+        "tool_input": input_data,
+    }
+
+    try:
+        result = process_hook(hook_input, logger)
+        decision = result.get("hookSpecificOutput", {}).get("permissionDecision", "allow")
+        reason = result.get("hookSpecificOutput", {}).get("permissionDecisionReason", "")
+
+        return {
+            "decision": decision,
+            "reason": reason,
+            "tool": tool,
+            "tier": tier,
+        }
+    except Exception as e:
+        return {
+            "decision": "allow",
+            "reason": f"Screening error: {e}",
+            "tool": tool,
+            "tier": tier,
+            "error": str(e),
+        }
+
+
+def _scan_output(content: str) -> Dict[str, Any]:
+    """
+    Scan tool output for credential leakage and exfiltration attempts.
+
+    Args:
+        content: Tool output text to scan
+
+    Returns:
+        Scanning result dict
+    """
+    from tweek.hooks.post_tool_use import process_hook
+
+    input_data = {
+        "tool_name": "Read",
+        "tool_input": {"file_path": "/virtual/openclaw-output.txt"},
+        "tool_response": content,
+    }
+
+    try:
+        result = process_hook(input_data)
+        if result.get("decision") == "block":
+            return {
+                "blocked": True,
+                "reason": result.get("reason", ""),
+            }
+    except Exception as e:
+        return {"blocked": False, "error": f"Output scanning error: {e}"}
+
+    return {"blocked": False}
+
+
+def _check_fingerprint(skill_path: str) -> Dict[str, Any]:
+    """
+    Check if a skill is known/approved via fingerprint.
+
+    Args:
+        skill_path: Absolute path to the SKILL.md file
+
+    Returns:
+        Fingerprint status dict
+    """
+    from tweek.skills.fingerprints import get_fingerprints
+
+    fps = get_fingerprints()
+    known = fps.is_known(Path(skill_path))
+
+    return {
+        "known": known,
+        "path": skill_path,
+    }
+
+
+def _register_fingerprint(
+    skill_path: str, verdict: str, report_path: Optional[str] = None
+) -> Dict[str, Any]:
+    """
+    Register a skill's fingerprint after approval.
+
+    Args:
+        skill_path: Absolute path to the SKILL.md file
+        verdict: Scan verdict ("pass", "manual_review", "fail")
+        report_path: Optional path to the scan report
+
+    Returns:
+        Registration result dict
+    """
+    from tweek.skills.fingerprints import get_fingerprints
+
+    fps = get_fingerprints()
+    fps.register(Path(skill_path), verdict=verdict, report_path=report_path)
+
+    return {
+        "registered": True,
+        "path": skill_path,
+        "verdict": verdict,
+    }
+
+
+def _get_report(skill_name: str) -> Dict[str, Any]:
+    """
+    Retrieve the most recent scan report for a skill.
+
+    Args:
+        skill_name: Name of the skill
+
+    Returns:
+        Report dict or error
+    """
+    from tweek.skills import REPORTS_DIR
+
+    # Find the most recent report for this skill
+    reports = sorted(
+        REPORTS_DIR.glob(f"{skill_name}-*.json"),
+        key=lambda p: p.stat().st_mtime,
+        reverse=True,
+    )
+
+    if not reports:
+        return {"error": f"No report found for skill: {skill_name}"}
+
+    try:
+        with open(reports[0]) as f:
+            report_data = json.load(f)
+        report_data["report_path"] = str(reports[0])
+        return report_data
+    except (json.JSONDecodeError, IOError) as e:
+        return {"error": f"Failed to read report: {e}"}
+
+
+class OpenClawScanHandler(BaseHTTPRequestHandler):
+    """HTTP request handler for the OpenClaw scanning server."""
+
+    def do_GET(self):
+        parsed = urlparse(self.path)
+
+        if parsed.path == "/health":
+            self._respond(200, {
+                "status": "ok",
+                "service": "tweek-openclaw-scanner",
+                "port": self.server.server_address[1],
+            })
+        elif parsed.path.startswith("/report/"):
+            skill_name = parsed.path[len("/report/"):]
+            if not skill_name:
+                self._respond(400, {"error": "Missing skill name"})
+                return
+            result = _get_report(skill_name)
+            status = 200 if "error" not in result else 404
+            self._respond(status, result)
+        else:
+            self._respond(404, {"error": "Not found"})
+
+    def do_POST(self):
+        parsed = urlparse(self.path)
+        data = self._read_json()
+        if data is None:
+            return  # Error already sent
+
+        if parsed.path == "/scan":
+            skill_dir = data.get("skill_dir", "")
+            if not skill_dir:
+                self._respond(400, {"error": "Missing 'skill_dir' field"})
+                return
+            if not Path(skill_dir).exists():
+                self._respond(400, {"error": f"Directory not found: {skill_dir}"})
+                return
+            result = _scan_skill(skill_dir)
+            self._respond(200, result)
+
+        elif parsed.path == "/screen":
+            tool = data.get("tool", "")
+            input_data = data.get("input", {})
+            tier = data.get("tier", "default")
+            if not tool:
+                self._respond(400, {"error": "Missing 'tool' field"})
+                return
+            result = _screen_tool(tool, input_data, tier)
+            self._respond(200, result)
+
+        elif parsed.path == "/output":
+            content = data.get("content", "")
+            if not content:
+                self._respond(400, {"error": "Missing 'content' field"})
+                return
+            result = _scan_output(content)
+            self._respond(200, result)
+
+        elif parsed.path == "/fingerprint/check":
+            path = data.get("path", "")
+            if not path:
+                self._respond(400, {"error": "Missing 'path' field"})
+                return
+            result = _check_fingerprint(path)
+            self._respond(200, result)
+
+        elif parsed.path == "/fingerprint/register":
+            path = data.get("path", "")
+            verdict = data.get("verdict", "")
+            if not path or not verdict:
+                self._respond(400, {"error": "Missing 'path' or 'verdict' field"})
+                return
+            report_path = data.get("report_path")
+            result = _register_fingerprint(path, verdict, report_path)
+            self._respond(200, result)
+
+        else:
+            self._respond(404, {"error": "Not found"})
+
+    def _read_json(self) -> Optional[Dict]:
+        """Read and parse JSON from request body."""
+        try:
+            content_length = int(self.headers.get("Content-Length", 0))
+            body = self.rfile.read(content_length)
+            return json.loads(body)
+        except (json.JSONDecodeError, ValueError) as e:
+            self._respond(400, {"error": f"Invalid JSON: {e}"})
+            return None
+
+    def _respond(self, status: int, data: dict):
+        """Send a JSON response."""
+        self.send_response(status)
+        self.send_header("Content-Type", "application/json")
+        self.send_header("Access-Control-Allow-Origin", "http://127.0.0.1")
+        self.end_headers()
+        self.wfile.write(json.dumps(data).encode())
+
+    def log_message(self, format, *args):
+        """Custom log format for the scanning server."""
+        sys.stderr.write(
+            f"[Tweek Scanner] {self.address_string()} - {format % args}\n"
+        )
+
+
+def run_server(port: int = DEFAULT_PORT):
+    """Start the OpenClaw scanning server."""
+    # Load .env if available
+    try:
+        from tweek.utils.env import load_env
+        load_env()
+    except ImportError:
+        # Manual fallback
+        env_path = Path.home() / ".tweek" / ".env"
+        if not env_path.exists():
+            env_path = Path(__file__).parent.parent.parent / ".env"
+        if env_path.exists():
+            for line in env_path.read_text().splitlines():
+                line = line.strip()
+                if not line or line.startswith("#") or "=" not in line:
+                    continue
+                key, value = line.split("=", 1)
+                os.environ.setdefault(key.strip(), value.strip().strip("'\""))
+
+    # Bind to loopback only — never expose to the network
+    server = HTTPServer(("127.0.0.1", port), OpenClawScanHandler)
+    print(f"Tweek OpenClaw Scanning Server running on http://127.0.0.1:{port}")
+    print(f"  POST /scan               — Scan a skill directory (7-layer)")
+    print(f"  POST /screen             — Screen a tool call")
+    print(f"  POST /output             — Scan tool output")
+    print(f"  POST /fingerprint/check  — Check skill fingerprint")
+    print(f"  POST /fingerprint/register — Register approved skill")
+    print(f"  GET  /health             — Health check")
+    print(f"  GET  /report/<skill>     — Retrieve scan report")
+    print(f"Press Ctrl+C to stop.")
+    try:
+        server.serve_forever()
+    except KeyboardInterrupt:
+        print("\nShutting down.")
+        server.shutdown()
+
+
+if __name__ == "__main__":
+    import argparse
+    parser = argparse.ArgumentParser(description="Tweek OpenClaw Scanning Server")
+    parser.add_argument("--port", type=int, default=DEFAULT_PORT,
+                        help=f"Port to listen on (default: {DEFAULT_PORT})")
+    args = parser.parse_args()
+    run_server(args.port)

tweek/licensing.py

@@ -29,9 +29,10 @@ from typing import Callable, Optional, List
 # Thread lock for singleton pattern
 _license_lock = threading.Lock()
 
-# License key secret - in production, this would be more secure
-# This is used to validate license keys were issued by Tweek
-LICENSE_SECRET = os.environ.get("TWEEK_LICENSE_SECRET", "tweek-2025-license-secret")
+# License key secret — no hardcoded fallback for security.
+# Set TWEEK_LICENSE_SECRET env var. Without it, license validation
+# will fail (free tier still works, only paid license verification affected).
+LICENSE_SECRET = os.environ.get("TWEEK_LICENSE_SECRET", "")
 
 LICENSE_FILE = Path.home() / ".tweek" / "license.key"
 
@@ -73,7 +74,7 @@ class LicenseInfo:
 # Only compliance and team management features require a license.
 TIER_FEATURES = {
     Tier.FREE: [
-        "pattern_matching",       # All 116 patterns included free
+        "pattern_matching",       # All 215 patterns included free
         "basic_logging",
         "vault_storage",
         "cli_commands",
@@ -162,12 +163,18 @@ class License:
 
             payload_b64, signature = key.rsplit(".", 1)
 
-            # Verify signature
-            expected_sig = hmac.new(
+            # Fail closed: reject all license validation when secret is not configured
+            if not LICENSE_SECRET:
+                logger.debug("LICENSE_SECRET not configured — cannot validate licenses")
+                return None
+
+            # Verify signature (accept both full and legacy truncated signatures)
+            full_sig = hmac.new(
                 LICENSE_SECRET.encode(),
                 payload_b64.encode(),
                 hashlib.sha256
-            ).hexdigest()[:32]
+            ).hexdigest()
+            expected_sig = full_sig if len(signature) > 32 else full_sig[:32]
 
             if not hmac.compare_digest(signature, expected_sig):
                 return None
@@ -349,50 +356,3 @@ def require_feature(feature: str) -> Callable:
             return func(*args, **kwargs)
         return wrapper
     return decorator
-
-
-# ============================================================
-# License Key Generation (for internal/admin use)
-# ============================================================
-
-def generate_license_key(
-    tier: Tier,
-    email: str,
-    expires_at: Optional[int] = None,
-    features: Optional[List[str]] = None,
-) -> str:
-    """
-    Generate a license key.
-
-    This is an admin function - in production, this would be
-    on a separate license server, not in the client code.
-
-    Args:
-        tier: License tier
-        email: Customer email
-        expires_at: Expiration timestamp (None = never)
-        features: Additional feature flags
-
-    Returns:
-        License key string
-    """
-    import base64
-
-    payload = {
-        "tier": tier.value,
-        "email": email,
-        "issued_at": int(time.time()),
-        "expires_at": expires_at,
-        "features": features or [],
-    }
-
-    payload_json = json.dumps(payload, separators=(",", ":"))
-    payload_b64 = base64.b64encode(payload_json.encode()).decode()
-
-    signature = hmac.new(
-        LICENSE_SECRET.encode(),
-        payload_b64.encode(),
-        hashlib.sha256
-    ).hexdigest()[:32]
-
-    return f"{payload_b64}.{signature}"

tweek/logging/bundle.py

@@ -170,7 +170,7 @@ class BundleCollector:
     def collect_system_info(self) -> Dict[str, Any]:
         """Collect platform and version information."""
         info = {
-            "timestamp": datetime.utcnow().isoformat() + "Z",
+            "timestamp": datetime.now(tz=None).isoformat() + "Z",
             "platform": {
                 "system": platform.system(),
                 "release": platform.release(),
@@ -284,7 +284,7 @@ class BundleCollector:
             # Manifest
             manifest = {
                 "bundle_version": "1.0",
-                "created_at": datetime.utcnow().isoformat() + "Z",
+                "created_at": datetime.now(tz=None).isoformat() + "Z",
                 "redacted": self.redact,
                 "days_filter": self.days,
                 "files": self._collected,

tweek/logging/security_log.py

@@ -7,13 +7,15 @@ Logs all tool/skill invocations, screening decisions, and user responses.
 
 Database location: ~/.tweek/security.db
 
-Includes log redaction for sensitive data based on moltbot's security hardening.
+Includes log redaction for sensitive data based on OpenClaw's security hardening.
 """
+from __future__ import annotations
 
 import json
 import os
 import re
 import sqlite3
+import threading
 from contextlib import contextmanager
 from dataclasses import dataclass, asdict
 from datetime import datetime
@@ -26,7 +28,7 @@ class LogRedactor:
     """
     Redacts sensitive information from log data.
 
-    Based on moltbot's log-redaction security feature.
+    Based on OpenClaw's log-redaction security feature.
     Ensures secrets, tokens, and credentials are never written to logs.
     """
 
@@ -164,8 +166,8 @@ class LogRedactor:
                 for sensitive in self.SENSITIVE_KEYS
             )
 
-            if is_sensitive and isinstance(value, str):
-                # Redact the entire value
+            if is_sensitive:
+                # Redact entire value for sensitive keys, regardless of type
                 result[key] = "***REDACTED***"
             elif isinstance(value, str):
                 # Apply pattern-based redaction
@@ -222,13 +224,16 @@ class LogRedactor:
 
 # Singleton redactor instance
 _redactor: Optional[LogRedactor] = None
+_redactor_lock = threading.Lock()
 
 
 def get_redactor(enabled: bool = True) -> LogRedactor:
     """Get the singleton log redactor instance."""
     global _redactor
     if _redactor is None:
-        _redactor = LogRedactor(enabled=enabled)
+        with _redactor_lock:
+            if _redactor is None:
+                _redactor = LogRedactor(enabled=enabled)
     return _redactor
 
 
@@ -271,6 +276,23 @@ class EventType(Enum):
     # Proxy events
     PROXY_EVENT = "proxy_event"             # HTTP proxy request screening
 
+    # Skill isolation chamber events
+    SKILL_CHAMBER_INTAKE = "skill_chamber_intake"       # Skill placed in chamber
+    SKILL_SCAN_COMPLETE = "skill_scan_complete"         # Scan pipeline finished
+    SKILL_APPROVED = "skill_approved"                   # Skill approved and installed
+    SKILL_JAILED = "skill_jailed"                       # Skill quarantined to jail
+    SKILL_MANUAL_REVIEW = "skill_manual_review"         # Skill requires human review
+    SKILL_INSTALL_BLOCKED = "skill_install_blocked"     # Direct install attempt blocked
+
+    # Project sandbox events
+    SANDBOX_PROJECT_INIT = "sandbox_project_init"       # Project .tweek/ created
+    SANDBOX_LAYER_CHANGE = "sandbox_layer_change"       # Project isolation layer changed
+    SANDBOX_MERGE_VIOLATION = "sandbox_merge_violation"  # Project tried to weaken global
+
+    # Enforcement events
+    BREAK_GLASS = "break_glass"                         # Emergency override of hard block
+    FALSE_POSITIVE_REPORT = "false_positive_report"     # User reported false positive
+
     # System events
     HEALTH_CHECK = "health_check"           # Diagnostic check results
     STARTUP = "startup"                     # System initialization
@@ -319,6 +341,12 @@ class SecurityLogger:
     def _ensure_db_exists(self):
         """Create database and tables if they don't exist."""
         self.db_path.parent.mkdir(parents=True, exist_ok=True)
+        # Harden directory permissions - security logs should be private
+        try:
+            import os
+            os.chmod(self.db_path.parent, 0o700)
+        except OSError:
+            pass
 
         with self._get_connection() as conn:
             # Create table first (without views that reference new columns)
@@ -421,14 +449,26 @@ class SecurityLogger:
 
     @contextmanager
     def _get_connection(self):
-        """Get a database connection with proper cleanup."""
-        conn = sqlite3.connect(str(self.db_path))
-        conn.row_factory = sqlite3.Row
+        """Get a database connection, reusing persistent connection when possible."""
+        if not hasattr(self, '_conn') or self._conn is None:
+            self._conn = sqlite3.connect(
+                str(self.db_path),
+                timeout=5,  # Wait up to 5s for locks (matches approval.py)
+            )
+            self._conn.row_factory = sqlite3.Row
+            # Enable WAL mode for concurrent access from multiple hook processes
+            self._conn.execute("PRAGMA journal_mode=WAL")
         try:
-            yield conn
-            conn.commit()
-        finally:
-            conn.close()
+            yield self._conn
+            self._conn.commit()
+        except Exception:
+            # On error, close and reset so next call gets a fresh connection
+            try:
+                self._conn.close()
+            except Exception:
+                pass
+            self._conn = None
+            raise
 
     def log(self, event: SecurityEvent) -> int:
         """Log a security event with automatic redaction of sensitive data.
@@ -728,6 +768,7 @@ class SecurityLogger:
 
 # Singleton instance for easy access
 _logger: Optional[SecurityLogger] = None
+_logger_lock = threading.Lock()
 
 
 def get_logger(redact_logs: bool = True) -> SecurityLogger:
@@ -741,5 +782,7 @@ def get_logger(redact_logs: bool = True) -> SecurityLogger:
     """
     global _logger
     if _logger is None:
-        _logger = SecurityLogger(redact_logs=redact_logs)
+        with _logger_lock:
+            if _logger is None:
+                _logger = SecurityLogger(redact_logs=redact_logs)
     return _logger