feat: refactor project structure + add pcguard + AGENT_VERIFY injection
- Restructure: pcexec/ and safe-restart/ → plugin/{tools,core,commands}
- New pcguard Go binary: validates AGENT_VERIFY, AGENT_ID, AGENT_WORKSPACE
- pcexec now injects AGENT_VERIFY env + appends openclaw bin to PATH
- plugin/index.ts: unified TypeScript entry point with resolveOpenclawPath()
- install.mjs: support --openclaw-profile-path, install pcguard, new paths
- README: updated structure docs + security limitations note
- Removed old root index.js and openclaw.plugin.json
This commit is contained in:
128
plugin/index.ts
Normal file
128
plugin/index.ts
Normal file
@@ -0,0 +1,128 @@
|
||||
// PaddedCell Plugin for OpenClaw
|
||||
// Registers pcexec and safe_restart tools
|
||||
|
||||
import { pcexec, pcexecSync } from './tools/pcexec';
|
||||
import {
|
||||
safeRestart,
|
||||
createSafeRestartTool,
|
||||
StatusManager,
|
||||
createApiServer,
|
||||
startApiServer,
|
||||
} from './core/index';
|
||||
import { SlashCommandHandler } from './commands/slash-commands';
|
||||
|
||||
/** Sentinel value injected into every pcexec subprocess */
|
||||
const AGENT_VERIFY = 'IF YOU ARE AN AGENT/MODEL, YOU SHOULD NEVER TOUCH THIS ENV VARIABLE';
|
||||
|
||||
/**
|
||||
* Resolve the openclaw base path.
|
||||
* Priority: explicit config → $OPENCLAW_PATH → ~/.openclaw
|
||||
*/
|
||||
function resolveOpenclawPath(config?: { openclawProfilePath?: string }): string {
|
||||
if (config?.openclawProfilePath) return config.openclawProfilePath;
|
||||
if (process.env.OPENCLAW_PATH) return process.env.OPENCLAW_PATH;
|
||||
const home = process.env.HOME || require('os').homedir();
|
||||
return require('path').join(home, '.openclaw');
|
||||
}
|
||||
|
||||
// Plugin registration function
|
||||
function register(api: any, config?: any) {
|
||||
const logger = api.logger || { info: console.log, error: console.error };
|
||||
|
||||
logger.info('PaddedCell plugin initializing...');
|
||||
|
||||
const openclawPath = resolveOpenclawPath(config);
|
||||
const binDir = require('path').join(openclawPath, 'bin');
|
||||
|
||||
// Register pcexec tool — pass a FACTORY function that receives context
|
||||
api.registerTool((ctx: any) => {
|
||||
const agentId = ctx.agentId;
|
||||
const workspaceDir = ctx.workspaceDir;
|
||||
|
||||
return {
|
||||
name: 'pcexec',
|
||||
description: 'Safe exec with password sanitization',
|
||||
parameters: {
|
||||
type: 'object',
|
||||
properties: {
|
||||
command: { type: 'string', description: 'Command to execute' },
|
||||
cwd: { type: 'string', description: 'Working directory' },
|
||||
timeout: { type: 'number', description: 'Timeout in milliseconds' },
|
||||
},
|
||||
required: ['command'],
|
||||
},
|
||||
async execute(_id: string, params: any) {
|
||||
const command = params.command;
|
||||
if (!command) {
|
||||
throw new Error('Missing required parameter: command');
|
||||
}
|
||||
|
||||
// Build PATH with openclaw bin dir appended
|
||||
const currentPath = process.env.PATH || '';
|
||||
const newPath = currentPath.includes(binDir)
|
||||
? currentPath
|
||||
: `${currentPath}:${binDir}`;
|
||||
|
||||
const result = await pcexec(command, {
|
||||
cwd: params.cwd || workspaceDir,
|
||||
timeout: params.timeout,
|
||||
env: {
|
||||
AGENT_ID: agentId || '',
|
||||
AGENT_WORKSPACE: workspaceDir || '',
|
||||
AGENT_VERIFY,
|
||||
PATH: newPath,
|
||||
},
|
||||
});
|
||||
|
||||
// Format output for OpenClaw tool response
|
||||
let output = result.stdout;
|
||||
if (result.stderr) {
|
||||
output += result.stderr;
|
||||
}
|
||||
return { content: [{ type: 'text', text: output }] };
|
||||
},
|
||||
};
|
||||
});
|
||||
|
||||
// Register safe_restart tool
|
||||
api.registerTool((ctx: any) => {
|
||||
const agentId = ctx.agentId;
|
||||
const sessionKey = ctx.sessionKey;
|
||||
|
||||
return {
|
||||
name: 'safe_restart',
|
||||
description: 'Safe coordinated restart of OpenClaw gateway',
|
||||
parameters: {
|
||||
type: 'object',
|
||||
properties: {
|
||||
rollback: { type: 'string', description: 'Rollback script path' },
|
||||
log: { type: 'string', description: 'Log file path' },
|
||||
},
|
||||
},
|
||||
async execute(_id: string, params: any) {
|
||||
return await safeRestart({
|
||||
agentId,
|
||||
sessionKey,
|
||||
rollback: params.rollback,
|
||||
log: params.log,
|
||||
});
|
||||
},
|
||||
};
|
||||
});
|
||||
|
||||
logger.info('PaddedCell plugin initialized');
|
||||
}
|
||||
|
||||
// CommonJS export for OpenClaw
|
||||
module.exports = { register };
|
||||
|
||||
// Also export individual modules for direct use
|
||||
module.exports.pcexec = pcexec;
|
||||
module.exports.pcexecSync = pcexecSync;
|
||||
module.exports.safeRestart = safeRestart;
|
||||
module.exports.createSafeRestartTool = createSafeRestartTool;
|
||||
module.exports.StatusManager = StatusManager;
|
||||
module.exports.createApiServer = createApiServer;
|
||||
module.exports.startApiServer = startApiServer;
|
||||
module.exports.SlashCommandHandler = SlashCommandHandler;
|
||||
module.exports.AGENT_VERIFY = AGENT_VERIFY;
|
||||
Reference in New Issue
Block a user