README.md

@@ -6,7 +6,7 @@
 
 # PaddedCell
 
-OpenClaw plugin for secure password management, safe command execution, and coordinated agent restart.
+OpenClaw plugin for secure secret management, agent identity management, safe command execution, and coordinated agent restart.
 
 ## ⚠️ Security Model
 
@@ -16,7 +16,7 @@ OpenClaw plugin for secure password management, safe command execution, and coor
 
 ## Features
 
-### 1. pass\_mgr — Password Manager (Go)
+### 1. secret-mgr — Secret Manager (Go)
 
 AES-256-GCM encryption with a **build-time secret** injected at compile time.
 Secrets are stored per-agent under `pc-pass-store/<agent-id>/<key>.gpg`.
@@ -24,23 +24,41 @@ Secrets are stored per-agent under `pc-pass-store/<agent-id>/<key>.gpg`.
 **Agent commands** (require pcguard — must run through pcexec):
 
 ```bash
-pass_mgr list                                     # List keys for current agent
-pass_mgr get-secret --key <key>                    # Output secret
-pass_mgr get-username --key <key>                  # Output username
-pass_mgr set --key <key> --secret <s> [--username <u>]  # Set entry
-pass_mgr generate --key <key> [--username <u>]     # Generate random secret
-pass_mgr unset --key <key>                         # Delete entry
-pass_mgr get <key>                                 # Legacy (maps to get-secret)
+secret-mgr list                                     # List keys for current agent
+secret-mgr get-secret --key <key>                    # Output secret
+secret-mgr get-username --key <key>                  # Output username
+secret-mgr set --key <key> --secret <s> [--username <u>]  # Set entry
+secret-mgr generate --key <key> [--username <u>]     # Generate random secret
+secret-mgr unset --key <key>                         # Delete entry
+secret-mgr get <key>                                 # Legacy (maps to get-secret)
 ```
 
 **Admin commands** (human-only — rejected if any `AGENT_*` env var is set):
 
 ```bash
-pass_mgr admin handoff [file]       # Export build secret to file (default: pc-pass-store.secret)
-pass_mgr admin init-from [file]     # Re-encrypt all data from old build secret to current
+secret-mgr admin handoff [file]       # Export build secret to file (default: pc-pass-store.secret)
+secret-mgr admin init-from [file]     # Re-encrypt all data from old build secret to current
 ```
 
-### 2. pcguard — Exec Guard (Go)
+### 2. ego-mgr — Agent Identity Manager (Go)
+
+Manages agent personal information (name, email, timezone, etc.) stored in `~/.openclaw/ego.json`.
+
+Supports **Agent Scope** (per-agent values) and **Public Scope** (shared by all agents).
+
+**Commands** (require pcguard — must run through pcexec):
+
+```bash
+ego-mgr add column <name> [--default <val>]          # Add agent-scope field
+ego-mgr add public-column <name> [--default <val>]   # Add public-scope field
+ego-mgr delete <name>                                 # Delete field and all values
+ego-mgr set <name> <value>                            # Set field value
+ego-mgr get <name>                                    # Get field value
+ego-mgr show                                          # Show all fields and values
+ego-mgr list columns                                  # List all field names
+```
+
+### 3. pcguard — Exec Guard (Go)
 
 Validates that a process is running inside a pcexec context by checking environment sentinels (`AGENT_VERIFY`, `AGENT_ID`, `AGENT_WORKSPACE`). Returns exit code 1 if any check fails.
 
@@ -50,15 +68,15 @@ pcguard || exit 1
 # ... rest of script
 ```
 
-### 3. pcexec — Safe Execution Tool (TypeScript)
+### 4. pcexec — Safe Execution Tool (TypeScript)
 
 Drop-in replacement for `exec` that:
-- Resolves `$(pass_mgr get-secret --key <key>)` and legacy `$(pass_mgr get <key>)` inline
+- Resolves `$(secret-mgr get-secret --key <key>)` and legacy `$(pass_mgr get-secret --key <key>)` inline
 - Sanitizes all resolved passwords from stdout/stderr
 - Injects `AGENT_VERIFY`, `AGENT_ID`, `AGENT_WORKSPACE` environment variables
-- Appends `$(openclaw path)/bin` to `PATH` (making `pcguard` and `pass_mgr` available)
+- Appends `$(openclaw path)/bin` to `PATH` (making `pcguard`, `secret-mgr`, and `ego-mgr` available)
 
-### 4. safe-restart — Coordinated Restart (TypeScript)
+### 5. safe-restart — Coordinated Restart (TypeScript)
 
 Agent state management and coordinated gateway restart.
 
@@ -75,10 +93,15 @@ PaddedCell/
 │   ├── openclaw.plugin.json
 │   ├── package.json
 │   └── tsconfig.json
-├── pass_mgr/            # Go password manager binary
+├── secret-mgr/          # Go secret manager binary
+│   └── src/main.go
+├── ego-mgr/             # Go agent identity manager binary
 │   └── src/main.go
 ├── pcguard/             # Go exec guard binary
 │   └── src/main.go
+├── skills/              # Agent skills
+│   ├── secret-mgr/SKILL.md
+│   └── ego-mgr/SKILL.md
 ├── dist/padded-cell/    # Build output
 ├── install.mjs          # Installer
 └── README.md
@@ -100,7 +123,7 @@ node install.mjs --build-only
 node install.mjs --uninstall
 ```
 
-The installer automatically generates a random 32-byte build secret (stored in `.build-secret`, gitignored) and injects it into `pass_mgr` at compile time. Subsequent builds reuse the same secret.
+The installer automatically generates a random 32-byte build secret (stored in `.build-secret`, gitignored) and injects it into `secret-mgr` at compile time. Subsequent builds reuse the same secret.
 
 ### Install paths
 
@@ -114,14 +137,14 @@ When you rebuild PaddedCell (which generates a new build secret), existing encry
 
 ```bash
 # 1. Before updating — export current build secret
-~/.openclaw/bin/pass_mgr admin handoff
+~/.openclaw/bin/secret-mgr admin handoff
 
 # 2. Rebuild & reinstall (generates new .build-secret)
 rm .build-secret
 node install.mjs
 
 # 3. After updating — re-encrypt data with new secret
-~/.openclaw/bin/pass_mgr admin init-from
+~/.openclaw/bin/secret-mgr admin init-from
 
 # 4. Restart gateway
 openclaw gateway restart
@@ -131,17 +154,23 @@ openclaw gateway restart
 
 ```bash
 # Agent sets and gets private passwords (via pcexec)
-pass_mgr set --key myservice --secret s3cret --username admin
-pass_mgr get-secret --key myservice
-pass_mgr get-username --key myservice
+secret-mgr set --key myservice --secret s3cret --username admin
+secret-mgr get-secret --key myservice
+secret-mgr get-username --key myservice
 
 # Shared scope (.public)
-pass_mgr set --public --key shared-api --secret s3cret
-pass_mgr list --public
-pass_mgr get-secret --public --key shared-api
+secret-mgr set --public --key shared-api --secret s3cret
+secret-mgr list --public
+secret-mgr get-secret --public --key shared-api
 
 # Use in shell commands (pcexec resolves and sanitizes)
-curl -u "$(pass_mgr get-username --key myservice):$(pass_mgr get-secret --key myservice)" https://api.example.com
+curl -u "$(secret-mgr get-username --key myservice):$(secret-mgr get-secret --key myservice)" https://api.example.com
+
+# Agent identity management (via pcexec)
+ego-mgr add column name
+ego-mgr set name "小智"
+ego-mgr add public-column timezone --default UTC
+ego-mgr show
 ```
 
 ## License

ego-mgr/go.mod

@@ -1,4 +1,4 @@
-module pass_mgr
+module ego-mgr
 
 go 1.24.0
 

ego-mgr/src/main.go

@@ -0,0 +1,482 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"syscall"
+
+	"github.com/spf13/cobra"
+)
+
+const (
+	expectedAgentVerify = "IF YOU ARE AN AGENT/MODEL, YOU SHOULD NEVER TOUCH THIS ENV VARIABLE"
+	egoFileName         = "ego.json"
+)
+
+// Exit codes per spec
+const (
+	ExitSuccess        = 0
+	ExitUsageError     = 1
+	ExitColumnNotFound = 2
+	ExitColumnExists   = 3
+	ExitPermission     = 4
+	ExitLockFailed     = 5
+	ExitJSONError      = 6
+)
+
+// EgoData is the on-disk JSON structure
+type EgoData struct {
+	Columns       []string                       `json:"columns"`
+	PublicColumns []string                        `json:"public-columns"`
+	PublicScope   map[string]string               `json:"public-scope"`
+	AgentScope    map[string]map[string]string    `json:"agent-scope"`
+}
+
+func resolveOpenclawPath() string {
+	if p := os.Getenv("OPENCLAW_PATH"); p != "" {
+		return p
+	}
+	home, _ := os.UserHomeDir()
+	return filepath.Join(home, ".openclaw")
+}
+
+func egoFilePath() string {
+	return filepath.Join(resolveOpenclawPath(), egoFileName)
+}
+
+func currentAgentID() string {
+	return os.Getenv("AGENT_ID")
+}
+
+func requirePcguard() {
+	if os.Getenv("AGENT_VERIFY") != expectedAgentVerify {
+		fmt.Fprintln(os.Stderr, "Error: must be invoked via pcexec (AGENT_VERIFY mismatch)")
+		os.Exit(ExitPermission)
+	}
+	if os.Getenv("AGENT_ID") == "" {
+		fmt.Fprintln(os.Stderr, "Error: AGENT_ID not set — must be invoked via pcexec")
+		os.Exit(ExitPermission)
+	}
+	if os.Getenv("AGENT_WORKSPACE") == "" {
+		fmt.Fprintln(os.Stderr, "Error: AGENT_WORKSPACE not set — must be invoked via pcexec")
+		os.Exit(ExitPermission)
+	}
+}
+
+// readEgoData reads and parses the ego.json file
+func readEgoData() (*EgoData, error) {
+	fp := egoFilePath()
+	raw, err := os.ReadFile(fp)
+	if err != nil {
+		if os.IsNotExist(err) {
+			// Return empty structure
+			return &EgoData{
+				Columns:       []string{},
+				PublicColumns: []string{},
+				PublicScope:   map[string]string{},
+				AgentScope:    map[string]map[string]string{},
+			}, nil
+		}
+		return nil, fmt.Errorf("failed to read %s: %w", fp, err)
+	}
+	var data EgoData
+	if err := json.Unmarshal(raw, &data); err != nil {
+		return nil, fmt.Errorf("failed to parse %s: %w", fp, err)
+	}
+	// Ensure maps are initialized
+	if data.PublicScope == nil {
+		data.PublicScope = map[string]string{}
+	}
+	if data.AgentScope == nil {
+		data.AgentScope = map[string]map[string]string{}
+	}
+	if data.Columns == nil {
+		data.Columns = []string{}
+	}
+	if data.PublicColumns == nil {
+		data.PublicColumns = []string{}
+	}
+	return &data, nil
+}
+
+// writeEgoData writes ego data to ego.json with file locking
+func writeEgoData(data *EgoData) error {
+	fp := egoFilePath()
+
+	// Acquire file lock
+	lockPath := fp + ".lock"
+	lockFile, err := os.OpenFile(lockPath, os.O_CREATE|os.O_RDWR, 0600)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error: cannot create lock file: %v\n", err)
+		os.Exit(ExitLockFailed)
+	}
+	defer func() {
+		lockFile.Close()
+		os.Remove(lockPath)
+	}()
+
+	if err := syscall.Flock(int(lockFile.Fd()), syscall.LOCK_EX|syscall.LOCK_NB); err != nil {
+		fmt.Fprintln(os.Stderr, "Error: failed to acquire file lock (another process is writing)")
+		os.Exit(ExitLockFailed)
+	}
+	defer syscall.Flock(int(lockFile.Fd()), syscall.LOCK_UN)
+
+	raw, err := json.MarshalIndent(data, "", "  ")
+	if err != nil {
+		return fmt.Errorf("failed to marshal JSON: %w", err)
+	}
+
+	if err := os.WriteFile(fp, append(raw, '\n'), 0644); err != nil {
+		return fmt.Errorf("failed to write %s: %w", fp, err)
+	}
+	return nil
+}
+
+// ensureAgent ensures the current agent has an entry in agent-scope
+func ensureAgent(data *EgoData) {
+	agentID := currentAgentID()
+	if _, ok := data.AgentScope[agentID]; !ok {
+		data.AgentScope[agentID] = map[string]string{}
+	}
+}
+
+// isPublicColumn checks if a column name is in public-columns
+func isPublicColumn(data *EgoData, name string) bool {
+	for _, c := range data.PublicColumns {
+		if c == name {
+			return true
+		}
+	}
+	return false
+}
+
+// isAgentColumn checks if a column name is in columns (agent scope)
+func isAgentColumn(data *EgoData, name string) bool {
+	for _, c := range data.Columns {
+		if c == name {
+			return true
+		}
+	}
+	return false
+}
+
+// columnExists checks if a column name exists in either scope
+func columnExists(data *EgoData, name string) bool {
+	return isPublicColumn(data, name) || isAgentColumn(data, name)
+}
+
+func main() {
+	rootCmd := &cobra.Command{
+		Use:   "ego-mgr",
+		Short: "Agent identity/profile manager for OpenClaw",
+		Long: `ego-mgr manages agent personal information (name, email, timezone, etc.).
+
+Fields can be Agent Scope (per-agent) or Public Scope (shared by all agents).
+
+Examples:
+  ego-mgr add column name
+  ego-mgr add public-column timezone --default UTC
+  ego-mgr set name "小智"
+  ego-mgr get name
+  ego-mgr show
+  ego-mgr list columns
+  ego-mgr delete name`,
+	}
+
+	rootCmd.AddCommand(addCmd(), deleteCmd(), setCmd(), getCmd(), showCmd(), listCmd())
+
+	if err := rootCmd.Execute(); err != nil {
+		os.Exit(ExitUsageError)
+	}
+}
+
+func addCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "add",
+		Short: "Add a new column",
+	}
+	cmd.AddCommand(addColumnCmd(), addPublicColumnCmd())
+	return cmd
+}
+
+func addColumnCmd() *cobra.Command {
+	var defaultVal string
+	cmd := &cobra.Command{
+		Use:   "column <column-name>",
+		Short: "Add an agent-scope column",
+		Args:  cobra.ExactArgs(1),
+		Run: func(cmd *cobra.Command, args []string) {
+			requirePcguard()
+			colName := args[0]
+
+			data, err := readEgoData()
+			if err != nil {
+				fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+				os.Exit(ExitJSONError)
+			}
+
+			if columnExists(data, colName) {
+				fmt.Fprintf(os.Stderr, "Error: column '%s' already exists\n", colName)
+				os.Exit(ExitColumnExists)
+			}
+
+			data.Columns = append(data.Columns, colName)
+
+			// Set default value for all existing agents
+			if defaultVal != "" {
+				for agentID := range data.AgentScope {
+					data.AgentScope[agentID][colName] = defaultVal
+				}
+			}
+
+			if err := writeEgoData(data); err != nil {
+				fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+				os.Exit(ExitJSONError)
+			}
+		},
+	}
+	cmd.Flags().StringVar(&defaultVal, "default", "", "Default value for the column")
+	return cmd
+}
+
+func addPublicColumnCmd() *cobra.Command {
+	var defaultVal string
+	cmd := &cobra.Command{
+		Use:   "public-column <column-name>",
+		Short: "Add a public-scope column",
+		Args:  cobra.ExactArgs(1),
+		Run: func(cmd *cobra.Command, args []string) {
+			requirePcguard()
+			colName := args[0]
+
+			data, err := readEgoData()
+			if err != nil {
+				fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+				os.Exit(ExitJSONError)
+			}
+
+			if columnExists(data, colName) {
+				fmt.Fprintf(os.Stderr, "Error: column '%s' already exists\n", colName)
+				os.Exit(ExitColumnExists)
+			}
+
+			data.PublicColumns = append(data.PublicColumns, colName)
+			if defaultVal != "" {
+				data.PublicScope[colName] = defaultVal
+			} else {
+				data.PublicScope[colName] = ""
+			}
+
+			if err := writeEgoData(data); err != nil {
+				fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+				os.Exit(ExitJSONError)
+			}
+		},
+	}
+	cmd.Flags().StringVar(&defaultVal, "default", "", "Default value for the column")
+	return cmd
+}
+
+func deleteCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "delete <column-name>",
+		Short: "Delete a column and all its values",
+		Args:  cobra.ExactArgs(1),
+		Run: func(cmd *cobra.Command, args []string) {
+			requirePcguard()
+			colName := args[0]
+
+			data, err := readEgoData()
+			if err != nil {
+				fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+				os.Exit(ExitJSONError)
+			}
+
+			if !columnExists(data, colName) {
+				fmt.Fprintf(os.Stderr, "Error: column '%s' does not exist\n", colName)
+				os.Exit(ExitColumnNotFound)
+			}
+
+			// Remove from public-columns if present
+			if isPublicColumn(data, colName) {
+				newCols := []string{}
+				for _, c := range data.PublicColumns {
+					if c != colName {
+						newCols = append(newCols, c)
+					}
+				}
+				data.PublicColumns = newCols
+				delete(data.PublicScope, colName)
+			}
+
+			// Remove from agent columns if present
+			if isAgentColumn(data, colName) {
+				newCols := []string{}
+				for _, c := range data.Columns {
+					if c != colName {
+						newCols = append(newCols, c)
+					}
+				}
+				data.Columns = newCols
+				// Remove from all agent scopes
+				for agentID := range data.AgentScope {
+					delete(data.AgentScope[agentID], colName)
+				}
+			}
+
+			if err := writeEgoData(data); err != nil {
+				fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+				os.Exit(ExitJSONError)
+			}
+		},
+	}
+	return cmd
+}
+
+func setCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "set <column-name> <value>",
+		Short: "Set a field value",
+		Args:  cobra.ExactArgs(2),
+		Run: func(cmd *cobra.Command, args []string) {
+			requirePcguard()
+			colName := args[0]
+			value := args[1]
+
+			data, err := readEgoData()
+			if err != nil {
+				fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+				os.Exit(ExitJSONError)
+			}
+
+			if !columnExists(data, colName) {
+				fmt.Fprintf(os.Stderr, "Error: column '%s' does not exist (use 'ego-mgr add column' or 'ego-mgr add public-column' first)\n", colName)
+				os.Exit(ExitColumnNotFound)
+			}
+
+			// Auto-register agent
+			ensureAgent(data)
+
+			if isPublicColumn(data, colName) {
+				data.PublicScope[colName] = value
+			} else {
+				agentID := currentAgentID()
+				data.AgentScope[agentID][colName] = value
+			}
+
+			if err := writeEgoData(data); err != nil {
+				fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+				os.Exit(ExitJSONError)
+			}
+		},
+	}
+	return cmd
+}
+
+func getCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "get <column-name>",
+		Short: "Get a field value",
+		Args:  cobra.ExactArgs(1),
+		Run: func(cmd *cobra.Command, args []string) {
+			requirePcguard()
+			colName := args[0]
+
+			data, err := readEgoData()
+			if err != nil {
+				fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+				os.Exit(ExitJSONError)
+			}
+
+			if !columnExists(data, colName) {
+				fmt.Fprintf(os.Stderr, "Error: column '%s' does not exist\n", colName)
+				os.Exit(ExitColumnNotFound)
+			}
+
+			// Auto-register agent
+			ensureAgent(data)
+
+			if isPublicColumn(data, colName) {
+				fmt.Print(data.PublicScope[colName])
+			} else {
+				agentID := currentAgentID()
+				fmt.Print(data.AgentScope[agentID][colName])
+			}
+		},
+	}
+	return cmd
+}
+
+func showCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "show",
+		Short: "Show all fields and values",
+		Run: func(cmd *cobra.Command, args []string) {
+			requirePcguard()
+
+			data, err := readEgoData()
+			if err != nil {
+				fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+				os.Exit(ExitJSONError)
+			}
+
+			// Auto-register agent
+			ensureAgent(data)
+			agentID := currentAgentID()
+
+			// Print public scope first
+			for _, col := range data.PublicColumns {
+				val := data.PublicScope[col]
+				fmt.Printf("%s: %s\n", col, val)
+			}
+
+			// Then agent scope
+			for _, col := range data.Columns {
+				val := ""
+				if agentData, ok := data.AgentScope[agentID]; ok {
+					val = agentData[col]
+				}
+				fmt.Printf("%s: %s\n", col, val)
+			}
+		},
+	}
+	return cmd
+}
+
+func listCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "list",
+		Short: "List information",
+	}
+	cmd.AddCommand(listColumnsCmd())
+	return cmd
+}
+
+func listColumnsCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "columns",
+		Short: "List all column names",
+		Run: func(cmd *cobra.Command, args []string) {
+			requirePcguard()
+
+			data, err := readEgoData()
+			if err != nil {
+				fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+				os.Exit(ExitJSONError)
+			}
+
+			// Print public columns first
+			for _, col := range data.PublicColumns {
+				fmt.Println(col)
+			}
+
+			// Then agent columns
+			for _, col := range data.Columns {
+				fmt.Println(col)
+			}
+		},
+	}
+	return cmd
+}

install.mjs

@@ -131,13 +131,20 @@ async function build() {
 
   rmSync(SRC_DIST_DIR, { recursive: true, force: true });
 
-  log('  Building pass_mgr...', 'blue');
-  const pmDir = join(__dirname, 'pass_mgr');
+  log('  Building secret-mgr...', 'blue');
+  const pmDir = join(__dirname, 'secret-mgr');
   exec('go mod tidy', { cwd: pmDir, silent: !options.verbose });
   const ldflags = `-X main.buildSecret=${buildSecret}`;
-  exec(`go build -ldflags "${ldflags}" -o dist/pass_mgr src/main.go`, { cwd: pmDir, silent: !options.verbose });
-  chmodSync(join(pmDir, 'dist', 'pass_mgr'), 0o755);
-  logOk('pass_mgr');
+  exec(`go build -ldflags "${ldflags}" -o dist/secret-mgr src/main.go`, { cwd: pmDir, silent: !options.verbose });
+  chmodSync(join(pmDir, 'dist', 'secret-mgr'), 0o755);
+  logOk('secret-mgr');
+
+  log('  Building ego-mgr...', 'blue');
+  const emDir = join(__dirname, 'ego-mgr');
+  exec('go mod tidy', { cwd: emDir, silent: !options.verbose });
+  exec('go build -o dist/ego-mgr src/main.go', { cwd: emDir, silent: !options.verbose });
+  chmodSync(join(emDir, 'dist', 'ego-mgr'), 0o755);
+  logOk('ego-mgr');
 
   log('  Building pcguard...', 'blue');
   const pgDir = join(__dirname, 'pcguard');
@@ -161,7 +168,11 @@ async function build() {
 }
 
 function handoffSecretIfPossible(openclawPath) {
-  const passMgrPath = join(openclawPath, 'bin', 'pass_mgr');
+  // Check both old (pass_mgr) and new (secret-mgr) binary names
+  let passMgrPath = join(openclawPath, 'bin', 'secret-mgr');
+  if (!existsSync(passMgrPath)) {
+    passMgrPath = join(openclawPath, 'bin', 'pass_mgr');
+  }
   if (!existsSync(passMgrPath)) return null;
 
   const storeA = join(openclawPath, 'pc-pass-store');
@@ -181,7 +192,7 @@ function handoffSecretIfPossible(openclawPath) {
 
 function clearInstallTargets(openclawPath) {
   const binDir = join(openclawPath, 'bin');
-  for (const name of ['pass_mgr', 'pcguard']) {
+  for (const name of ['pass_mgr', 'secret-mgr', 'ego-mgr', 'pcguard']) {
     const p = join(binDir, name);
     if (existsSync(p)) { rmSync(p, { force: true }); logOk(`Removed ${p}`); }
   }
@@ -213,7 +224,7 @@ function cleanupConfig(openclawPath) {
       logOk('Removed from load paths');
     }
 
-    const skillEntries = ['pcexec', 'safe-restart', 'safe_restart', 'pass-mgr'];
+    const skillEntries = ['pcexec', 'safe-restart', 'safe_restart', 'pass-mgr', 'secret-mgr', 'ego-mgr'];
     for (const sk of skillEntries) {
       const p = join(skillsDir, sk);
       if (existsSync(p)) {
@@ -240,7 +251,7 @@ async function install() {
   log(`  OpenClaw path: ${openclawPath}`, 'blue');
 
   // update/reinstall path: remove old install first
-  if (existsSync(destDir) || existsSync(join(binDir, 'pass_mgr')) || existsSync(join(binDir, 'pcguard'))) {
+  if (existsSync(destDir) || existsSync(join(binDir, 'pass_mgr')) || existsSync(join(binDir, 'secret-mgr')) || existsSync(join(binDir, 'pcguard'))) {
     logWarn('Existing install detected, uninstalling before install...');
     handoffSecretIfPossible(openclawPath);
     clearInstallTargets(openclawPath);
@@ -259,7 +270,8 @@ async function install() {
 
   mkdirSync(binDir, { recursive: true });
   const bins = [
-    { name: 'pass_mgr', src: join(__dirname, 'pass_mgr', 'dist', 'pass_mgr') },
+    { name: 'secret-mgr', src: join(__dirname, 'secret-mgr', 'dist', 'secret-mgr') },
+    { name: 'ego-mgr', src: join(__dirname, 'ego-mgr', 'dist', 'ego-mgr') },
     { name: 'pcguard', src: join(__dirname, 'pcguard', 'dist', 'pcguard') },
   ];
   for (const b of bins) {
@@ -281,11 +293,26 @@ async function install() {
     }
   }
 
+  // Initialize ego.json if it doesn't exist
+  const egoJsonPath = join(openclawPath, 'ego.json');
+  if (!existsSync(egoJsonPath)) {
+    const emptyEgo = {
+      columns: [],
+      'public-columns': [],
+      'public-scope': {},
+      'agent-scope': {},
+    };
+    writeFileSync(egoJsonPath, JSON.stringify(emptyEgo, null, 2) + '\n', { mode: 0o644 });
+    logOk('Created ego.json');
+  } else {
+    logOk('ego.json already exists');
+  }
+
   // if prior encrypted store exists, run init-from once new binary is installed
   const hasStore = existsSync(join(openclawPath, 'pc-pass-store')) || existsSync(join(openclawPath, 'pc-secret-store'));
   const secretFile = join(openclawPath, 'pc-pass-store.secret');
   if (hasStore && existsSync(secretFile)) {
-    const passMgrPath = join(binDir, 'pass_mgr');
+    const passMgrPath = join(binDir, 'secret-mgr');
     try {
       exec(`${passMgrPath} admin init-from ${secretFile}`, { silent: !options.verbose });
       logOk('init-from completed from handoff secret');
@@ -303,7 +330,7 @@ async function configure() {
 
   const openclawPath = resolveOpenclawPath();
   const destDir = join(openclawPath, 'plugins', PLUGIN_NAME);
-  const passMgrPath = join(openclawPath, 'bin', 'pass_mgr');
+  const secretMgrPath = join(openclawPath, 'bin', 'secret-mgr');
 
   try {
     const paths = getOpenclawConfig('plugins.load.paths', []);
@@ -318,7 +345,7 @@ async function configure() {
     plugins.entries = plugins.entries || {};
     plugins.entries[PLUGIN_NAME] = {
       enabled: true,
-      config: { enabled: true, passMgrPath, openclawProfilePath: openclawPath },
+      config: { enabled: true, secretMgrPath, openclawProfilePath: openclawPath },
     };
     setOpenclawConfig('plugins', plugins);
     logOk('Plugin entry configured');

plugin/openclaw.plugin.json

@@ -8,7 +8,7 @@
     "type": "object",
     "properties": {
       "enabled": { "type": "boolean", "default": true },
-      "passMgrPath": { "type": "string", "default": "" },
+      "secretMgrPath": { "type": "string", "default": "" },
       "openclawProfilePath": { "type": "string", "default": "" }
     }
   }

plugin/tools/pcexec.ts

@@ -46,33 +46,55 @@ export interface PcExecError extends Error {
 }
 
 /**
- * Extract pass_mgr invocations from a command string.
+ * Extract secret-mgr (and legacy pass_mgr) invocations from a command string.
  *
- * Supports both legacy and new formats:
+ * Supports:
+ *   Current:  $(secret-mgr get-secret --key <key>)  /  `secret-mgr get-secret --key <key>`
+ *   Legacy:   $(pass_mgr get-secret --key <key>)  /  `pass_mgr get-secret --key <key>`
  *   Legacy:   $(pass_mgr get <key>)  /  `pass_mgr get <key>`
- *   New:     $(pass_mgr get-secret --key <key>)  /  `pass_mgr get-secret --key <key>`
  *
- * Returns array of { fullMatch, subcommand, key } where subcommand is
+ * Returns array of { fullMatch, subcommand, key, binary } where subcommand is
  * "get" | "get-secret".
  */
-function extractPassMgrGets(
+function extractSecretMgrGets(
   command: string,
-): Array<{ key: string; fullMatch: string; subcommand: string }> {
-  const results: Array<{ key: string; fullMatch: string; subcommand: string }> = [];
+): Array<{ key: string; fullMatch: string; subcommand: string; binary: string }> {
+  const results: Array<{ key: string; fullMatch: string; subcommand: string; binary: string }> = [];
   const seen = new Set<string>();
 
-  // New format: pass_mgr get-secret --key <key>
+  // secret-mgr get-secret --key <key>
+  const secretMgrPatterns = [
+    /\$\(\s*secret-mgr\s+get-secret\s+--key\s+(\S+)\s*\)/g,
+    /`\s*secret-mgr\s+get-secret\s+--key\s+(\S+)\s*`/g,
+  ];
+
+  // Legacy pass_mgr get-secret --key <key>
   const newPatterns = [
     /\$\(\s*pass_mgr\s+get-secret\s+--key\s+(\S+)\s*\)/g,
     /`\s*pass_mgr\s+get-secret\s+--key\s+(\S+)\s*`/g,
   ];
 
-  // Legacy format: pass_mgr get <key>
+  // Legacy pass_mgr get <key>
   const legacyPatterns = [
     /\$\(\s*pass_mgr\s+get\s+(\S+)\s*\)/g,
     /`\s*pass_mgr\s+get\s+(\S+)\s*`/g,
   ];
 
+  for (const pattern of secretMgrPatterns) {
+    let match;
+    while ((match = pattern.exec(command)) !== null) {
+      if (!seen.has(match[0])) {
+        seen.add(match[0]);
+        results.push({
+          key: match[1],
+          fullMatch: match[0],
+          subcommand: 'get-secret',
+          binary: 'secret-mgr',
+        });
+      }
+    }
+  }
+
   for (const pattern of newPatterns) {
     let match;
     while ((match = pattern.exec(command)) !== null) {
@@ -82,6 +104,7 @@ function extractPassMgrGets(
           key: match[1],
           fullMatch: match[0],
           subcommand: 'get-secret',
+          binary: 'pass_mgr',
         });
       }
     }
@@ -96,6 +119,7 @@ function extractPassMgrGets(
           key: match[1],
           fullMatch: match[0],
           subcommand: 'get',
+          binary: 'pass_mgr',
         });
       }
     }
@@ -105,22 +129,24 @@ function extractPassMgrGets(
 }
 
 /**
- * Execute pass_mgr to retrieve a secret.
+ * Execute secret-mgr (or legacy pass_mgr) to retrieve a secret.
  * Uses the same env vars that the caller passes so pcguard checks pass.
  */
 async function fetchPassword(
   subcommand: string,
   key: string,
   env: Record<string, string>,
+  binary: string = 'secret-mgr',
 ): Promise<string> {
   return new Promise((resolve, reject) => {
-    const passMgrPath = env.PASS_MGR_PATH || process.env.PASS_MGR_PATH || 'pass_mgr';
+    // Prefer SECRET_MGR_PATH, fall back to PASS_MGR_PATH for legacy compat
+    const binaryPath = env.SECRET_MGR_PATH || env.PASS_MGR_PATH || process.env.SECRET_MGR_PATH || process.env.PASS_MGR_PATH || 'secret-mgr';
     const args =
       subcommand === 'get-secret'
         ? ['get-secret', '--key', key]
         : ['get', key];
 
-    const child = spawn(passMgrPath, args, {
+    const child = spawn(binaryPath, args, {
       stdio: ['ignore', 'pipe', 'pipe'],
       env: { ...process.env, ...env },
     });
@@ -131,7 +157,7 @@ async function fetchPassword(
     child.stderr.on('data', (d) => (stderr += d.toString()));
     child.on('close', (code) => {
       if (code !== 0) {
-        reject(new Error(`pass_mgr ${subcommand} failed: ${stderr || stdout}`));
+        reject(new Error(`secret-mgr ${subcommand} failed: ${stderr || stdout}`));
       } else {
         resolve(stdout.trim());
       }
@@ -155,18 +181,18 @@ function sanitizeOutput(output: string, passwords: string[]): string {
 }
 
 /**
- * Pre-resolve pass_mgr invocations, replace them inline, and collect passwords.
+ * Pre-resolve secret-mgr (and legacy pass_mgr) invocations, replace them inline, and collect passwords.
  */
-async function replacePassMgrGets(
+async function replaceSecretMgrGets(
   command: string,
   env: Record<string, string>,
 ): Promise<{ command: string; passwords: string[] }> {
-  const matches = extractPassMgrGets(command);
+  const matches = extractSecretMgrGets(command);
   const passwords: string[] = [];
   let replaced = command;
 
-  for (const { key, fullMatch, subcommand } of matches) {
-    const pw = await fetchPassword(subcommand, key, env);
+  for (const { key, fullMatch, subcommand, binary } of matches) {
+    const pw = await fetchPassword(subcommand, key, env, binary);
     passwords.push(pw);
     replaced = replaced.split(fullMatch).join(pw);
   }
@@ -193,7 +219,7 @@ export async function pcexec(
   let finalCommand = command;
   let passwords: string[] = [];
 
-  const resolved = await replacePassMgrGets(command, env);
+  const resolved = await replaceSecretMgrGets(command, env);
   finalCommand = resolved.command;
   passwords = resolved.passwords;
 

secret-mgr/go.mod

@@ -0,0 +1,10 @@
+module secret-mgr
+
+go 1.24.0
+
+require github.com/spf13/cobra v1.8.0
+
+require (
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+)

secret-mgr/go.sum

@@ -0,0 +1,10 @@
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

secret-mgr/src/main.go

@@ -72,7 +72,7 @@ func rejectIfAgent(cmdName string) {
 
 func currentKey() ([]byte, error) {
 	if buildSecret == "" {
-		return nil, fmt.Errorf("pass_mgr was built without a build secret; re-run install.mjs")
+		return nil, fmt.Errorf("secret-mgr was built without a build secret; re-run install.mjs")
 	}
 	return deriveKey(buildSecret), nil
 }
@@ -173,7 +173,7 @@ func generatePassword(length int) (string, error) {
 }
 
 func main() {
-	rootCmd := &cobra.Command{Use: "pass_mgr", Short: "Password manager for OpenClaw agents"}
+	rootCmd := &cobra.Command{Use: "secret-mgr", Short: "Secret manager for OpenClaw agents"}
 	rootCmd.AddCommand(listCmd(), getSecretCmd(), getUsernameCmd(), getLegacyCmd(), setCmd(), generateCmd(), unsetCmd(), adminCmd())
 	if err := rootCmd.Execute(); err != nil {
 		os.Exit(1)

skills/ego-mgr/SKILL.md

@@ -0,0 +1,105 @@
+---
+name: ego-mgr
+description: Manage agent personal information (name, email, timezone, etc.). Use when storing, retrieving, listing, or managing agent profile fields. Trigger on requests about agent identity, personal info, profile settings, or ego-mgr usage. MUST call ego-mgr via the pcexec tool.
+---
+
+# Ego Manager
+
+## Purpose
+Use ego-mgr to manage agent personal information fields. Supports per-agent fields (Agent Scope) and shared fields (Public Scope).
+
+## Mandatory safety rule
+Always invoke ego-mgr through the `pcexec` tool. Do NOT run ego-mgr directly.
+
+## Concepts
+
+- **Agent Scope columns**: Each agent stores its own value independently
+- **Public Scope columns**: All agents share the same value
+- Column names are globally unique — a name cannot be both agent-scope and public-scope
+
+## Workflow
+
+1. First, create a column: `ego-mgr add column <name>` or `ego-mgr add public-column <name>`
+2. Then, set its value: `ego-mgr set <name> <value>`
+3. Read it: `ego-mgr get <name>` or `ego-mgr show`
+
+## Commands (run via pcexec)
+
+### Add columns
+```bash
+# Agent-scope column (per-agent values)
+ego-mgr add column <column-name> [--default <default-value>]
+
+# Public-scope column (shared by all agents)
+ego-mgr add public-column <column-name> [--default <default-value>]
+```
+
+### Delete a column
+```bash
+ego-mgr delete <column-name>
+```
+Removes the column and all its values across all scopes.
+
+### Set a value
+```bash
+ego-mgr set <column-name> <value>
+```
+Automatically writes to the correct scope (agent or public) based on column type.
+
+### Get a value
+```bash
+ego-mgr get <column-name>
+```
+Outputs just the value (no label).
+
+### Show all fields
+```bash
+ego-mgr show
+```
+Lists all fields with values (public first, then agent-scope).
+
+### List column names
+```bash
+ego-mgr list columns
+```
+Lists all column names (public first, then agent-scope).
+
+## Error exit codes
+
+| Code | Meaning |
+|------|---------|
+| 0 | Success |
+| 1 | Usage error |
+| 2 | Column not found |
+| 3 | Column already exists |
+| 4 | Permission error (not via pcexec) |
+| 5 | File lock failed |
+| 6 | JSON read/write error |
+
+## Common use cases
+
+### Set up agent identity
+```bash
+ego-mgr add column name
+ego-mgr set name "小智"
+ego-mgr add column email
+ego-mgr set email "zhi@example.com"
+```
+
+### Set shared config
+```bash
+ego-mgr add public-column timezone --default UTC
+ego-mgr add public-column language --default zh-CN
+```
+
+### Check current profile
+```bash
+ego-mgr show
+```
+
+## Usage notes
+
+- Always create columns before setting values
+- Column names are case-sensitive
+- Public scope values are readable and writable by all agents
+- Agent scope values are isolated per-agent

skills/pass-mgr/SKILL.md

@@ -1,68 +0,0 @@
----
-name: pass-mgr
-description: Manage OpenClaw agent credentials (usernames/secrets). Use when storing, retrieving, listing, generating, or removing credentials for an agent. Trigger on requests about saving or fetching usernames, passwords, tokens, API keys, or other secrets. MUST call pass_mgr via the pcexec tool.
----
-
-# Pass Manager
-
-## Purpose
-Use pass_mgr to store and retrieve agent-scoped credentials (username/secret pairs) and generate secrets.
-
-## Mandatory safety rule
-Always invoke pass_mgr through the `pcexec` tool. Do NOT run pass_mgr directly.
-
-## Commands (run via pcexec)
-
-- List keys for current agent
-  - `pass_mgr list`
-  - Include shared scope: `pass_mgr list --public`
-
-- Get username for a key
-  - `pass_mgr get-username --key <key>`
-  - Shared scope: `pass_mgr get-username --public --key <key>`
-
-- Get secret for a key
-  - `pass_mgr get-secret --key <key>`
-  - Shared scope: `pass_mgr get-secret --public --key <key>`
-
-- Set a key entry (username optional)
-  - `pass_mgr set --key <key> --secret <secret> [--username <username>]`
-  - Shared scope: `pass_mgr set --public --key <key> --secret <secret> [--username <username>]`
-
-- Remove a key entry
-  - `pass_mgr unset --key <key>`
-  - Shared scope: `pass_mgr unset --public --key <key>`
-
-- Generate a random secret for a key (prints secret)
-  - `pass_mgr generate --key <key> [--username <username>]`
-  - Shared scope: `pass_mgr generate --public --key <key> [--username <username>]`
-
-- Legacy (hidden) getter
-  - `pass_mgr get <key>`
-
-## Usage notes
-
-- Treat all outputs as sensitive. Never echo secrets.
-- When the agent needs credentials to access a resource, first try `list` to see if a matching key already exists before asking the user.
-- Prefer `generate` when the user wants a new secret or password.
-- Use `set` to store both username and secret in one step.
-- Use `get-username` and `get-secret` for retrieval.
-- Storing can be explicit (user asks) or proactive after the agent successfully registers/creates an account.
-- Secrets should be fetched and used immediately in a command, not displayed (e.g., `xxx_cli login --user $(pass_mgr get-username some_key) --pass $(pass_mgr get-secret some_key)`).
-
-## Examples (pcexec)
-
-- Store credentials
-  - pcexec: `pass_mgr set github --username alice --secret <secret>`
-
-- Retrieve username
-  - pcexec: `pass_mgr get-username github`
-
-- Retrieve secret
-  - pcexec: `pass_mgr get-secret github`
-
-- Generate secret
-  - pcexec: `pass_mgr generate github`
-
-- Delete entry
-  - pcexec: `pass_mgr unset github`

skills/secret-mgr/SKILL.md

@@ -0,0 +1,68 @@
+---
+name: secret-mgr
+description: Manage OpenClaw agent credentials (usernames/secrets). Use when storing, retrieving, listing, generating, or removing credentials for an agent. Trigger on requests about saving or fetching usernames, passwords, tokens, API keys, or other secrets. MUST call secret-mgr via the pcexec tool.
+---
+
+# Secret Manager
+
+## Purpose
+Use secret-mgr to store and retrieve agent-scoped credentials (username/secret pairs) and generate secrets.
+
+## Mandatory safety rule
+Always invoke secret-mgr through the `pcexec` tool. Do NOT run secret-mgr directly.
+
+## Commands (run via pcexec)
+
+- List keys for current agent
+  - `secret-mgr list`
+  - Include shared scope: `secret-mgr list --public`
+
+- Get username for a key
+  - `secret-mgr get-username --key <key>`
+  - Shared scope: `secret-mgr get-username --public --key <key>`
+
+- Get secret for a key
+  - `secret-mgr get-secret --key <key>`
+  - Shared scope: `secret-mgr get-secret --public --key <key>`
+
+- Set a key entry (username optional)
+  - `secret-mgr set --key <key> --secret <secret> [--username <username>]`
+  - Shared scope: `secret-mgr set --public --key <key> --secret <secret> [--username <username>]`
+
+- Remove a key entry
+  - `secret-mgr unset --key <key>`
+  - Shared scope: `secret-mgr unset --public --key <key>`
+
+- Generate a random secret for a key (prints secret)
+  - `secret-mgr generate --key <key> [--username <username>]`
+  - Shared scope: `secret-mgr generate --public --key <key> [--username <username>]`
+
+- Legacy (hidden) getter
+  - `secret-mgr get <key>`
+
+## Usage notes
+
+- Treat all outputs as sensitive. Never echo secrets.
+- When the agent needs credentials to access a resource, first try `list` to see if a matching key already exists before asking the user.
+- Prefer `generate` when the user wants a new secret or password.
+- Use `set` to store both username and secret in one step.
+- Use `get-username` and `get-secret` for retrieval.
+- Storing can be explicit (user asks) or proactive after the agent successfully registers/creates an account.
+- Secrets should be fetched and used immediately in a command, not displayed (e.g., `xxx_cli login --user $(secret-mgr get-username --key some_key) --pass $(secret-mgr get-secret --key some_key)`).
+
+## Examples (pcexec)
+
+- Store credentials
+  - pcexec: `secret-mgr set --key github --username alice --secret <secret>`
+
+- Retrieve username
+  - pcexec: `secret-mgr get-username --key github`
+
+- Retrieve secret
+  - pcexec: `secret-mgr get-secret --key github`
+
+- Generate secret
+  - pcexec: `secret-mgr generate --key github`
+
+- Delete entry
+  - pcexec: `secret-mgr unset --key github`