nav/PaddedCell
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat/refactor-and-pcguard #3

Merged
hzhang merged 3 commits from feat/refactor-and-pcguard into main 2026-03-08 21:32:53 +00:00
Conversation 0 Commits 3 Files Changed 23 +1310 -10069
hzhang commented 2026-03-08 21:32:40 +00:00
Contributor
Copy Link
No description provided.
hzhang added 3 commits 2026-03-08 21:32:40 +00:00
feat: refactor project structure + add pcguard + AGENT_VERIFY injection 0569a5dcf5 
- Restructure: pcexec/ and safe-restart/ → plugin/{tools,core,commands}
- New pcguard Go binary: validates AGENT_VERIFY, AGENT_ID, AGENT_WORKSPACE
- pcexec now injects AGENT_VERIFY env + appends openclaw bin to PATH
- plugin/index.ts: unified TypeScript entry point with resolveOpenclawPath()
- install.mjs: support --openclaw-profile-path, install pcguard, new paths
- README: updated structure docs + security limitations note
- Removed old root index.js and openclaw.plugin.json
fix: copy package.json to install dest for npm install c186eb24ec
feat: rewrite pass_mgr with build-time AES key, update pcexec & install ddaea57f2d 
pass_mgr:
- Complete rewrite using build-time AES key (injected via ldflags)
- New command format: get-secret/get-username --key, set --key --secret
- Admin commands: init, handoff, init-from (rejected when AGENT_* env set)
- Inline pcguard check for agent commands
- Legacy 'get <key>' kept for backward compat
- Storage: pc-pass-store/<agent-id>/<key>.gpg with AES-256-GCM
- Admin password stored as SHA-256 hash in .pass_mgr/admin.json

pcexec.ts:
- Support new 'get-secret --key' pattern alongside legacy 'get <key>'
- Pass environment to fetchPassword for pcguard validation
- Deduplicate matches, sanitize all resolved passwords from output

install.mjs:
- Generate random 32-byte hex build secret (.build-secret)
- Reuse existing secret on rebuilds
- Pass to go build via -ldflags -X main.buildSecret=<secret>

README.md:
- Document new pass_mgr command format
- Document admin handoff/init-from workflow
- Document security model limitations
- Update project structure
hzhang merged commit bc2c5f8bd6 into main 2026-03-08 21:32:53 +00:00
hzhang deleted branch feat/refactor-and-pcguard 2026-03-08 21:32:54 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
mirror orion zhi nav
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: nav/PaddedCell#3
Delete Branch "feat/refactor-and-pcguard"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?