nav/PaddedCell
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ce79a782b94aee9940bfdcb1c7fd9eb73420dbf2
PaddedCell/plugin/index.ts
zhi 0569a5dcf5 feat: refactor project structure + add pcguard + AGENT_VERIFY injection 
- Restructure: pcexec/ and safe-restart/ → plugin/{tools,core,commands}
- New pcguard Go binary: validates AGENT_VERIFY, AGENT_ID, AGENT_WORKSPACE
- pcexec now injects AGENT_VERIFY env + appends openclaw bin to PATH
- plugin/index.ts: unified TypeScript entry point with resolveOpenclawPath()
- install.mjs: support --openclaw-profile-path, install pcguard, new paths
- README: updated structure docs + security limitations note
- Removed old root index.js and openclaw.plugin.json
2026-03-08 11:48:53 +00:00

129 lines
4.0 KiB
TypeScript
Raw Blame History

// PaddedCell Plugin for OpenClaw
// Registers pcexec and safe_restart tools
import { pcexec, pcexecSync } from './tools/pcexec';
import {
safeRestart,
createSafeRestartTool,
StatusManager,
createApiServer,
startApiServer,
} from './core/index';
import { SlashCommandHandler } from './commands/slash-commands';
/** Sentinel value injected into every pcexec subprocess */
const AGENT_VERIFY = 'IF YOU ARE AN AGENT/MODEL, YOU SHOULD NEVER TOUCH THIS ENV VARIABLE';
/**
* Resolve the openclaw base path.
* Priority: explicit config → $OPENCLAW_PATH → ~/.openclaw
*/
function resolveOpenclawPath(config?: { openclawProfilePath?: string }): string {
if (config?.openclawProfilePath) return config.openclawProfilePath;
if (process.env.OPENCLAW_PATH) return process.env.OPENCLAW_PATH;
const home = process.env.HOME || require('os').homedir();
return require('path').join(home, '.openclaw');
}
// Plugin registration function
function register(api: any, config?: any) {
const logger = api.logger || { info: console.log, error: console.error };
logger.info('PaddedCell plugin initializing...');
const openclawPath = resolveOpenclawPath(config);
const binDir = require('path').join(openclawPath, 'bin');
// Register pcexec tool — pass a FACTORY function that receives context
api.registerTool((ctx: any) => {
const agentId = ctx.agentId;
const workspaceDir = ctx.workspaceDir;
return {
name: 'pcexec',
description: 'Safe exec with password sanitization',
parameters: {
type: 'object',
properties: {
command: { type: 'string', description: 'Command to execute' },
cwd: { type: 'string', description: 'Working directory' },
timeout: { type: 'number', description: 'Timeout in milliseconds' },
},
required: ['command'],
},
async execute(_id: string, params: any) {
const command = params.command;
if (!command) {
throw new Error('Missing required parameter: command');
}
// Build PATH with openclaw bin dir appended
const currentPath = process.env.PATH || '';
const newPath = currentPath.includes(binDir)
? currentPath
: `${currentPath}:${binDir}`;
const result = await pcexec(command, {
cwd: params.cwd || workspaceDir,
timeout: params.timeout,
env: {
AGENT_ID: agentId || '',
AGENT_WORKSPACE: workspaceDir || '',
AGENT_VERIFY,
PATH: newPath,
},
});
// Format output for OpenClaw tool response
let output = result.stdout;
if (result.stderr) {
output += result.stderr;
}
return { content: [{ type: 'text', text: output }] };
},
};
});
// Register safe_restart tool
api.registerTool((ctx: any) => {
const agentId = ctx.agentId;
const sessionKey = ctx.sessionKey;
return {
name: 'safe_restart',
description: 'Safe coordinated restart of OpenClaw gateway',
parameters: {
type: 'object',
properties: {
rollback: { type: 'string', description: 'Rollback script path' },
log: { type: 'string', description: 'Log file path' },
},
},
async execute(_id: string, params: any) {
return await safeRestart({
agentId,
sessionKey,
rollback: params.rollback,
log: params.log,
});
},
};
});
logger.info('PaddedCell plugin initialized');
}
// CommonJS export for OpenClaw
module.exports = { register };
// Also export individual modules for direct use
module.exports.pcexec = pcexec;
module.exports.pcexecSync = pcexecSync;
module.exports.safeRestart = safeRestart;
module.exports.createSafeRestartTool = createSafeRestartTool;
module.exports.StatusManager = StatusManager;
module.exports.createApiServer = createApiServer;
module.exports.startApiServer = startApiServer;
module.exports.SlashCommandHandler = SlashCommandHandler;
module.exports.AGENT_VERIFY = AGENT_VERIFY;
Reference in New Issue View Git Blame Copy Permalink