UNPKG

@openguardrails/moltguard

Version:

AI agent security plugin for OpenClaw: prompt injection detection, PII sanitization, and monitoring dashboard

github.com/openguardrails/openguardrails/tree/main/moltguard

openguardrails/openguardrails

276 lines 9.78 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
/** * Type definitions for all 24 OpenClaw plugin hooks. * * These types define the event data structure for each hook, * enabling complete context reporting to Core for intent-action mismatch detection. */ export type HookType = "before_agent_start" | "agent_end" | "session_start" | "session_end" | "message_received" | "message_sending" | "message_sent" | "before_message_write" | "before_model_resolve" | "before_prompt_build" | "llm_input" | "llm_output" | "before_tool_call" | "after_tool_call" | "tool_result_persist" | "before_compaction" | "after_compaction" | "before_reset" | "subagent_spawning" | "subagent_delivery_target" | "subagent_spawned" | "subagent_ended" | "gateway_start" | "gateway_stop"; /** Hooks that require synchronous response from Core (can block execution) */ export declare const BLOCKING_HOOKS: Set<HookType>; /** Check if a hook type requires synchronous (blocking) reporting */ export declare function isBlockingHook(hookType: HookType): boolean; /** Base event data shared by all hooks */ export type BaseEventData = { /** ISO 8601 timestamp when the event occurred */ timestamp: string; }; export type BeforeAgentStartData = BaseEventData & { /** Initial user prompt/intent */ prompt: string; /** System prompt if any */ systemPrompt?: string; /** Conversation ID if resuming */ conversationId?: string; }; export type AgentEndData = BaseEventData & { /** How the agent ended */ reason: "user_exit" | "error" | "timeout" | "completed" | "unknown"; /** Error message if ended due to error */ error?: string; /** Total duration of the conversation in ms */ durationMs?: number; }; export type SessionStartData = BaseEventData & { /** Session identifier */ sessionId: string; /** Whether this is a new or resumed session */ isNew: boolean; }; export type SessionEndData = BaseEventData & { /** Session identifier */ sessionId: string; /** Session duration in ms */ durationMs?: number; }; export type MessageReceivedData = BaseEventData & { /** Who sent the message */ from: "user" | "assistant" | "system" | "tool"; /** Message content (may be truncated for large content) */ content: string; /** Content length before truncation */ contentLength: number; }; export type MessageSendingData = BaseEventData & { /** Target of the message */ to: "user" | "llm" | "tool"; /** Message content (may be truncated) */ content: string; /** Content length before truncation */ contentLength: number; }; export type MessageSentData = BaseEventData & { /** Target of the message */ to: "user" | "llm" | "tool"; /** Success status */ success: boolean; /** Duration to send in ms */ durationMs?: number; }; export type BeforeMessageWriteData = BaseEventData & { /** File path being written to (e.g., JSONL log) */ filePath: string; /** Message being written (may be truncated) */ content: string; /** Content length before truncation */ contentLength: number; }; export type BeforeModelResolveData = BaseEventData & { /** Requested model ID/name */ requestedModel: string; }; export type BeforePromptBuildData = BaseEventData & { /** Number of messages in history */ messageCount: number; /** Total token estimate */ tokenEstimate?: number; }; export type LlmInputData = BaseEventData & { /** Model being called */ model: string; /** Full prompt content (may be truncated for very large prompts) */ content: string; /** Content length before truncation */ contentLength: number; /** Number of messages in the request */ messageCount: number; /** Token count if available */ tokenCount?: number; /** System prompt if separate */ systemPrompt?: string; }; export type LlmOutputData = BaseEventData & { /** Model that responded */ model: string; /** Response content (may be truncated) */ content: string; /** Content length before truncation */ contentLength: number; /** Whether the response was streamed */ streamed: boolean; /** Tokens used (input + output) if available */ tokenUsage?: { input: number; output: number; total: number; }; /** Latency to first token / full response in ms */ latencyMs: number; /** Stop reason */ stopReason?: "end_turn" | "max_tokens" | "tool_use" | "error" | string; }; export type BeforeToolCallData = BaseEventData & { /** Tool name being called */ toolName: string; /** Tool parameters (sanitized) */ params: Record<string, unknown>; /** Tool input hash for dedup */ inputHash?: string; }; export type AfterToolCallData = BaseEventData & { /** Tool name that was called */ toolName: string; /** Tool parameters (sanitized) */ params: Record<string, unknown>; /** Whether the call succeeded */ success: boolean; /** Error message if failed */ error?: string; /** Result summary (truncated if large) */ resultSummary?: string; /** Result size in bytes */ resultSizeBytes: number; /** Execution duration in ms */ durationMs: number; }; export type ToolResultPersistData = BaseEventData & { /** Tool name */ toolName?: string; /** Whether the result was modified (e.g., quota message appended) */ modified: boolean; /** Modification reason if modified */ modificationReason?: string; }; export type BeforeCompactionData = BaseEventData & { /** Number of messages before compaction */ messageCount: number; /** Estimated token count before */ tokenEstimate?: number; /** Reason for compaction */ reason: "token_limit" | "manual" | "auto"; }; export type AfterCompactionData = BaseEventData & { /** Number of messages after compaction */ messageCount: number; /** Messages removed */ removedCount: number; /** Estimated token count after */ tokenEstimate?: number; }; export type BeforeResetData = BaseEventData & { /** Reason for reset */ reason: "user_request" | "error_recovery" | "context_overflow" | "unknown"; /** Number of messages being cleared */ messageCount: number; }; export type SubagentSpawningData = BaseEventData & { /** Subagent ID being created */ subagentId: string; /** Type of subagent */ subagentType: string; /** Task/prompt for the subagent */ task: string; /** Task length before truncation */ taskLength: number; /** Parent agent context */ parentContext?: string; }; export type SubagentDeliveryTargetData = BaseEventData & { /** Subagent ID */ subagentId: string; /** Delivery target type */ targetType: string; /** Target details */ targetDetails?: Record<string, unknown>; }; export type SubagentSpawnedData = BaseEventData & { /** Subagent ID that was created */ subagentId: string; /** Subagent type */ subagentType: string; /** Whether spawn was successful */ success: boolean; /** Error if failed */ error?: string; }; export type SubagentEndedData = BaseEventData & { /** Subagent ID that ended */ subagentId: string; /** How it ended */ reason: "completed" | "error" | "timeout" | "cancelled" | "unknown"; /** Result summary if completed */ resultSummary?: string; /** Error message if failed */ error?: string; /** Duration in ms */ durationMs?: number; }; export type GatewayStartData = BaseEventData & { /** Gateway port */ port: number; /** Gateway URL */ url: string; }; export type GatewayStopData = BaseEventData & { /** Reason for stopping */ reason: "shutdown" | "error" | "restart" | "unknown"; /** Error if stopped due to error */ error?: string; }; export type HookEventData = BeforeAgentStartData | AgentEndData | SessionStartData | SessionEndData | MessageReceivedData | MessageSendingData | MessageSentData | BeforeMessageWriteData | BeforeModelResolveData | BeforePromptBuildData | LlmInputData | LlmOutputData | BeforeToolCallData | AfterToolCallData | ToolResultPersistData | BeforeCompactionData | AfterCompactionData | BeforeResetData | SubagentSpawningData | SubagentDeliveryTargetData | SubagentSpawnedData | SubagentEndedData | GatewayStartData | GatewayStopData; /** A single hook event for reporting to Core */ export type HookEvent = { /** Event sequence number (monotonically increasing per session) */ seq: number; /** Hook type */ hookType: HookType; /** Event data specific to this hook type */ data: HookEventData; }; /** Request body for POST /api/v1/events/stream */ export type EventStreamRequest = { /** Agent ID from credentials */ agentId: string; /** Session key */ sessionKey: string; /** Run ID for this conversation */ runId: string; /** Array of events to report */ events: HookEvent[]; /** Client metadata */ meta: { pluginVersion: string; clientTimestamp: string; }; }; /** Response from POST /api/v1/events/stream */ export type EventStreamResponse = { success: boolean; data?: { /** Number of events processed */ processed: number; /** Block decisions for blocking hooks (keyed by seq) */ blocks?: Array<{ seq: number; reason: string; findings?: Array<{ riskLevel: string; riskType: string; reason: string; }>; }>; }; error?: string; }; /** Map of hook types to their expected data types (for runtime validation) */ export declare const HOOK_DATA_FIELDS: Record<HookType, string[]>; //# sourceMappingURL=hook-types.d.ts.map