Conversation
added 8 commits
April 1, 2026 16:09
…r() instead OpenClaw 2026.3.31 added a security scanner that flags plugins combining environment variable access with network requests as potential credential harvesting. The RAMPART_TOKEN env var check triggered this false positive. Token is now loaded only from ~/.rampart/token via os.homedir() — no env var access. The token is a local auth token for the Rampart daemon on localhost and never leaves the machine.
params_match is not a supported engine condition field. The message tool has no filterable fields in the current policy engine, so revert to default: true allow rule. Zero lint errors, 39/39 policy tests pass.
When the before_tool_call plugin is installed, the legacy bridge ask-mode config (ask: on-miss) is irrelevant — the plugin intercepts all tool calls before they run. Showing the warning confused plugin users into thinking something was broken when everything was working correctly. The plugin check now runs first and the ask-mode check is skipped entirely when the plugin is detected. Legacy bridge-only users still see the warning.
- openclaw.plugin.json: version 0.1.0 -> 0.9.12 (matches binary) - index.js: register gateway method rampart.status so plugin is classified as hybrid-capability instead of hook-only (OpenClaw 2026.3.31 compat) - setup_openclaw_plugin.go: add rampart to plugins.allow during setup so OpenClaw security audit doesn't warn about unallowlisted plugins
When the before_tool_call plugin is installed, it intercepts read/write/edit along with all other tool calls. Dist patches for file tools are fully redundant in this case. Update distPatched to treat plugin as equivalent, and show a clearer success message distinguishing plugin vs patch coverage.
Returns (added, existingIDs, err) so caller can show what was preserved. Setup output now confirms existing plugins are untouched when rampart is added. Eliminates any risk of the function accidentally breaking Discord or other plugins.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The install script at
rampart.sh/installwas being served withcontent-type: text/htmlby Cloudflare Pages, causingcurl -fsSL https://rampart.sh/install | shto pipe HTML to the shell and fail.This is the first command in the quickstart docs and was completely broken for new users during cold-start walkthrough.
Fix: add
docs/_headerswithContent-Type: text/plainfor/installand/install.sh. Cloudflare Pages respects this file for custom per-path headers.No code changes, no docs changes needed — the install script already exists at the right path in
docs/install.