feat(openclaw-aport): add aport_check and aport_passport optional agent tools#64
Open
feat(openclaw-aport): add aport_check and aport_passport optional agent tools#64
Conversation
…nt tools - aport_check: agent can query OAP authorization before executing sensitive tools - aport_passport: agent can read or scaffold its APort passport - Both tools registered optional: true (opt-in via tools.allow) - Reuses existing helpers: mapToolToPolicy, verifyViaScript/API, verifyDecisionIntegrity - No changes to existing before_tool_call hook (zero regression risk) - 9 new tests added to test.js (30 total, all passing) - openclaw-aport version bumped 1.0.10 → 1.1.0 (minor) CHANGELOG updated. Changeset created for openclaw-aport minor bump. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds two optional, opt-in agent tools to the
extensions/openclaw-aportOpenClaw plugin:aport_checkLets the agent query whether a specific tool call is authorized by its OAP passport before executing it.
Usage: Opt-in via
agents.list[].tools.allow: ["aport_check"]Returns:
{ allowed: boolean, policy: string | null, reason: string }Design: Reuses existing helpers
mapToolToPolicy,verifyViaScript/verifyViaAPI, andverifyDecisionIntegrityfrom the existing hook. No logic duplication.aport_passportLets the agent inspect its current passport or scaffold a new one.
Usage: Opt-in via
agents.list[].tools.allow: ["aport_passport"]Actions:
read→ returns passport_id, assurance_level, capabilities, statusgenerate→ creates a default passport.json at the configured path (no-op if already exists)Type of Change
Architecture notes
optional: true— never auto-enabledbefore_tool_callhook is untouched (zero regression risk)mode,passportFile,guardrailScript,apiUrl,apiKey, etc.) captured from surroundingregister()— same as hookRelease workflow impact
@aporthq/openclaw-aportIS a workspace package (listed in rootpackage.jsonworkspaces). However, the release workflow (release.yml) only publishes root + core + langchain + crewai + cursor + claude-code packages via explicit-wflags. It does not publish@aporthq/openclaw-aport. The package is also NOT in the.changeset/config.jsonfixed version group. Therefore this version bump (1.0.10 → 1.1.0) has no impact on the release workflow.Testing
npx tsc --noEmit— zero errorsnpm test— all 30 tests pass (21 existing + 9 new)Checklist
.changeset/feat-openclaw-agent-tools.md)🤖 Generated with Claude Code