npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@atpdevelopment/openclaw-atp

v1.0.0

Published

ATP (Agent Trust Protocol) security integration for OpenClaw agents

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

atpdeveloperatpdeveloper

Keywords

atpagent-trust-protocolopenclawai-agentssecurityquantum-safelangchaincrewai

Readme

🔐 ATP OpenClaw Integration

Quantum-safe security layer for OpenClaw AI agents

This package provides seamless integration between the Agent Trust Protocol™ (ATP) and OpenClaw, enabling enterprise-grade security, trust scoring, and policy enforcement for multi-agent AI systems.

🌟 Features

  • 🛡️ Agent Identity Management - Quantum-safe DIDs for every OpenClaw agent
  • 🔒 Tool Security Wrapper - ATP security checks on all tool calls
  • 📊 Trust-Based Access Control - Dynamic trust scoring and policy enforcement
  • 📝 Task-Level Security - Attach security metadata to tasks and knowledge graphs
  • 🌐 Graph Validation - Policy-based validation of agent interaction graphs
  • 📡 Observability Integration - Lunary metrics → ATP trust engine
  • 🔑 Secrets Management - ATP-managed credentials for external services
  • 📦 Zero Configuration - Works out of the box with OpenClaw

🚀 Quick Start

Installation

pip install openclaw-atp  # Python package
# or
npm install @atpdevelopment/openclaw-atp  # For TypeScript projects

Basic Usage (Python)

from openclaw.agents.langchain import ReActToolCallingOpenClawAgent
from openclaw_atp import (
    register_agent_with_atp,
    secure_tools,
    atp_protected_task,
    ATPClient
)

# Initialize ATP client
atp = ATPClient(base_url="https://atp.protocol")

# 1. Register agent with ATP identity
agent_meta = register_agent_with_atp(
    atp_client=atp,
    name="writer",
    role="content_writer",
    trust_level="verified"
)

# 2. Wrap tools with ATP security
raw_tools = [search_tool, write_tool, file_tool]
secure_tools_list = secure_tools(raw_tools, atp)

# 3. Create OpenClaw agent with ATP
writer = ReActToolCallingOpenClawAgent(
    name="writer",
    tools=secure_tools_list,
    metadata={"atp": agent_meta}
)

# 4. Create ATP-protected tasks
@atp_protected_task(
    required_trust=0.8,
    policy="finance_high_risk",
    data_classification="sensitive"
)
async def execute_trade():
    # Task implementation
    pass

Advanced Usage

from openclaw import OpenClaw
from openclaw.tasks import SimpleTask
from openclaw_atp import (
    validate_crew_with_atp,
    ATPPolicyProfile,
    ATPGraphValidator
)

# Create crew with multiple agents
crew = OpenClaw()
crew.add_agent(writer, [search_tool, write_tool])
crew.add_agent(trader, [market_tool, trade_tool])
crew.add_agent(reviewer, [read_tool, approve_tool])

# Define ATP policies
policy = ATPPolicyProfile(
    name="finance_workflow",
    inter_agent_rules={
        ("writer", "trader"): {"allowed": False},
        ("trader", "reviewer"): {"allowed": True, "data_types": ["trade_request"]}
    },
    workflow_constraints={
        "max_chain_depth": 5,
        "allow_cycles": False,
        "trust_threshold": 0.85
    }
)

# Validate crew graph with ATP before running
validator = ATPGraphValidator(atp, policy)
validation_result = validator.validate_crew(crew)

if not validation_result.is_valid:
    raise SecurityError(f"ATP validation failed: {validation_result.errors}")

# Run crew with ATP protection
crew.run()

📋 Configuration Profiles

from openclaw_atp import ATPConfigProfile

# Strict development profile (safe defaults)
dev_profile = ATPConfigProfile.strict_dev()

# Production finance profile
finance_profile = ATPConfigProfile.production_finance(
    min_trust=0.95,
    require_mfa=True,
    audit_level="full"
)

# PII-heavy workflow profile
pii_profile = ATPConfigProfile.pii_workflow(
    data_encryption=True,
    retention_days=90,
    compliance=["GDPR", "CCPA"]
)

🔧 Integration Points

1. Agent Registration

Every OpenClaw agent gets:

  • Quantum-safe DID (Decentralized Identifier)
  • Ed25519 + Dilithium key pair
  • Initial trust score (0.0 - 1.0)
  • Policy profile assignment

2. Tool Call Interception

ATP intercepts all tool calls to:

  • Verify agent authentication
  • Check policy permissions
  • Log actions for audit
  • Update trust scores
  • Block unauthorized access

3. Task Security Metadata

Attach to any SimpleTask:

  • required_trust: Minimum trust score
  • policy: Required policy set
  • data_classification: PII, financial, public
  • sensitivity_level: low, medium, high, critical

4. Graph Validation

Before crew.run():

  • Validate agent-to-agent connections
  • Check data flow permissions
  • Enforce depth/fan-out limits
  • Detect policy violations

5. Observability → Trust Engine

Stream from Lunary:

  • Error rates per agent
  • Tool misuse patterns
  • Latency anomalies
  • Call volume spikes

ATP automatically:

  • Adjusts trust scores
  • Triggers workflows (alerts, blocks)
  • Updates access policies

6. External Service Protection

ATP-managed connectors for:

  • HTTP APIs: Allow-lists, DLP checks
  • Databases: Query validation, row-level security
  • File Systems: Path restrictions, content scanning
  • Secrets: Short-lived, scoped credentials

📊 Monitoring & Metrics

from openclaw_atp import ATPMonitor

monitor = ATPMonitor(atp)

# Real-time trust scores
trust_scores = monitor.get_agent_trust_scores()

# Policy violations
violations = monitor.get_policy_violations(since="24h")

# Tool usage stats
stats = monitor.get_tool_usage_stats(agent_name="trader")

# Security events
events = monitor.get_security_events(severity="high")

🧪 Testing

# Test ATP integration
python -m openclaw_atp.test

# Validate specific crew
from openclaw_atp import test_crew_security
test_crew_security(crew, atp_client)

📚 API Reference

Core Functions

  • register_agent_with_atp(client, name, role, trust_level) - Register agent identity
  • secure_tools(tools, client) - Wrap tools with ATP security
  • atp_protected_task(required_trust, policy, data_classification) - Decorator for tasks
  • validate_crew_with_atp(crew, client, policy) - Validate agent graph

Classes

  • ATPOpenClawAgent - Base agent class with ATP identity
  • ATPToolWrapper - Security wrapper for tools
  • ATPGraphValidator - Graph validation engine
  • ATPPolicyProfile - Policy configuration
  • ATPMonitor - Monitoring and metrics
  • ATPLunaryExporter - Lunary → ATP bridge

🔐 Security Best Practices

  1. Always validate crew graphs before production runs
  2. Use strict profiles for development and testing
  3. Set appropriate trust thresholds per task sensitivity
  4. Enable full audit logging for compliance requirements
  5. Rotate credentials via ATP secret management
  6. Monitor trust score changes and investigate drops
  7. Test policy violations before deploying workflows

🆘 Support

  • Documentation: https://docs.atp.dev/openclaw
  • Issues: https://github.com/agent-trust-protocol/core/issues
  • Discord: https://discord.gg/atp
  • Email: [email protected]

📄 License

Apache-2.0 - see LICENSE

🙏 Credits

Built on top of:

Made with 🔐 by the Agent Trust Protocol™ Team