npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@msbel/openclaw-aegis-signer

v1.0.8

Published

Ed25519-signed, SHA-256-chained tool-call audit log for OpenClaw multi-agent setups. Tamper-evident provenance chain.

Readme

AEGIS Tool-Call Audit Signer

Cryptographically-signed audit chain for OpenClaw multi-agent tool calls. When Captain spawns Builder, Inspector reviews — every tool invocation in between is signed with Ed25519 and chained via SHA-256. Inspector can replay and verify provenance at any point. The chain is append-only and tamper-evident: modifying any past entry invalidates every subsequent signature.

Why this exists

Multi-agent systems suffer from "MISSION ACCOMPLISHED" fabrication: an agent claims a task is done without actually performing the tool calls. Without a verifiable record of which tools fired and what they returned, Inspector cannot distinguish a real success from a hallucinated one.

This plugin solves that by:

  1. Hooking into the OpenClaw after_tool_call event
  2. Capturing tool name, args (hashed), result hash, timestamp, agent id
  3. Signing the entry with the configured Ed25519 private key
  4. Appending it to a chain where each entry's hash includes the previous
  5. Storing the signed entry in ~/.openclaw/audit-log.jsonl

Inspector's audit phase replays the chain, verifies each signature against the public key, recomputes hashes, and confirms continuity. Any tampered or missing entry breaks verification.

Install

Via OpenClaw plugins CLI (recommended):

openclaw plugins install clawhub:openclaw-aegis-signer

Or via npm:

npm install -g @msbel/openclaw-aegis-signer
mkdir -p ~/.openclaw/aegis
cd ~/.openclaw/aegis
python3 -c "
from nacl.signing import SigningKey
sk = SigningKey.generate()
open('private.key', 'wb').write(sk.encode())
open('public.key', 'wb').write(sk.verify_key.encode())
"
chmod 600 private.key

Add to OpenClaw config

Append to ~/.openclaw/openclaw.json:

{
  "plugins": {
    "entries": {
      "aegis-signer": {
        "enabled": true,
        "config": {
          "signerPython": "python3",
          "signerScript": "/home/USER/.openclaw/aegis/signer.py",
          "privateKeyPath": "/home/USER/.openclaw/aegis/private.key",
          "publicKeyPath": "/home/USER/.openclaw/aegis/public.key",
          "auditLogPath": "/home/USER/.openclaw/audit-log.jsonl"
        }
      }
    }
  }
}

Restart the gateway: systemctl --user restart openclaw-gateway.

What gets logged

Each tool call appends one JSON line to audit-log.jsonl:

{
  "seq": 4217,
  "ts": "2026-05-05T20:14:32.811Z",
  "agent": "captain",
  "tool": "thalamus_route",
  "args_hash": "sha256:7a8b...",
  "result_hash": "sha256:c1d2...",
  "prev_hash": "sha256:9e8f...",
  "this_hash": "sha256:a3b4...",
  "signature": "ed25519:6f7e8d9c..."
}

No raw arguments or results are stored — only their SHA-256 digests. This preserves privacy while still allowing replay verification by anyone with the input/output recorded separately (for example in Thalamus packets).

Verify the chain

python3 verify.py /home/USER/.openclaw/aegis/public.key \
                  /home/USER/.openclaw/audit-log.jsonl

If any entry was tampered with, verification fails at that point.

Hooks

| Event | What this plugin does | |---|---| | after_tool_call | Compute args+result hashes, sign with Ed25519, append to chain |

No other hooks. The plugin is purely passive after registration.

Inspector integration

Inspector's audit phase reads audit-log.jsonl, verifies the chain, then cross-references entries against Captain's claimed actions in the spawn report. Discrepancies (claimed but no signed entry) indicate fabrication.

Performance

  • Sign + chain operation: ~1ms per tool call
  • Audit log growth: ~250 bytes per entry, ~1MB per 4000 calls
  • No network I/O (all local)
  • Chain verification: ~50ms per 1000 entries on a Pi 5

Security caveats

  • Private key in ~/.openclaw/aegis/private.key must be chmod 600
  • If the key is compromised, rotate by generating a new keypair and starting a new chain. The old chain remains verifiable; new entries use the new key.
  • This plugin is provenance, not a pre-execution firewall: it records what happened, it does not block. For pre-execution policy combine it with OpenClaw's tool allowlist.

License

MIT. Source code: https://github.com/msbel5/openclaw-aegis-signer