npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@traceproof/openclaw-traceproof-runtime

v0.2.1

Published

TraceProof core verification runtime for OpenClaw: one trace per session, verified IN/OUT message proofs, bundled grounding, and public TraceProof skill.

Downloads

249

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

fzurrofzurro

Keywords

traceproofopenclawverificationprovenancemessage-proofs

Readme

TraceProof Runtime for OpenClaw

TraceProof adds provenance-first verification to real OpenClaw conversations.

This package enables:

  • one TraceProof conversation trace per session
  • verified inbound message proofs
  • verified outbound message proofs

Register a free developer account at traceproof.org to create an OAuth client, Agent, and credential for testing.

Important: this package enables TraceProof verification, but it does not automatically render proof state in the visible chat UI. Showing badges, verify links, QR codes, or proof summaries in a channel or app UI is the responsibility of the developer integrating OpenClaw.

What this release does

  • Bundles the TraceProof runtime plugin for OpenClaw
  • Creates one TraceProof conversation trace on the first message in a session
  • Uses OAuth2 client credentials to authenticate TraceProof API calls
  • Issues and verifies inbound message proofs (message:received)
  • Issues and verifies outbound message proofs (message:sent)
  • Stores per-session state in the agent workspace for trace continuity and dedupe
  • Dedupes duplicate Telegram outbound events using messageId
  • Dedupes duplicate inbound events using digest + short time window
  • Includes bundled TraceProof grounding files for use in the OpenClaw workspace

What this release does not do

  • It does not force visible per-channel UI banners or badges
  • It does not fetch and render QR image binaries in chat
  • It does not replace channel-specific UX logic inside OpenClaw core
  • It does not automatically make the assistant knowledgeable about TraceProof unless the bundled workspace grounding is also copied into the active workspace

This release is the stable core build.

Treat Telegram as the reference proofing channel, not the reference UX-banner implementation.

UI / channel display note

This package enables TraceProof in OpenClaw conversations, but it does not force TraceProof status, badges, verify links, or QR codes to appear in the visible chat UI.

In practice, this means:

  • the plugin creates the conversation trace
  • the plugin issues and verifies inbound/outbound message proofs
  • the developer decides how to surface verify URLs, public references, QR codes, or proof status in their own channel or app UI

Package contents

  • index.js — runtime plugin
  • openclaw.plugin.json — manifest + config schema
  • bootstrap/AGENTS.md — workspace grounding file
  • skills/traceproof/SKILL.md — public TraceProof skill
  • samples/openclaw.config.template.json — config template with placeholders
  • RELEASE-NOTES.md — release scope and limits
  • PUBLISHING.md — publish and release steps

Installation

Installation has two parts:

  1. install the runtime plugin
  2. copy the bundled TraceProof grounding into the active OpenClaw workspace

1) Install the TraceProof runtime plugin

From the package folder:

openclaw plugins install /absolute/path/to/traceproof-openclaw
openclaw plugins enable traceproof-runtime
openclaw gateway restart

This installs the core runtime that:

  • creates a TraceProof conversation trace
  • gets an OAuth2 bearer token for TraceProof API calls
  • issues and verifies inbound/outbound message proofs
  • stores per-session state in <workspace>/.traceproof-runtime/sessions.json

2) Install the TraceProof workspace grounding

For the best and most predictable TraceProof product answers in chat, also copy the bundled grounding into the active OpenClaw workspace.

Windows (PowerShell)

Copy-Item ".\bootstrap\AGENTS.md" "$HOME\.openclaw\workspace\AGENTS.md" -Force
New-Item -ItemType Directory -Path "$HOME\.openclaw\workspace\skills\traceproof" -Force
Copy-Item ".\skills\traceproof\SKILL.md" "$HOME\.openclaw\workspace\skills\traceproof\SKILL.md" -Force
openclaw gateway restart

macOS / Linux

cp ./bootstrap/AGENTS.md ~/.openclaw/workspace/AGENTS.md
mkdir -p ~/.openclaw/workspace/skills/traceproof
cp ./skills/traceproof/SKILL.md ~/.openclaw/workspace/skills/traceproof/SKILL.md
openclaw gateway restart

This step is recommended because:

  • AGENTS.md in the workspace root provides the TraceProof operating guidance
  • skills/traceproof/SKILL.md in the workspace makes the TraceProof skill available from the highest-precedence location

Configuration

Create a free developer account at traceproof.org, then create:

  • a TraceProof OAuth client
  • a TraceProof Agent
  • a TraceProof credential

Add this block to ~/.openclaw/openclaw.json and replace the placeholders:

{
  "plugins": {
    "entries": {
      "traceproof-runtime": {
        "enabled": true,
        "config": {
          "apiBaseUrl": "https://api.traceproof.org",
          "oauthTokenUrl": "https://auth.traceproof.org/oauth/token",
          "oauthClientId": "<YOUR_TRACEPROOF_OAUTH_CLIENT_ID>",
          "oauthClientSecret": "<YOUR_TRACEPROOF_OAUTH_CLIENT_SECRET>",
          "oauthScope": "trace:create trace:qr proof:issue proof:verify",
          "oauthResource": "https://api.traceproof.org",
          "oauthClientAuthMethod": "client_secret_post",
          "agentId": "<YOUR_TRACEPROOF_AGENT_ID>",
          "credentialKey": "<YOUR_TRACEPROOF_CREDENTIAL_KEY>",
          "channel": "chat",
          "sourceSystem": "openclaw",
          "originLabel": "openclaw-chat",
          "qrFormat": "svg",
          "verifyProofs": true,
          "debug": false
        }
      }
    }
  }
}

Notes:

  • The TraceProof API endpoints and JSON payloads stay the same.
  • The runtime still sends agentId and credentialKey on trace and proof requests.
  • The runtime now first requests an OAuth2 access token, then sends Authorization: Bearer <token> on TraceProof API calls.
  • Tokens are cached in memory and refreshed shortly before expiry.

First test

  1. Start or open a real OpenClaw conversation
  2. Send a message such as:
    • What is TraceProof?
    • tell me about traceproof
  3. Wait for the assistant reply
  4. Check the session state file

Example check

macOS / Linux

cat ~/.openclaw/workspace/.traceproof-runtime/sessions.json

Windows (PowerShell)

type $HOME\.openclaw\workspace\.traceproof-runtime\sessions.json

You should see:

  • one conversation trace
  • publicReference
  • verifyUrl
  • one IN proof
  • one OUT proof once the assistant replies

See samples/sessions.json.sample for an example.

State path

Per-session state is written to:

<workspace>/.traceproof-runtime/sessions.json

Recommended public positioning

Describe this package as:

TraceProof for OpenClaw — core verification runtime

That accurately matches the stable behavior in this release.

Summary

This package gives OpenClaw:

  • a TraceProof conversation trace
  • OAuth2-authenticated TraceProof API access
  • verified inbound proofs
  • verified outbound proofs
  • persistent per-session verification state

It does not define how proof state should look in a channel UI. That part is left to the developer integrating OpenClaw into their own user experience.