npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

openclaw-aegis-signer

v2.0.1

Published

Ed25519-signed, SHA-256-chained tool-call audit log for OpenClaw multi-agent setups. Tamper-evident provenance chain.

Readme

AEGIS Tool-Call Audit Signer

Cryptographically-signed audit chain for OpenClaw multi-agent tool calls. Every tool invocation is signed with Ed25519 and chained via SHA-256. Inspector replays and verifies provenance during audit. The chain is append-only and tamper-evident: modifying any past entry invalidates every subsequent signature.

Pure Node: no Python, no native deps, no shell-out. Uses Node's built-in crypto module (Ed25519 signing native since Node 16).

Why this exists

Multi-agent systems suffer from "MISSION ACCOMPLISHED" fabrication: an agent claims a task is done without actually performing the tool calls. Without a verifiable record of which tools fired and what they returned, Inspector cannot distinguish a real success from a hallucinated one.

This plugin solves that:

  1. Hooks the after_tool_call event
  2. Computes SHA-256 digests of tool args and results (both redacted by default)
  3. Signs the entry body with the configured Ed25519 private key
  4. Appends a chain link where each entry's this_hash = sha256(prev_hash + body)
  5. Stores the signed entry as one JSON line in ~/.openclaw/audit-log.jsonl

Inspector's audit phase replays the chain, recomputes hashes, verifies each signature against the public key, and confirms continuity. Any tampered or missing entry breaks verification.

Install

Via OpenClaw plugins CLI:

openclaw plugins install clawhub:openclaw-aegis-signer

No --dangerously-force-unsafe-install flag required as of v2.0.0. The plugin contains zero shell-execution patterns.

One-time key generation

Generate a fresh Ed25519 keypair before enabling the plugin:

mkdir -p ~/.openclaw/aegis
node -e '
const c = require("crypto");
const fs = require("fs");
const { publicKey, privateKey } = c.generateKeyPairSync("ed25519");
fs.writeFileSync(
  process.env.HOME + "/.openclaw/aegis/private.key",
  privateKey.export({ format: "pem", type: "pkcs8" }),
);
fs.writeFileSync(
  process.env.HOME + "/.openclaw/aegis/public.key",
  publicKey.export({ format: "pem", type: "spki" }),
);
'
chmod 600 ~/.openclaw/aegis/private.key

The plugin also accepts the 32-byte raw seed format produced by PyNaCl, so existing keypairs from earlier (1.x) deployments still work.

Configure in OpenClaw

{
  "plugins": {
    "entries": {
      "aegis-signer": {
        "enabled": true,
        "config": {
          "privateKeyPath": "/home/USER/.openclaw/aegis/private.key",
          "publicKeyPath": "/home/USER/.openclaw/aegis/public.key",
          "auditLogPath": "/home/USER/.openclaw/audit-log.jsonl"
        }
      }
    }
  }
}

Restart the gateway: systemctl --user restart openclaw-gateway.

What gets logged

Each tool call appends one JSON line. Example shape:

{
  "agent": "captain",
  "args_hash": "sha256:7a8b...",
  "prev_hash": "sha256:9e8f...",
  "result_hash": "sha256:c1d2...",
  "seq": 4217,
  "tool": "thalamus_route",
  "ts": "2026-05-05T20:14:32.811Z",
  "this_hash": "sha256:a3b4...",
  "signature": "ed25519:6f7e8d9c..."
}

No raw arguments or results. Only their SHA-256 digests. This preserves privacy while still allowing replay verification by anyone with the input/output recorded separately (for example in Thalamus packets).

Verify the chain

Pure Node verifier ships with the plugin:

node node_modules/openclaw-aegis-signer/verify.js \
  ~/.openclaw/aegis/public.key \
  ~/.openclaw/audit-log.jsonl

Expected output: OK: <N> entries verified. If any entry was tampered with, verification fails at that index with a non-zero exit code.

Hooks

| Event | What this plugin does | |---|---| | after_tool_call | Compute args + result hashes, link to previous chain head, sign with Ed25519, append to chain |

No other hooks. The plugin is purely passive after registration.

Performance

  • Sign + chain operation: ~0.4ms per tool call on a Pi 5 CPU
  • Audit log growth: ~250 bytes per entry, ~1MB per 4000 calls
  • No network I/O, no native deps, no Python
  • Chain verification: ~30ms per 1000 entries on a Pi 5

Security caveats

  • Private key in ~/.openclaw/aegis/private.key should be chmod 600. The plugin warns at startup if the mode is wider.
  • If the key is compromised, rotate by generating a new keypair and starting a new chain. The old chain remains verifiable; new entries use the new key.
  • This plugin is provenance, not a pre-execution firewall: it records what happened, it does not block. For pre-execution policy combine with OpenClaw's tool allowlist.

Changelog

2.0.0

  • Removed Python dependency. Signing and verification are now pure Node via node:crypto (Ed25519 native).
  • No more child_process. Plugin scans cleanly without --dangerously-force-unsafe-install.
  • Manifest no longer declares python3 runtime.
  • signer.py and verify.py removed. New verify.js ships in the package.
  • Backward compatible with existing chains and existing PyNaCl-format raw 32-byte keys.

License

MIT. Source code: https://github.com/msbel5/openclaw-aegis-signer