openclaw-plugins-data-guard
v1.1.0
Published
Data Guard — 双层数据脱敏插件(HTTP 代理层 + 工具调用层),融合自 data-guard-proxy v2.2 + file-guard v1.1。纯 Node.js 引擎(零外部依赖),25 类脱敏 + CSV/XLSX/XLS 列名精准脱敏 + 消息文本脱敏。
Maintainers
yesirsongReadme
Data Guard - AI Data Privacy Shield
A dual-layer data desensitization plugin for OpenClaw. Zero data leakage, pure local processing.
🛡️ Overview | 概述
Data Guard is an OpenClaw plugin that provides enterprise-grade privacy protection for AI interactions. It intercepts and sanitizes sensitive data before it leaves your machine, ensuring AI APIs never receive raw personal information.
| 属性 | 值 | |------|-----| | Version | 1.0.8 | | Type | OpenClaw Plugin | | Engine | Pure Node.js (Zero External Dependencies) | | Platform | macOS / Linux / Windows | | License | MIT |
🔒 Architecture | 架构设计
┌─────────────────────────────────────────────────────────────────┐
│ User's Machine │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ OpenClaw Gateway │ │
│ │ ┌────────────────────────────────────────────────────┐ │ │
│ │ │ Layer 2: File Desensitization (Tool Hook) │ │ │
│ │ │ - Intercepts read/read_file/read_many_files │ │ │
│ │ │ - Sanitizes CSV/XLSX/XLS before AI sees it │ │ │
│ │ └────────────────────────────────────────────────────┘ │ │
│ │ ┌────────────────────────────────────────────────────┐ │ │
│ │ │ Layer 1: HTTP Proxy (Local Reverse Proxy) │ │ │
│ │ │ - Intercepts /v1/messages, /chat/completions │ │ │
│ │ │ - Sanitizes request body before upstream call │ │ │
│ │ │ - Only desensitized data reaches AI API │ │ │
│ │ └────────────────────────────────────────────────────┘ │ │
│ └──────────────────────────────────────────────────────────┘ │
│ ↓ (Sanitized Only) │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ AI Provider API │ │
│ │ (MiniMax / OpenAI / Claude / Qwen) │ │
│ └──────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘Dual-Layer Protection | 双层防护机制
| Layer | Trigger | Mechanism | Coverage |
|-------|---------|------------|----------|
| L1: HTTP Proxy | POST /v1/* | Local reverse proxy on port 47291 | All API messages |
| L2: Tool Hook | before_tool_call | File content sanitization | CSV / XLSX / XLS |
🎯 Supported Data Types | 支持的脱敏类型
25 Categories of Sensitive Data | 25类敏感数据类型
| Category | Patterns | Example |
|----------|----------|---------|
| 手机号 / Phone | 1[3-9]\d{9} | 13812345678 → 138****5678 |
| 身份证号 / ID Card | 18-digit Chinese ID | 110101199001011234 → 1101***********1234 |
| 银行卡号 / Bank Card | 16-19 digit cards | 6222021234567890123 → 622202**********0123 |
| 邮箱 / Email | Standard email format | [email protected] → u**@e******.com |
| IP地址 / IP Address | IPv4/IPv6 | 192.168.1.100 → 192.168.*.* |
| 护照号 / Passport | P + 8-9 digits | E12345678 → E******** |
| 发票号码 / Invoice | Various formats | FP1234567890 → FP*********** |
| 订单号 / Order ID | Various formats | DD2023123456789 → DD************* |
| 社保卡号 / SSN | 18-digit | 123456789012345678 → **************5678 |
| ... | ... | ... |
Column-Level Desensitization | 列级精准脱敏
For structured files (CSV/XLSX), the plugin identifies sensitive columns by header names:
# Input (AI never sees this)
姓名,手机号,身份证号,银行卡号,邮箱,家庭住址
张明伟,13812345678,110101199001011234,6222021234567890123,[email protected],北京市朝阳区
# Output (AI receives sanitized data)
姓名,手机号,身份证号,银行卡号,邮箱,家庭住址
张**,138****5678,1101***********1234,6222**********90123,z**@e******.com,北京市朝阳区📦 Installation | 安装
Prerequisites | 前置要求
- Node.js >= 18
- OpenClaw Gateway
Quick Install | 快速安装
# Method 1: via OpenClaw CLI (Recommended)
openclaw plugins install openclaw-plugins-data-guard
# Method 2: via npm
npm install -g openclaw-plugins-data-guard
# Method 3: via source
git clone https://github.com/your-org/openclaw-plugins-data-guard.git
cd openclaw-plugins-data-guard
npm install
openclaw plugins install .Verify Installation | 验证安装
openclaw plugins list
# Should show: openclaw-plugins-data-guard
openclaw gateway restart⚙️ Configuration | 配置
Environment Variables | 环境变量
| Variable | Default | Description |
|----------|---------|-------------|
| DATA_GUARD_PORT | 47291 | Proxy listening port |
| DATA_GUARD_BLOCK_ON_FAILURE | true | Block request on desensitization error |
| OPENCLAW_DIR | ~/.openclaw | OpenClaw config directory (auto-detect on Windows) |
Example | 示例
# Custom port
DATA_GUARD_PORT=47292 openclaw gateway restart
# Fail-open mode (not recommended)
DATA_GUARD_BLOCK_ON_FAILURE=false openclaw gateway restart🎬 Usage Scenarios | 使用场景
1. Financial Research | 金融投研
# Researcher analyzes customer database
客户姓名,交易账号,身份证号,手机号,开户行,账户余额
李明,6222020012345678901,110101198801011234,13912345678,工商银行,¥1,250,000Data Guard Output:
客户姓名,交易账号,身份证号,手机号,开户行,账户余额
李**,6222**********78901,1101***********1234,139****5678,工商银行,¥1,250,0002. Medical Records | 医疗数据
# Doctor analyzes patient records
姓名,病历号,身份证,手机号,诊断结果,处方药物
王芳,BL2023001234,310101199005052345,13800001111,糖尿病,二甲双胍500mgData Guard Output:
姓名,病历号,身份证,手机号,诊断结果,处方药物
王*,BL***********,3101***********5345,138********11,糖尿病,二甲双胍500mg3. Customer Analytics | 客户分析
# Analyst processes user database
用户ID,昵称,手机号,邮箱,注册时间,消费金额
U12345,数据控,13812345678,[email protected],2023-01-15,¥8,888.00Data Guard Output:
用户ID,昵称,手机号,邮箱,注册时间,消费金额
U12345,数据控,138****5678,u**@e*****.com,2023-01-15,¥8,888.004. Legal Document Review | 法律文书
# Lawyer reviews contract
甲方姓名,身份证号,联系电话,银行账号,地址,签署日期
张总,120101197001011234,13912345678,6222021234567890,天津市和平区,2023-12-01Data Guard Output:
甲方姓名,身份证号,联系电话,银行账号,地址,签署日期
张*,1201***********234,139****5678,6222**********7890,天津市和平区,2023-12-01🔧 Supported Use Cases | 适用场景
| Industry | Use Case | Benefit | |----------|----------|---------| | Finance / 金融 | Customer database analysis | Protect account numbers, transaction IDs | | Investment Research / 投研 | Market data processing | Sanitize corporate identifiers, trading codes | | Healthcare / 医疗 | Patient record analysis | Protect medical record numbers, prescriptions | | Legal / 法律 | Contract review | Mask party identities, account details | | Insurance / 保险 | Claim processing | Sanitize policy numbers, claimant info | | E-commerce / 电商 | Order data analysis | Protect customer contact information | | HR / 人力资源 | Payroll processing | Mask employee IDs, salary information | | Government / 政府 | Citizen database | Protect ID numbers, addresses |
🧪 Technical Specifications | 技术规格
Performance | 性能
| Metric | Value | |--------|-------| | Latency Overhead | < 5ms per request | | Memory Footprint | ~50MB | | File Processing | Up to 100MB CSV/XLSX |
Security | 安全性
- Zero External Dependencies: Pure Node.js, no third-party desensitization libraries
- Local-Only Processing: All data stays on your machine
- Fail-Safe Default:
BLOCK_ON_FAILURE=trueprevents data leakage on errors - No Data Persistence: Temporary files are deleted immediately after processing
Compatibility | 兼容性
| Platform | Path | Notes |
|----------|------|-------|
| macOS | ~/.openclaw/ | Full support |
| Linux | ~/.openclaw/ | Full support |
| Windows | %APPDATA%\.openclaw\ | Full support |
📁 File Structure | 文件结构
openclaw-plugins-data-guard/
├── index.js # Plugin entry (OpenClaw hooks)
├── proxy.js # HTTP proxy server
├── desensitize.js # Core desensitization engine
├── xlsx-parser.js # Excel/CSV parser
├── install-check.js # Port cleanup on install
├── openclaw.plugin.json # Plugin manifest
├── package.json # npm package config
└── README.md # This file🔍 Troubleshooting | 故障排查
Port Already in Use | 端口被占用
# Check what's using port 47291
lsof -i :47291
# Kill existing process
kill -9 <PID>Plugin Not Loading | 插件未加载
# Run diagnostics
openclaw plugins doctor
# Reinstall
openclaw plugins uninstall openclaw-plugins-data-guard
openclaw plugins install openclaw-plugins-data-guardCheck Logs | 查看日志
# Proxy logs
cat ~/.openclaw/data-guard/proxy.log
# Recent entries
tail -20 ~/.openclaw/data-guard/proxy.log🤝 Contributing | 贡献
Contributions welcome! Please read our contributing guidelines before submitting PRs.
📄 License | 许可证
MIT License - see LICENSE file for details.
👥 Authors | 作者
- Alan Song
- Roxy Li
Zero Data Leakage | 数据不离开本机
All desensitization happens locally. AI APIs only receive sanitized data. 所有的脱敏处理都在本地完成。AI API 仅收到脱敏后的数据。