npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

policyguard-openclaw-plugin

v0.1.1

Published

PolicyGuard MVP plugin for OpenClaw with deterministic policy challenges and WDK adapter scaffold

Downloads

215

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

fastmistfastmist

Keywords

openclawpolicywdkmvp

Readme

PolicyGuard OpenClaw Plugin

PolicyGuard = WDK execution safety layer for OpenClaw.
Integration path: OpenClaw Tool -> PolicyGuard -> WDK -> Chain

This plugin enforces a deterministic approval boundary before funds-related actions execute:

  • PASS: safe/non-funds intent can proceed
  • CHALLENGE: funds intent requires explicit human approval

README Scoring Map (Criterion -> Evidence)

| Scoring Criterion | Delivered Evidence in Repo | How to Verify Quickly | |---|---|---| | Problem relevance (AI agent fund safety) | README + AWARD_PITCH.md problem framing | Read first 2 sections | | Deterministic safety mechanism | src/policy-engine.ts, src/commands.ts | Run /policy ... and confirm CHALLENGE for funds intents | | Approval gating + idempotency | src/commands.ts challenge state transition | Approve same challenge twice and confirm duplicate approve is blocked | | WDK/OpenClaw integration implementation | src/index.ts, src/wdk-adapter.ts, openclaw.plugin.json | Install plugin and invoke policyguard_command | | Engineering quality | tests/*, package.json scripts | Run npm run build && npm test && npm run validate |

Quickstart (aligned to demo user story)

a) Install policyguard-openclaw-plugin

openclaw plugins install policyguard-openclaw-plugin

(Version pin also works: openclaw plugins install [email protected])

b) Create WDK wallet context

Set the seed env key used by the plugin:

export WDK_SEED="<your mnemonic>"

Recommended plugin config:

{
  "plugins": {
    "policyguard-openclaw-plugin": {
      "persistencePath": "./data/pending-challenges.json",
      "wdkSeedEnvKey": "WDK_SEED",
      "chain": "arbitrum",
      "accountIndex": 0,
      "rpcUrl": "https://arb1.arbitrum.io/rpc",
      "swapProtocolLabel": "velora",
      "swapMaxFee": "0.003"
    }
  }
}

c) Let user transfer some ETH to Arbitrum mainnet

Talk directly to OpenClaw in chat:

  1. /policy transfer <amount> ETH to <address>
  2. Receive CHALLENGE + challengeId
  3. /approve <challengeId> <reason>

d) Monitor hot on-chain tokens, analyze, then buy 1U

Demo user story step (same conversation style):

  1. Ask OpenClaw to monitor hot tokens
  2. Ask OpenClaw to pick the best opportunity
  3. Execute buy with a 1U-sized action through policy challenge + approval flow

Delivered architecture

  1. Command layer (src/commands.ts)

    • Handles /policy, /approve, /reject
    • Maintains challenge state transitions

  2. Policy layer (src/policy-engine.ts)

    • Deterministic PASS/CHALLENGE logic
    • Stable request fingerprinting

  3. Intent layer (src/intent.ts)

    • Extracts entities for transfer/swap flows

  4. Execution adapter (src/wdk-adapter.ts)

    • Routes approved intents into execution paths
    • Normalizes failures into structured categories

  5. Persistence (src/persistence.ts)

    • Durable challenge records for audit and replay analysis

Delivered technical highlights

  • Deterministic policy boundary independent from model randomness
  • Idempotent challenge lifecycle to prevent duplicate execution
  • Transfer + swap intent extraction with canonical parameters
  • Runtime safety checks for seed handling (env-only design)
  • Structured error taxonomy: RPC | ALLOWANCE | GAS | BALANCE | TIMEOUT | UNKNOWN
  • Local execution-first architecture for controlled deployment environments

Security constraints (implemented)

  • Seed-like plaintext keys in config are rejected at startup
  • Use environment variables for sensitive material only

Local verification

npm install
npm run build
npm test
npm run validate

Hackathon context source

  • Rules/context link provided by organizer:
    • https://hcni4f4mdq79.feishu.cn/wiki/LVzIwMpmKixXeHkeQQ0c8sn8nWg