mirror of https://github.com/openclaw/openclaw.git
ba28dbc016
Guardian intercepts tool calls via before_tool_call hook and sends them to a separate LLM for review — blocks actions the user never requested, defending against prompt injection attacks. Key design decisions: - Conversation turns (user + assistant pairs) give guardian context to understand confirmations like "yes" / "go ahead" - Assistant replies are explicitly marked as untrusted in the prompt to prevent poisoning attacks from propagating - Provider resolution uses SDK (not hardcoded list) with 3-layer fallback: explicit config → models.json → pi-ai built-in database - Lazy resolution pattern for async provider/auth lookup in sync register() Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| guardian-client.test.ts | ||
| guardian-client.ts | ||
| index.test.ts | ||
| index.ts | ||
| message-cache.test.ts | ||
| message-cache.ts | ||
| openclaw.plugin.json | ||
| package.json | ||
| prompt.test.ts | ||
| prompt.ts | ||
| types.test.ts | ||
| types.ts | ||