evaOS OpenClaw Capability Manifest Verifier

OpenClaw plugin that enforces evaOS broker-issued Capability Manifest grants before tool calls.

This is the downstream, ClawHub-installable verifier path for evaOS issue #143. It intentionally uses OpenClaw's normal before_tool_call hook because ClawHub/external plugins cannot register host-trusted tool policies. The stronger bundled trusted-policy path remains in openclaw/openclaw#88189.

Behavior

• Disabled by default.
• Reads the manifest JWT from OPENCLAW_CAPABILITY_MANIFEST_JWT or a configured file path.
• Reads the HS256 verification secret from OPENCLAW_CAPABILITY_MANIFEST_SECRET.
• Verifies issuer evaos-broker, audience evaos-runtime, expiry, HS256 signature, and optional agent id.
• Maps grants to OpenClaw decisions:
  • allowed / allow: permits the tool call
  • requires_approval / approval: requests OpenClaw approval
  • denied / deny: blocks the tool call
• Missing grants fail closed by default.

Example Configuration

{
  "plugins": {
    "entries": {
      "evaos-capability-manifest-verifier": {
        "enabled": true,
        "manifestJwtEnv": "OPENCLAW_CAPABILITY_MANIFEST_JWT",
        "manifestSecretEnv": "OPENCLAW_CAPABILITY_MANIFEST_SECRET",
        "agentId": "openclaw",
        "defaultDecision": "deny"
      }
    }
  }
}

Keep the signing secret in the runtime environment. Do not store it in plugin configuration.

Boundary Note

This package is suitable for evaOS-owned OpenClaw deployments that can install and enable the plugin. It is not a replacement for a core/bundled host-trusted policy. If OpenClaw core accepts openclaw/openclaw#88189, prefer the bundled verifier for stronger policy ownership.