-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathopenclaw_browser_automation.py
More file actions
192 lines (150 loc) · 5.84 KB
/
openclaw_browser_automation.py
File metadata and controls
192 lines (150 loc) · 5.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
"""
Example: Secure OpenClaw agent with authorization and verification.
This example demonstrates how to wrap an OpenClaw CLI agent with predicate-secure
to add pre-action authorization and audit logging for browser automation tasks.
Prerequisites:
1. OpenClaw CLI installed (npm install -g openclaw)
2. predicate-snapshot skill installed in OpenClaw
3. Policy file (policies/openclaw_browser.yaml)
"""
from pathlib import Path
from predicate_secure import SecureAgent
from predicate_secure.openclaw_adapter import OpenClawConfig
# Example policy file content (create this as policies/openclaw_browser.yaml):
EXAMPLE_POLICY = """
rules:
# Allow OpenClaw snapshot skill
- action: "openclaw.skill.predicate-snapshot"
resource: "*"
effect: allow
# Allow clicking on known safe domains
- action: "openclaw.skill.predicate-act.click"
resource: "element:*"
effect: allow
conditions:
# Only allow on safe domains (you'd check current URL in real policy)
- domain_matches: ["*.example.com", "*.trusted-site.com"]
# Allow typing in form fields (with restrictions)
- action: "openclaw.skill.predicate-act.type"
resource: "element:*"
effect: allow
conditions:
# Prevent entering sensitive data
- not_contains: ["password", "ssn", "credit"]
# Block scrolling to prevent UI confusion
- action: "openclaw.skill.predicate-act.scroll"
resource: "*"
effect: deny
# Default deny for safety
- action: "*"
resource: "*"
effect: deny
"""
def main():
"""Run OpenClaw agent with secure authorization."""
# Create OpenClaw configuration
openclaw_config = OpenClawConfig(
cli_path="/usr/local/bin/openclaw", # Or None to use PATH
skill_proxy_port=8788, # Port for HTTP proxy
skill_name="predicate-snapshot",
working_dir=str(Path.home() / ".openclaw"),
)
# You could also use a dict instead of OpenClawConfig:
# openclaw_config = {
# "openclaw_cli_path": "/usr/local/bin/openclaw",
# "skill_proxy_port": 8788,
# "skill_name": "predicate-snapshot",
# }
# Create policy file
policy_dir = Path("policies")
policy_dir.mkdir(exist_ok=True)
policy_file = policy_dir / "openclaw_browser.yaml"
if not policy_file.exists():
policy_file.write_text(EXAMPLE_POLICY)
print(f"Created example policy at {policy_file}")
# Wrap OpenClaw with SecureAgent
secure_agent = SecureAgent(
agent=openclaw_config,
policy=str(policy_file),
mode="strict", # Fail-closed mode
principal_id="openclaw-agent-01",
trace_format="console",
)
print(f"[predicate-secure] Detected framework: {secure_agent.framework.value}")
print(f"[predicate-secure] Mode: {secure_agent.config.mode}")
print(f"[predicate-secure] Policy: {secure_agent.config.effective_policy_path}")
# Example task
task = "Navigate to example.com and take a snapshot"
print(f"\n[OpenClaw] Running task: {task}")
print("[predicate-secure] Starting HTTP proxy for skill interception...")
try:
# Run the OpenClaw task with authorization
result = secure_agent.run(task=task)
print("\n[OpenClaw] Task completed successfully")
print(f"Return code: {result.get('returncode', 'N/A')}")
print(f"Output: {result.get('stdout', '')[:200]}...")
except Exception as e:
print(f"\n[predicate-secure] Task failed: {e}")
def example_with_debug_mode():
"""Run OpenClaw agent in debug mode for troubleshooting."""
openclaw_config = OpenClawConfig(skill_proxy_port=8789)
secure_agent = SecureAgent(
agent=openclaw_config,
mode="debug", # Human-readable trace output
trace_format="console",
trace_colors=True,
)
print("\n[Debug Mode] Running OpenClaw agent with full tracing...")
task = "Check if example.com loads correctly"
try:
result = secure_agent.run(task=task)
print("\n[Debug] Task trace complete")
print(f"Result: {result}")
except Exception as e:
print(f"\n[Debug] Error occurred: {e}")
def example_with_manual_proxy():
"""
Example showing how to manually control the proxy lifecycle.
Useful when you want to keep the proxy running across multiple tasks.
"""
from predicate_secure.openclaw_adapter import create_openclaw_adapter
openclaw_config = OpenClawConfig(skill_proxy_port=8790)
# Create adapter manually
def authorizer(action: str, context: dict) -> bool:
"""Simple authorizer that allows snapshot but blocks act."""
if "snapshot" in action:
return True
print(f"[Authorizer] Blocked action: {action}")
return False
adapter = create_openclaw_adapter(openclaw_config, authorizer=authorizer)
try:
# Start proxy (stays running)
adapter.start_proxy()
print("[Proxy] Started on http://localhost:8790")
# Run multiple tasks with same proxy
tasks = [
"Take snapshot of example.com",
"Take snapshot of httpbin.org",
]
for task in tasks:
print(f"\n[Task] {task}")
adapter.start_cli(task)
# Process would run in background
# In real usage, you'd wait for completion
finally:
# Clean up
adapter.cleanup()
print("\n[Proxy] Stopped")
if __name__ == "__main__":
print("=" * 60)
print("predicate-secure: OpenClaw Agent Example")
print("=" * 60)
# Uncomment the example you want to run:
# Example 1: Basic usage with policy file
# main()
# Example 2: Debug mode with full tracing
# example_with_debug_mode()
# Example 3: Manual proxy control
# example_with_manual_proxy()
print("\nNote: Uncomment one of the example functions in __main__ to run")
print("Make sure OpenClaw CLI is installed and in your PATH")