build: add TypeScript build step, sync versions, add CI and issue templates

- Add tsconfig.json and build/prepublishOnly scripts so npm package ships JS
- Change package.json main/exports to point at dist/ instead of src/
- Add typescript and @types/node as devDependencies
- Fix type errors in audit-log.ts and check-updates.ts for strict tsc
- Sync openclaw.plugin.json version from 0.5.3 to 0.5.10
- Add GitHub Actions CI workflow (test.yml)
- Add bug report and feature request issue templates (bilingual)

Author: jnMetaCode

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,19 @@
+---
+name: Bug Report / Bug 报告
+about: Report a security issue or bug / 报告安全问题或 Bug
+title: '[Bug] '
+labels: bug
+assignees: ''
+---
+
+**Describe the bug / 问题描述**
+
+**Steps to reproduce / 复现步骤**
+1. ...
+
+**Expected behavior / 期望行为**
+
+**Environment / 环境信息**
+- OS:
+- Node.js version:
+- ShellWard version:

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,13 @@
+---
+name: Feature Request / 功能建议
+about: Suggest a new security feature / 提出新的安全功能建议
+title: '[Feature] '
+labels: enhancement
+assignees: ''
+---
+
+**Feature description / 功能描述**
+
+**Use case / 使用场景**
+
+**Proposed solution / 建议方案**

.github/workflows/test.yml

@@ -0,0 +1,13 @@
+name: Tests
+on: [push, pull_request]
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - run: npx tsx test-sdk.ts
+      - run: npx tsx test-integration.ts
+      - run: npx tsx test-edge-cases.ts

openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "shellward",
   "name": "ShellWard",
   "description": "AI Agent Security Middleware — injection detection, dangerous operation blocking, PII audit (incl. Chinese ID card, phone, bank card), data exfiltration prevention. SDK + OpenClaw plugin.",
-  "version": "0.5.3",
+  "version": "0.5.10",
   "skills": ["./skills"],
   "configSchema": {
     "type": "object",

package.json

@@ -41,18 +41,21 @@
     "url": "https://github.com/jnMetaCode/shellward"
   },
   "type": "module",
-  "main": "src/index.ts",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "exports": {
     ".": {
-      "import": "./src/index.ts",
-      "default": "./src/index.ts"
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
     }
   },
   "scripts": {
-    "test": "npx tsx test-integration.ts && npx tsx test-edge-cases.ts && npx tsx test-sdk.ts",
+    "build": "tsc",
+    "test": "npx tsx test-sdk.ts && npx tsx test-integration.ts && npx tsx test-edge-cases.ts",
     "test:integration": "npx tsx test-integration.ts",
     "test:edge": "npx tsx test-edge-cases.ts",
-    "test:sdk": "npx tsx test-sdk.ts"
+    "test:sdk": "npx tsx test-sdk.ts",
+    "prepublishOnly": "npm run build"
   },
   "openclaw": {
     "extensions": [
@@ -61,6 +64,7 @@
   },
   "files": [
     "src/",
+    "dist/",
     "skills/",
     "openclaw.plugin.json",
     "vuln-db.json",
@@ -71,5 +75,9 @@
   ],
   "engines": {
     "node": ">=18"
+  },
+  "devDependencies": {
+    "@types/node": "^25.5.0",
+    "typescript": "^5.9.3"
   }
 }

src/audit-log.ts

@@ -34,13 +34,17 @@ export class AuditLog {
     } catch { /* directory may already exist */ }
   }
 
-  write(entry: Omit<AuditEntry, 'ts' | 'mode'>): void {
+  write(entry: Pick<AuditEntry, 'level' | 'layer' | 'action' | 'detail'> & Record<string, unknown>): void {
     try {
       const record: AuditEntry = {
+        ...entry,
+        level: entry.level,
+        layer: entry.layer,
+        action: entry.action,
+        detail: entry.detail,
         ts: new Date().toISOString(),
         mode: this.config.mode,
         riskScore: RISK_SCORES[entry.level] ?? 0,
-        ...entry,
       }
       appendFileSync(LOG_FILE, JSON.stringify(record) + '\n', { mode: 0o600 })
       this.rotateIfNeeded()

src/commands/check-updates.ts

@@ -5,7 +5,7 @@ import { existsSync, readFileSync } from 'fs'
 import { join } from 'path'
 import type { ShellWardConfig } from '../types'
 import { resolveLocale } from '../types'
-import { checkForUpdate, fetchVulnDB, compareVersions } from '../update-check'
+import { checkForUpdate, fetchVulnDB, compareVersions, type VulnEntry } from '../update-check'
 
 // Local fallback vulnerability database (used when remote fetch fails)
 // Contains only CVE-assigned vulnerabilities as minimum baseline
@@ -92,7 +92,7 @@ export function registerCheckUpdatesCommand(api: any, config: ShellWardConfig) {
       // 3. Check known vulnerabilities (remote DB with local fallback)
       lines.push(zh ? '### 已知漏洞检查' : '### Known Vulnerability Check')
 
-      let vulnDB = LOCAL_VULNS
+      let vulnDB: VulnEntry[] = LOCAL_VULNS
       let alerts: { id: string; severity: string; date: string; description_zh: string; description_en: string }[] = []
       let dbSource = 'local'
       try {

tsconfig.json

@@ -0,0 +1,16 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "declaration": true,
+    "declarationDir": "dist",
+    "outDir": "dist",
+    "rootDir": "src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true
+  },
+  "include": ["src/**/*.ts"],
+  "exclude": ["test-*.ts"]
+}