Skip to content

feat(plugin): AEGIS scan-pipe on all inbound Pilot messages#6

Open
TeoSlayer wants to merge 3 commits into
mainfrom
fix/plugin-lockfile-openclaw-2026-6-1
Open

feat(plugin): AEGIS scan-pipe on all inbound Pilot messages#6
TeoSlayer wants to merge 3 commits into
mainfrom
fix/plugin-lockfile-openclaw-2026-6-1

Conversation

@TeoSlayer

@TeoSlayer TeoSlayer commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Scans every inbound Pilot message (text and media captions) through aegis scan-pipe before dispatching to the agent
  • Malicious messages (prompt injection, jailbreak, persona hijack, exfil scaffolding) are dropped with a warning log — never reach the LLM turn
  • 500ms timeout: AEGIS L1 is microseconds in practice; timeout is safety net only

How it works

Peer sends message
  → allowlist / HMAC auth (existing)
  → AEGIS scan-pipe (new, L1 pattern check, ~microseconds)
    exit 0 → dispatch to agent (existing)
    exit 2 → drop + warn, never reaches agent

Test plan

  • Clean message dispatches normally
  • Message containing "ignore previous instructions" is blocked with warning log
  • Message containing credential exfil patterns is blocked
  • Timeout (aegis not installed) fails open — message passes through

🤖 Generated with Claude Code

teovl and others added 2 commits June 9, 2026 09:42
@teovl
fix(plugin): regenerate package-lock.json for openclaw@2026.6.1
cd59bc3 
The plugin's package.json was bumped to openclaw ^2026.6.1 but the
lockfile still pinned 2026.5.26, so npm ci has been failing on every
push since the bump:

  Invalid: lock file's openclaw@2026.5.26 does not satisfy openclaw@2026.6.1

Re-runs npm install --package-lock-only to refresh the lockfile.
Confirmed with npm ci locally — exit 0.
@teovl @claude
feat(plugin): AEGIS scan-pipe on all inbound Pilot messages
385fd2e 
Scan message text and media captions through `aegis scan-pipe` before
dispatching to the agent. Exit 2 from aegis drops the message with a
warning — prevents prompt injection over the Pilot network from reaching
the LLM turn.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@codecov

codecov Bot commented Jun 23, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 53.33333% with 14 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
plugin/src/inbound.ts 53.33% 14 Missing ⚠️

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TeoSlayer @teovl @matthew-pilot