feat: execution plan governance plugin#21648
Conversation
| // ------------------------------------------------------------------------- | ||
| // before_request: Generate execution plan via LLM | ||
| // ------------------------------------------------------------------------- | ||
| api.on("before_request", async (event, ctx: PluginHookContext) => { |
There was a problem hiding this comment.
before_request is not a valid hook in the OpenClaw plugin system. Valid hooks are defined in src/plugins/types.ts:298-318 and do not include before_request. Consider using before_agent_start or before_prompt_build instead.
| api.on("before_request", async (event, ctx: PluginHookContext) => { | |
| api.on("before_agent_start", async (event, ctx: PluginHookAgentContext) => { |
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/external-plan-governance/index.ts
Line: 81
Comment:
`before_request` is not a valid hook in the OpenClaw plugin system. Valid hooks are defined in `src/plugins/types.ts:298-318` and do not include `before_request`. Consider using `before_agent_start` or `before_prompt_build` instead.
```suggestion
api.on("before_agent_start", async (event, ctx: PluginHookAgentContext) => {
```
How can I resolve this? If you propose a fix, please make it concise.| * The plan is the single source of truth. | ||
| */ | ||
|
|
||
| import type { PluginApi, PluginHookContext, PluginHookToolContext } from "@anthropic/plugin-sdk"; |
There was a problem hiding this comment.
PluginApi, PluginHookContext, and PluginHookToolContext are not exported from @anthropic/plugin-sdk. The correct exports are OpenClawPluginApi, PluginHookAgentContext, etc. from the plugin-sdk index.
| import type { PluginApi, PluginHookContext, PluginHookToolContext } from "@anthropic/plugin-sdk"; | |
| import type { OpenClawPluginApi, PluginHookAgentContext, PluginHookToolContext } from "@anthropic/plugin-sdk"; |
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/external-plan-governance/index.ts
Line: 11
Comment:
`PluginApi`, `PluginHookContext`, and `PluginHookToolContext` are not exported from `@anthropic/plugin-sdk`. The correct exports are `OpenClawPluginApi`, `PluginHookAgentContext`, etc. from the plugin-sdk index.
```suggestion
import type { OpenClawPluginApi, PluginHookAgentContext, PluginHookToolContext } from "@anthropic/plugin-sdk";
```
How can I resolve this? If you propose a fix, please make it concise.| // ============================================================================ | ||
| // Plugin | ||
| // ============================================================================ | ||
|
|
There was a problem hiding this comment.
Function signature should use OpenClawPluginApi instead of PluginApi.
| export default function executionPlanGovernance(api: OpenClawPluginApi): void { |
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/external-plan-governance/index.ts
Line: 68
Comment:
Function signature should use `OpenClawPluginApi` instead of `PluginApi`.
```suggestion
export default function executionPlanGovernance(api: OpenClawPluginApi): void {
```
How can I resolve this? If you propose a fix, please make it concise.| // Note: This uses OpenClaw's internal completion API | ||
| const planResponse = await api.completion?.({ | ||
| messages: [{ role: "user", content: planningPrompt }], | ||
| max_tokens: 1024, | ||
| temperature: 0, |
There was a problem hiding this comment.
api.completion is not a valid method on OpenClawPluginApi. The plugin API doesn't provide a completion method for calling the LLM. You'll need to use a different approach to generate the execution plan.
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/external-plan-governance/index.ts
Line: 98-102
Comment:
`api.completion` is not a valid method on `OpenClawPluginApi`. The plugin API doesn't provide a completion method for calling the LLM. You'll need to use a different approach to generate the execution plan.
How can I resolve this? If you propose a fix, please make it concise.|
|
||
| function buildPlanningPrompt(userMessage: string, defaultMode: "preview" | "execute"): string { | ||
| return `...`; |
There was a problem hiding this comment.
Empty prompt template - this function should return the actual prompt that instructs the LLM to generate an execution plan according to the schema. Without this, plan generation will fail.
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/external-plan-governance/index.ts
Line: 60-62
Comment:
Empty prompt template - this function should return the actual prompt that instructs the LLM to generate an execution plan according to the schema. Without this, plan generation will fail.
How can I resolve this? If you propose a fix, please make it concise.| const runId = ctx.runId; | ||
| if (!runId) return {}; |
There was a problem hiding this comment.
runId is not available on PluginHookAgentContext. The context only includes agentId, sessionKey, sessionId, workspaceDir, and messageProvider according to src/plugins/types.ts:321-327.
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/external-plan-governance/index.ts
Line: 82-83
Comment:
`runId` is not available on `PluginHookAgentContext`. The context only includes `agentId`, `sessionKey`, `sessionId`, `workspaceDir`, and `messageProvider` according to `src/plugins/types.ts:321-327`.
How can I resolve this? If you propose a fix, please make it concise.| const messages = | ||
| (event as { messages?: Array<{ role: string; content: string }> }).messages ?? []; | ||
| const lastUserMessage = messages.filter((m) => m.role === "user").pop(); | ||
| if (!lastUserMessage) return {}; |
There was a problem hiding this comment.
Event structure depends on which hook is used. For before_agent_start, the event has prompt and optional messages fields (see src/plugins/types.ts:355-359). Current code assumes a messages array structure that may not match the actual event type.
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/external-plan-governance/index.ts
Line: 86-89
Comment:
Event structure depends on which hook is used. For `before_agent_start`, the event has `prompt` and optional `messages` fields (see `src/plugins/types.ts:355-359`). Current code assumes a `messages` array structure that may not match the actual event type.
How can I resolve this? If you propose a fix, please make it concise.|
This pull request has been automatically marked as stale due to inactivity. |
|
Please make this as a third-party plugin that you maintain yourself in your own repo. Docs: https://docs.openclaw.ai/plugin. Feel free to open a PR after to add it to our community plugins page: https://docs.openclaw.ai/plugins/community |
Summary
Introduces a plan-first governance layer making execution explicit and inspectable. Before tools run, an LLM generates a structured execution plan. The plan becomes the single source of truth — nothing happens unless it's in the plan.
Why
Current flow: LLM decides tool → tool executes → you find out after.
Governed flow: LLM generates plan → plan validated → execution bound to plan.
This complements security guardrails #6095: they block dangerous calls, this blocks unplanned calls.
How It Works
before_requesthook intercepts user messagerunIdSchema
Current simplistic schema:
description_for_user— human-readable summaryfive_w_one_h— who, what, where, when, why, howprocedure— ordered steps, no branchingsurface_effects— what gets touched/modified/created/deletedconstraints— hard limitsexecution_mode— preview or executeRelated
Status
Proof of concept. This PR defines the model and artifact shape — it does not implement enforcement or execution binding. Looking for feedback on whether this direction aligns with governance extensibility post-#6095.
Greptile Summary
This PR introduces a governance layer that generates execution plans before tool execution. However, the implementation has several critical issues that prevent it from working:
before_requestinstead of valid hooks likebefore_agent_startorbefore_prompt_build@anthropic/plugin-sdkthat don't exist in the actual exportsapi.completion()method which is not available on the plugin APIrunIdon hook context where it doesn't existThe concept is solid and aligns with the security extensibility goals, but the code needs significant rework to use the correct OpenClaw plugin APIs and hooks defined in PR #6095.
Confidence Score: 0/5
Last reviewed commit: 404ad20
(2/5) Greptile learns from your feedback when you react with thumbs up/down!