ClawHub
Code Pluginsource linked

UMG Envoy Agentv0.3.0-alpha.15

OpenClaw plugin for bounded UMG runtime inspection, ActionGate capability control, ToolResult auditing, runtime report surfaces, and a six-tool low-risk direct runner with no arbitrary dispatch, writes, or external transmission.

umg-envoy-agent·runtime umg-envoy-agent·by @neomagnetar
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:umg-envoy-agent
Latest release: v0.3.0-alpha.15Download zip

Capabilities

Tags
executes-codetoolsartifact:legacy-zip
configSchema
Yes
Executes code
Yes
HTTP routes
0
Runtime ID
umg-envoy-agent
Tools
umg_envoy_status, umg_envoy_compiler_smoke_test, umg_envoy_list_sleeves, umg_envoy_list_block_libraries, umg_envoy_compile_sleeve, umg_envoy_validate_runtime_output, umg_envoy_compare_sleeves, umg_envoy_parse_path, umg_envoy_validate_path, umg_envoy_render_path, umg_envoy_build_path, umg_envoy_matrix_status, umg_envoy_compile_ir_bridge, umg_envoy_emit_relation_matrix, umg_envoy_action_gate_runtime_report_view, umg_envoy_low_risk_direct_tool_run

Compatibility

Built With Open Claw Version
2026.3.23-1
Min Gateway Version
2026.3.23-1
Plugin Api Range
>=1.2.0
Plugin Sdk Version
2026.3.23-1
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The stated purpose is UMG inspection, dry-run projection, and bounded runtime reporting, but the current tool surface also includes a compiler bridge that can spawn Node with caller-supplied compiler paths and emit files.
!
Instruction Scope
The manifest and package description say there are no writes or arbitrary dispatch, while registered tools and CLI paths default the compiler bridge to enabled when called and accept output directories and compiler CLI paths.
Install Mechanism
No postinstall hook, setup entry, service, or automatic persistence was found. A staging PowerShell script can recursively delete its StageRoot, but it appears to be a manual packaging script rather than install-time behavior.
!
Credentials
Local filesystem reads, temp/output writes, and local process spawning are significant authority for an inspection-oriented plugin; no external network transmission was found in the active root package.
Persistence & Privilege
No autostart, credential harvesting, or privilege escalation was found, but bridge and relation-matrix operations can persist generated artifacts to temp or caller-selected output locations.
Scan Findings in Context
[SDI-1] unexpected: Accepted in part: the public description understates bridge execution and write-capable paths that are present in the manifest and registered tools.
[SDI-4] expected: Downgraded for the ActionGate/direct-runner claim: the actual low-risk runner uses a static six-tool handler map and additional eligibility checks; the generic gate helper is mostly reporting/planning.
[SDI-4] expected: Downgraded for archived local-readonly and LangChain files: those appear in archived/comparison package copies rather than the active root plugin surface, and the local-readonly implementation forces file contents off.
[SQP-2] expected: Accepted as a Review concern: compiler bridge execution and relation-matrix file output fit the project goal, but the caller-controlled compiler path and output path are under-scoped for a public bounded plugin.
[SQP-2] unexpected: Accepted in part: schema artifact resolution can derive filesystem paths from artifact IDs without a containment check, creating local path existence disclosure risk.
[SQP-1] expected: Broad trigger wording appears to be sample sleeve content and is not enough for a malicious verdict, but it adds activation ambiguity.
What to consider before installing
Install only if you specifically need this UMG compiler-bridge workflow. Keep bridge and relation-matrix write features gated, restrict compilerCliPath and outputDir to trusted locations, and treat the plugin as capable of local process execution despite the benign inspection-focused framing.
.compare-approved-tarball/package/dist/compiler/compiler-process.js:25
Shell command execution detected (child_process).
ARTIFACT-ARCHIVE/.publish-folder-candidate/umg-envoy-agent-0.3.0-alpha.2/dist/compiler/compiler-process.js:25
Shell command execution detected (child_process).
dist/compiler/compiler-process.js:25
Shell command execution detected (child_process).
src/compiler/compiler-process.ts:31
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/NeoMagnetar/umg-envoy-agent
Commit
b88341c77201
Tag
main
Provenance
No
Scan status
suspicious

Tags

agent-framework
0.2.8
ai-agent
0.2.8
canonical-ir
0.2.8
code-plugin
0.2.8
cognition
0.1.2
cognitive-runtime
0.1.2
compiler-bridge
0.2.8
diagnostics
0.2.8
inspectable
0.1.2
latest
0.3.0-alpha.15
latest alpha
0.3.0-alpha.14
modular
0.1.2
modular-ai
0.2.8
openclaw
0.2.8
path-building
0.1.2
planner
0.1.2
relation-matrix
0.2.8
runtime-spec
0.2.8
structured-generation
0.2.8
umg
0.2.8
universal-modular-generation
0.2.8
validation
0.1.2
workflow
0.2.8

UMG Envoy Agent v0.3.0-alpha.15

UMG Envoy Agent is an OpenClaw plugin that exposes a runtime-facing UMG cognition specification and inspection layer. It loads governed UMG sleeves and related artifacts, supports inspection and library navigation, and emits dry-run runtime projections such as RuntimeSpec, Trace, diagnostics, and related runtime-visible views without making UMG itself an execution engine.

What UMG Envoy Agent is

Universal Modular Generation, or UMG, is a framework for specifying cognition as explicit, governed, auditable artifacts before execution.

UMG Envoy Agent is an OpenClaw plugin that carries selected UMG cognition artifacts into runtime-facing inspection, projection, and downstream execution-preparation surfaces. It loads a UMG sleeve, resolves referenced artifacts, prepares compilation inputs, calls the UMG compiler bridge where allowed, and exposes outputs such as RuntimeSpec projections, Trace artifacts, diagnostics, and relation matrices.

In UMG terminology, an Envoy is a carrier surface for moving selected governed artifacts into downstream inspection, projection, or execution-preparation contexts. The word Agent is included here for compatibility with common AI and OpenClaw terminology.

Publication status

  • Current package version in this repo is 0.3.0-alpha.15.
  • ClawHub/public release publication remains a separate explicit operation after metadata alignment, validation review, and release-note audit.
  • Raw npm publication is not the primary documented user path for this package at this stage.
  • This repo now contains bounded runtime-facing capability work; that does not imply broad arbitrary execution support.

What it does

  • exposes runtime-facing inspection surfaces for governed UMG artifacts
  • emits dry-run RuntimeSpec projections for downstream execution planning
  • exposes Trace, diagnostics, and related inspection views without treating them as permission
  • provides ActionGate runtime report inspection
  • seeds a conservative ToolCapabilityRegistry policy for known Envoy tools
  • emits ToolResult audit records for bounded direct runtime execution
  • provides a six-tool low-risk direct runtime runner for static safe read-only tools only
  • keeps write, bridge, destructive, external, and arbitrary execution paths out of the current direct runner

Default posture

  • allowRuntimeWrites: false
  • contentMode: bundled-public
  • compilerMode: bundled-adapter
  • debug: false

Current Capability Boundary

UMG Envoy Agent currently supports runtime-facing inspection, governed metadata projection, operational sleeve demos, and exact-scope local read-only metadata inspection.

Boundary Notes

  • UMG specifies cognition; it does not execute tools, actions, or behavior.
  • This plugin exposes runtime-facing inspection and projection surfaces for governed UMG artifacts.
  • RuntimeSpec is not execution.
  • Trace is not permission.
  • Validation does not grant permission.
  • Approval does not equal execution.
  • Display does not create authority.
  • Governance remains binding and inspectable.

Allowed alpha capabilities:

  • UMG library status
  • UMG library metadata search
  • RuntimeSpec dry-run
  • Runtime Display
  • MOLT Map
  • IR Matrix
  • operational sleeve list / inspect / demo
  • alpha demo
  • exact-scope local read-only metadata scan
  • LangChain handoff-only demo

Not allowed in this release:

  • file contents reading
  • file writes
  • file deletes
  • shell execution
  • remote MCP execution
  • MCP server startup
  • LangChain agent mode execution
  • broad Desktop Bridge automation
  • unrestricted production sleeve execution

Fresh tester quickstart

What this plugin is

This package is an OpenClaw plugin for runtime-facing inspection and dry-run projection of governed UMG cognition artifacts. It is meant to let testers and maintainers inspect bundled public UMG content, run local smoke checks, and exercise the public runtime-facing UMG surface without shipping private roots or private runtime state.

What this plugin is not

  • not the whole UMG framework
  • not the full UMG-Block-Library
  • not the full umg-compiler repository
  • not unrestricted execution
  • not an autonomous behavior engine
  • not a standalone runtime
  • not arbitrary tool execution
  • not a prompt wrapper
  • not primarily documented for raw npm-registry end-user consumption
  • not a private personal runtime package

What ships in the package

  • dist/ compiled plugin output
  • docs/ public-facing package and release docs
  • public-content/ bundled sample blocks, sleeves, and runtime examples
  • README.md
  • PUBLIC-VARIANT-README.md
  • PUBLIC-VARIANT-OVERVIEW.md
  • openclaw.plugin.json
  • package.json
  • tsconfig.json

What does not ship in the package

  • the full UMG-Block-Library
  • the full umg-compiler repo
  • maintainer validation script source at scripts/validate-umg-e2e.mjs
  • untracked release/audit reports
  • runtime output artifacts such as runtime-spec.json, trace.json, diagnostics.json, relation-matrix.umg, or resolved.ir.json
  • node_modules/

Commands most testers should start with

npm install
npm run check
npm run build
npm run smoke
npm run pack:dry

Execution boundary note

This is a code plugin. In normal packaged use, it loads bundled public content and exposes OpenClaw tools for runtime-facing inspection, metadata-only projection, and operational sleeve demos.

Optional compiler-bridge behavior may invoke a configured local compiler process through explicit configured paths. This is intended for controlled local UMG workflows, not arbitrary shell execution.

Maintainer-only validation assets are not part of the hardened ClawHub artifact.

Maintainer-only validation gate

The npm script name is:

npm run validate:umg:e2e

That script runs the real repo file:

scripts/validate-umg-e2e.mjs

Important notes:

  • the earlier colon-style file wording (scripts/validate-umg:e2e.mjs) was just a typo/confusion between the npm script name and the file path
  • validate:umg:e2e is a maintainer validation gate, not the normal first step for fresh testers
  • it requires expected local adjacent repo paths for UMG-Block-Library and umg-compiler
  • UO-specific paths, sleeves, or plugin test layouts are optional test contexts only and are not core Envoy defaults
  • it remains repo-only and is intentionally not shipped in the published package surface

If you do not already have the expected local UMG dependency layout, stop at check, build, smoke, and pack:dry.

Current bounded direct runner

Envoy now exposes:

  • umg_envoy_low_risk_direct_tool_run

It is limited to exactly these six static safe tools:

  • umg_envoy_status
  • umg_envoy_validate_runtime_output
  • umg_envoy_parse_path
  • umg_envoy_validate_path
  • umg_envoy_render_path
  • umg_envoy_action_gate_runtime_report_view

Every successful direct run returns ToolResult audit data.

Explicit exclusions from this first direct runner:

  • umg_envoy_load_sleeve
  • umg_envoy_compile_ir_bridge
  • umg_envoy_emit_relation_matrix
  • umg_envoy_compile_sleeve
  • umg_envoy_build_path
  • unknown tools
  • arbitrary dispatch
  • writes / deletes
  • network or external transmission
  • package or plugin mutation

Boundary rules remain strict:

  • RuntimeSpec is not execution authority.
  • Trace is not permission.
  • ActionGate and ToolCapabilityRegistry govern execution eligibility.
  • Approval-gated writes and external transmission are not enabled yet.

Plain-English output guide

  • Runtime Spec: a dry-run runtime projection for downstream execution planning
  • Trace: an audit artifact recording compilation/resolution inputs, selections, suppressions, and outcomes
  • Diagnostics: warnings, validation notes, and errors
  • Relation Matrix: a compact map showing how UMG parts connect

Glossary

  • UMG: Universal Modular Generation; a framework for specifying cognition as explicit, governed, auditable artifacts before execution.
  • Envoy: a carrier surface that moves selected UMG cognition artifacts into runtime-facing inspection, projection, or execution-preparation contexts.
  • Agent: the broader AI/OpenClaw term for an executable assistant, worker, or plugin-driven runtime participant.
  • Block: a reusable cognitive artifact unit used in governed UMG specification.
  • MOLT: Modular Operating Language of Thought; the role/layer system used to classify UMG blocks.
  • Sleeve: a packaged UMG configuration or loadout.
  • Stack: a layered grouping of related UMG structures or workflow elements.
  • NeoBlock: a composed functional unit made from one or more related blocks.
  • NeoStack: a larger workflow stack made from NeoBlocks or related structures.
  • Overlay: a governance, routing, or control layer that can guide system behavior.
  • Capability: a declared action, tool, or function available to the system.
  • Runtime Spec: a dry-run runtime projection for downstream execution planning.
  • Trace: an audit artifact recording compilation/resolution inputs, selections, suppressions, and outcomes.
  • Diagnostics: validation messages, warnings, and errors.
  • Relation Matrix: a compact map of how UMG parts connect.
  • Compiler Bridge: the controlled path Envoy uses to call the UMG compiler.
  • Artifact Resolution: the process of locating and loading referenced UMG sleeves, blocks, overlays, capabilities, schemas, or related artifacts.

Build and validation

npm install
npm run check
npm run build
npm run smoke
npm run pack:dry

Maintainers with the expected local adjacent repos may also run:

npm run validate:umg:e2e -- --sleevePath "<path-to-sleeve.json>" --libraryRoot "<path-to-UMG-Block-Library>" --compilerRepoPath "<path-to-umg-compiler>"

External UMG validation boundary

External UMG validation requires explicit local inputs:

  • an explicit sleeve path
  • an explicit UMG-Block-Library root
  • an explicit umg-compiler repo path

Runtime outputs remain temp-only and are not intended for commit.

ClawHub-first publication note

ClawHub publication is the intended first public plugin path for this package line. That publication step remains intentionally separate from this patch.

Future maintainer reference only, not to run during Stage 14D:

clawhub package publish <path> --family code-plugin --name umg-envoy-agent --display-name "UMG Envoy Agent" --version 0.3.0-alpha.15 ...

For exact declared public tool ids, see openclaw.plugin.json and docs/TOOL-SURFACE.md.

Entry point

  • dist/plugin-entry.js