Skip to content

PolicyShield

OpenClaw Plugin — Migration Guide

mishabar410/PolicyShield

PolicyShield

mishabar410/PolicyShield

Home
Getting Started
Getting Started
Guides
Guides
Use Cases
Integrations
Integrations
- OpenClaw
- LangChain
- CrewAI
- FastAPI
Comparison
FAQ
CI/CD
CI/CD
- GitHub Actions
API Reference
API Reference

OpenClaw Plugin — Migration Guide¶

Upgrading PolicyShield¶

From 0.8.x to 0.9.x¶

Server changes¶

New: POLICYSHIELD_API_TOKEN env var for authentication
Optional — server works without it (same as 0.8.x)
If set, plugin config needs api_token to match
New: /api/v1/clear-taint endpoint
New: taint_chain config section in rules YAML

Plugin changes¶

New config field: api_token in openclaw.plugin.json
If server uses POLICYSHIELD_API_TOKEN, set this to match
No breaking changes to existing config fields

Rules changes¶

New optional section: taint_chain

taint_chain:
  enabled: true
  outgoing_tools: [send_message, web_fetch, exec]

Disabled by default — existing rules work without changes
policyshield init --preset openclaw now includes taint_chain (disabled)

Migration steps¶

Update server: pip install --upgrade "policyshield[server]"

Update plugin:

npm install --prefix ~/.openclaw/extensions/policyshield @policyshield/openclaw-plugin@latest
cp -r ~/.openclaw/extensions/policyshield/node_modules/@policyshield/openclaw-plugin/* \
     ~/.openclaw/extensions/policyshield/

(Optional) Set API token:

export POLICYSHIELD_API_TOKEN="your-secret-token"
openclaw config set plugins.entries.policyshield.config.api_token "your-secret-token"

(Optional) Enable taint chain in rules:

taint_chain:
  enabled: true
  outgoing_tools: [send_message, web_fetch]

Restart server and OpenClaw

From 0.7.x to 0.8.x¶

Breaking changes¶

Plugin ID changed from policy-shield to policyshield
OpenClaw SDK hook signatures updated to match real API
mode: audit removed from plugin config (audit mode is server-side only)

Migration steps¶

Remove old plugin: rm -rf ~/.openclaw/extensions/policy-shield

Install new plugin:

npm install --prefix ~/.openclaw/extensions/policyshield @policyshield/openclaw-plugin
cp -r ~/.openclaw/extensions/policyshield/node_modules/@policyshield/openclaw-plugin/* \
     ~/.openclaw/extensions/policyshield/

Update config key: plugins.entries.policy-shield → plugins.entries.policyshield
If using mode: audit in plugin config: remove it, configure on server:
```
policyshield server --mode audit --rules rules.yaml
```