gloves 0.5.7

seamless secret manager and handoff
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

# gloves

[![CI](https://github.com/heyAyushh/gloves/actions/workflows/ci.yml/badge.svg)](https://github.com/heyAyushh/gloves/actions/workflows/ci.yml)
[![Tests](https://github.com/heyAyushh/gloves/actions/workflows/test.yml/badge.svg)](https://github.com/heyAyushh/gloves/actions/workflows/test.yml)
[![Coverage](https://github.com/heyAyushh/gloves/actions/workflows/coverage.yml/badge.svg)](https://github.com/heyAyushh/gloves/actions/workflows/coverage.yml)
[![crates.io](https://img.shields.io/crates/v/gloves.svg)](https://crates.io/crates/gloves)
[![docs.rs](https://img.shields.io/docsrs/gloves)](https://docs.rs/gloves)

`gloves` is a secure secrets control plane for multi-agent runtimes and human operators.

It provides:

- agent-owned encrypted secrets
- human approval workflows
- access/audit controls
- vault and daemon operations
- an interactive TUI navigator
- a Bun OpenClaw client/plugin bridge for brokered secret injection

## Documentation

Start here: [Documentation Index](docs/INDEX.md)

API and crate docs: [docs.rs/gloves](https://docs.rs/gloves)

<details>
<summary>Browse guides</summary>

- [Quickstart](docs/quickstart.md)
- [Architecture](ARCHITECTURE.md)
- [Security](SECURITY.md)
- [Concepts and Parts](docs/concepts-and-parts.md)
- [Secrets and Requests](docs/secrets-and-requests.md)
- [Humans, Agents, and GPG](docs/humans-agents-and-gpg.md)
- [TUI Guide](docs/tui-guide.md)
- [Configuration Guide](docs/configuration.md)
- [Troubleshooting](docs/troubleshooting.md)
- [VM Multi-Agent Operations](docs/vm-multi-agent-human-guide.md)
- [Security Hardening](docs/security-hardening.md)
- [Release Binaries](docs/release-binaries.md)

</details>

## Command Model

Primary command groups:

- `gloves secrets ...`: set/get/grant/revoke/status
- `gloves request ...`: create one pending human request
- `gloves requests ...`: list/approve/deny pending requests
- `gloves vault ...`: encrypted vault operations
- `gloves gpg ...`: per-agent GPG key workflows
- `gloves tui`: interactive command center

Recursive help is supported:

```bash
gloves help
gloves help secrets
gloves help secrets set
gloves secrets help set
gloves requests help approve
```

## Quick Example

```bash
# initialize runtime layout
gloves --root .openclaw/secrets init

# create one secret
gloves --root .openclaw/secrets secrets set service/token --generate

# read secret
gloves --root .openclaw/secrets secrets get service/token

# list entries
gloves --root .openclaw/secrets list
```

If you omit `--ttl`, `gloves` uses `defaults.secret_ttl_days` from config; the built-in default is 30 days. Use `--ttl never` for a non-expiring secret. `gloves secrets set` prints the expiry timestamp for expiring secrets and says `never expires` otherwise.

For complete setup and human/agent workflows, use [Quickstart](docs/quickstart.md).

## OpenClaw Integration

The repository now includes:

- `gloves-mcp` for redacted MCP tool access
- `@gloves/client` as the Bun/TypeScript bridge
- `@gloves/adapter-core` as the shared adapter helper package
- `@gloves/openclaw` as the OpenClaw adapter package
- `@openclaw/gloves` as a deprecated compatibility alias for existing consumers
- `integrations/openclaw/gloves.json5` as the reference config snippet

Current plugin reads keep secret values out of the MCP result body and inject them into the sandbox environment or tmpfs instead.

## Install

### From release binaries (recommended)

```bash
curl -fsSL https://raw.githubusercontent.com/openclaw/gloves/main/scripts/setup-openclaw.sh | bash
```

<details>
<summary>Other install options</summary>

### From crates.io

```bash
cargo install gloves
```

### From source

```bash
git clone https://github.com/openclaw/gloves
cd gloves
cargo install --path .
```

</details>

## Security and Policy

- Use least-privilege agent access in `.gloves.toml`
- Prefer `gloves secrets get --pipe-to <command>` over raw stdout in automation
- Keep secrets root and config permissions private
- Use `gloves audit --json --limit 100` for machine-readable audit export

Details:

- [Architecture](ARCHITECTURE.md)
- [Security](SECURITY.md)
- [Configuration Guide](docs/configuration.md)
- [Security Hardening](docs/security-hardening.md)
- [GLOVES Config Spec](GLOVES_CONFIG_SPEC.md)

## Development

```bash
cargo fmt --all
cargo clippy --all-targets --all-features -- -D warnings
cargo test --all-features --locked
cargo doc --no-deps
```

When Docker is available, the OpenClaw sandbox harness can be exercised with:

```bash
bun run docker:e2e
```

## License and Changelog

- [LICENSE](LICENSE)
- [CHANGELOG](CHANGELOG.md)