Thanks for your interest in contributing.
git clone https://github.com/dormstern/leashed.git
cd leashed
npm install
npm run build
npm testNo AnchorBrowser API key is needed for development — all tests run against mocked sessions.
- Fork the repo and create a branch from
main - Write or update tests for your changes
- Run
npm testto make sure everything passes - Run
npm run buildto verify TypeScript compilation - Open a pull request
src/
index.ts # createLeash() — main entry point
policy.ts # Pattern matching + deny-first evaluation
session.ts # AnchorBrowser session lifecycle
audit.ts # JSONL audit log
output-scanner.ts # Post-execution output scanning
cli.ts # npx leashed commands
types.ts # TypeScript types
constants.ts # Shared constants
tests/
leash.test.ts # Integration tests (mocked AnchorBrowser)
policy.test.ts # Policy evaluation unit tests
audit.test.ts # Audit log unit tests
cli.test.ts # CLI unit tests
output-scanner.test.ts # Output scanner tests
examples/
leash.yaml # Example policy file
basic.ts # Minimal usage example
openclaw-inbox.ts # OpenClaw inbox agent example
- TypeScript strict mode
- Tests via Vitest
- No runtime dependencies beyond
anchorbrowser,js-yaml,picomatch - Fail closed — errors are reported as blocked, never silently swallowed
Use the bug report template. Include your policy config and Node version.
Do not file a public issue for security vulnerabilities. See SECURITY.md.