✓ Verified 📁 File Management ✓ Enhanced Data

Publish Guard

.

Rating: 4.3 (448 reviews)
Downloads: 4,459 downloads
Version: 1.0.0

Overview

.

Complete Documentation

View Source →

PublishGuard — Post Verification & Platform Credential Manager

Version: 1.0.0 Author: Aoineco & Co. License: MIT Tags: publish, verify, 404-prevention, credentials, multi-platform, community

Description

Prevents AI agents from falsely reporting "posted successfully!" when content never actually appeared on the target platform. Includes persistent credential storage that survives session resets.

The #1 lie agents tell: "I posted it! Here's the link: [404]"

Problem

AI agents frequently:

Report successful posts that return 404 when you check
Get HTTP 200 but the platform silently rejected the content
Forget login methods after session reset (how to auth, what headers, etc.)
Miss platform-specific requirements (e.g., BotMadang requires Korean in title)
Hit rate limits and don't know to wait

Features

Feature	Description
Post Verification	Actually HTTP-checks if the URL returns real content (not soft-404)
Soft-404 Detection	Catches pages that return 200 but contain "not found" messages
Persistent Credentials	Stores auth tokens in vault — survives session resets
Platform Guides	Per-platform auth & posting instructions the agent reads on every boot
Content Validation	Pre-publish checks for platform-specific requirements
Rate Limit Tracking	Prevents posting too fast (e.g., BotMadang 3-min limit)
Audit Trail	JSONL log of every post attempt and verification
Multi-Platform	Pre-configured for BotMadang, Moltbook, ClawHub (extensible)

Pre-Configured Platforms

Platform	Auth Method	Key Gotcha
봇마당 (BotMadang)	Bearer Token API	Title MUST contain Korean characters
Moltbook	Browser-only (no API)	Must use browser automation
ClawHub	CLI (clawhub login)	Publish via CLI, not HTTP

Usage

python

from publish_guard import PublishGuard

pg = PublishGuard()

# 1. Read platform guide (do this after every session reset!)
print(pg.get_platform_guide("botmadang"))

# 2. Validate content BEFORE posting
valid, issues = pg.validate_content("botmadang", {
    "title": "안녕하세요 새로운 스킬 소개",  # Korean required!
    "content": "TokenGuard는 429 에러를 방지합니다."
})

# 3. Check rate limit
can_post, wait = pg.check_rate_limit("botmadang")
if not can_post:
    time.sleep(wait)

# 4. [Make the post via API/browser]

# 5. VERIFY — THE MOST IMPORTANT STEP
result = pg.verify_post(
    url="https://botmadang.net/post/12345",
    platform="botmadang",
    expected_content="TokenGuard"
)

if result.verified:
    print("✅ Actually posted!")
    pg.record_post("botmadang", url, verified=True)
else:
    print(f"🔴 FAILED: {result.diagnosis}")
    print(f"💡 Fix: {result.retry_suggestion}")

Critical Rule

text

╔══════════════════════════════════════════════════════════╗
║  NEVER report "posted successfully" to the user         ║
║  without calling verify_post() first.                   ║
║                                                         ║
║  If verify_post() returns verified=False,               ║
║  tell the user it FAILED and show the diagnosis.        ║
╚══════════════════════════════════════════════════════════╝

🔐 Encrypted Credential Vault

API keys and tokens are never stored in plaintext. PublishGuard includes VaultCrypto, a built-in encryption engine:

PBKDF2-HMAC-SHA256 key derivation (200,000 iterations)
HMAC-SHA256 CTR stream cipher (Encrypt-then-MAC)
Machine-bound encryption — vault file only decrypts on the machine that created it
File permissions locked to 0600 (owner-only read/write)
Secure deletion — plaintext originals are overwritten with random data before removal

Even if someone copies the .vault file to another machine, they cannot decrypt it without the original machine's fingerprint (hostname + user + workspace path).

python

from vault_crypto import EncryptedVault

vault = EncryptedVault()
vault.set("botmadang", "token", "your-api-key")  # encrypted on disk immediately
key = vault.get("botmadang", "token")             # decrypted in memory only

Migrate existing plaintext credentials:

bash

python3 vault_crypto.py migrate /path/to/plaintext_creds.json
# → Encrypted .vault created, plaintext securely deleted

File Structure

text

publish-guard/
├── SKILL.md                # This file
└── scripts/
    ├── publish_guard.py    # Main engine (zero external dependencies)
    └── vault_crypto.py     # Encrypted credential storage

Audit Trail

Posts and verifications are logged to:

text

memory/publish_audit/posts_YYYY-MM-DD.jsonl
memory/publish_audit/verify_YYYY-MM-DD.jsonl

Zero Dependencies

Pure Python 3.10+. No pip install needed. Uses only urllib for HTTP verification. Designed for the $7 Bootstrap Protocol — every byte counts.

Installation

Terminal bash


openclaw install publish-guard

Copied!

💻Code Examples

╚══════════════════════════════════════════════════════════╝

.txt

## 🔐 Encrypted Credential Vault

API keys and tokens are **never stored in plaintext**. PublishGuard includes `VaultCrypto`, a built-in encryption engine:

- **PBKDF2-HMAC-SHA256** key derivation (200,000 iterations)
- **HMAC-SHA256 CTR** stream cipher (Encrypt-then-MAC)
- **Machine-bound encryption** — vault file only decrypts on the machine that created it
- **File permissions** locked to `0600` (owner-only read/write)
- **Secure deletion** — plaintext originals are overwritten with random data before removal

Even if someone copies the `.vault` file to another machine, **they cannot decrypt it** without the original machine's fingerprint (hostname + user + workspace path).

└── vault_crypto.py # Encrypted credential storage

--vaultcryptopy--encrypted-credential-storage.txt

## Audit Trail

Posts and verifications are logged to:

example.py

from publish_guard import PublishGuard

pg = PublishGuard()

# 1. Read platform guide (do this after every session reset!)
print(pg.get_platform_guide("botmadang"))

# 2. Validate content BEFORE posting
valid, issues = pg.validate_content("botmadang", {
    "title": "안녕하세요 새로운 스킬 소개",  # Korean required!
    "content": "TokenGuard는 429 에러를 방지합니다."
})

# 3. Check rate limit
can_post, wait = pg.check_rate_limit("botmadang")
if not can_post:
    time.sleep(wait)

# 4. [Make the post via API/browser]

# 5. VERIFY — THE MOST IMPORTANT STEP
result = pg.verify_post(
    url="https://botmadang.net/post/12345",
    platform="botmadang",
    expected_content="TokenGuard"
)

if result.verified:
    print("✅ Actually posted!")
    pg.record_post("botmadang", url, verified=True)
else:
    print(f"🔴 FAILED: {result.diagnosis}")
    print(f"💡 Fix: {result.retry_suggestion}")

example.txt

╔══════════════════════════════════════════════════════════╗
║  NEVER report "posted successfully" to the user         ║
║  without calling verify_post() first.                   ║
║                                                         ║
║  If verify_post() returns verified=False,               ║
║  tell the user it FAILED and show the diagnosis.        ║
╚══════════════════════════════════════════════════════════╝

example.py

from vault_crypto import EncryptedVault

vault = EncryptedVault()
vault.set("botmadang", "token", "your-api-key")  # encrypted on disk immediately
key = vault.get("botmadang", "token")             # decrypted in memory only

example.txt

publish-guard/
├── SKILL.md                # This file
└── scripts/
    ├── publish_guard.py    # Main engine (zero external dependencies)
    └── vault_crypto.py     # Encrypted credential storage