LuLu Monitor
AI-powered companion for LuLu Firewall on macOS.
What It Does
- 1. Monitors LuLu firewall alert popups
- Extracts connection info (process, IP, port, DNS)
- Spawns a fast AI (haiku) to analyze the connection
- Sends Telegram notification with risk assessment
- Provides 4 action buttons: Always Allow, Allow Once, Always Block, Block Once
- Executes the action on LuLu when user taps a button
Auto-Execute Mode (Optional)
For reduced interruptions, enable auto-execute mode. When the AI has high confidence (known safe programs like curl, brew, node, git connecting to normal destinations), it will:
- 1. Automatically execute the Allow action
- Still send a Telegram notification explaining what was auto-allowed
To enable:
�CODEBLOCK0
Options:
- -
autoExecute: false (default) - all alerts require manual button press - INLINECODE2�:
"allow-once" (default, conservative) or "allow" (permanent rule)
Installation
Prerequisites
Run the check script first:
�CODEBLOCK1
Required:
- - LuLu Firewall: �INLINECODE5
- Node.js: �INLINECODE6
- OpenClaw Gateway: Running with Telegram channel configured
- Accessibility Permission: System Settings > Privacy > Accessibility > Enable Terminal/osascript
Gateway Configuration (Required)
The monitor calls sessions_spawn via OpenClaw's /tools/invoke HTTP API. This tool is blocked by default. Add it to the allowlist in ~/.openclaw/openclaw.json:
CODEBLOCK2
Without this, alerts will be detected but fail to forward (404 in logs).
Install
CODEBLOCK3
This will:
- 1. Clone the repo to �INLINECODE10
- Install npm dependencies
- Set up launchd for auto-start
- Start the service
Verify
CODEBLOCK4
Should return �INLINECODE11
Sending Alerts with Inline Buttons
⚠️ The message tool's buttons/components parameter does NOT work for Telegram inline buttons. You must use the CLI via exec:
CODEBLOCK5
After sending via CLI, reply with NO_REPLY to avoid duplicate messages.
Handling Callbacks
When user clicks a Telegram button, OpenClaw receives a callback like:
�CODEBLOCK6
To handle it, call the local endpoint:
�CODEBLOCK7
This will:
- 1. Click the appropriate button on LuLu alert
- Set Rule Scope to "endpoint"
- Set Rule Duration to "Always" or "Process lifetime"
- Edit the Telegram message to show result
Troubleshooting
Service not running
�CODEBLOCK8
Accessibility permission issues
AppleScript needs permission to control LuLu. Go to:
System Settings > Privacy & Security > Accessibility
Enable: Terminal, iTerm, or whatever terminal you use
Alert not detected
- - Ensure LuLu is running: �INLINECODE17
- Check if alert window exists: �INLINECODE18
Uninstall
CODEBLOCK9
技能名称: lulu-monitor
详细描述:
LuLu Monitor
macOS 上 LuLu 防火墙 的 AI 驱动伴侣。
功能说明
- 1. 监控 LuLu 防火墙的弹窗警报
- 提取连接信息(进程、IP、端口、DNS)
- 调用快速 AI(haiku)分析连接
- 通过 Telegram 发送风险评估通知
- 提供 4 个操作按钮:始终允许、允许一次、始终阻止、阻止一次
- 用户点击按钮后,在 LuLu 上执行相应操作
自动执行模式(可选)
为减少干扰,可启用自动执行模式。当 AI 有高置信度(如 curl、brew、node、git 等已知安全程序连接正常目标)时,将:
- 1. 自动执行允许操作
- 仍发送 Telegram 通知,说明自动允许的内容
启用方法:
bash
在安装目录创建 config.json
cat > ~/.openclaw/lulu-monitor/config.json << EOF
{
telegramId: 你的
TELEGRAMID,
autoExecute: true,
autoExecuteAction: allow-once
}
EOF
选项说明:
- - autoExecute:false(默认)- 所有警报需手动点击按钮
- autoExecuteAction:allow-once(默认,保守)或 allow(永久规则)
安装
前置条件
先运行检查脚本:
bash
bash scripts/check-prerequisites.sh
所需条件:
- - LuLu 防火墙:brew install --cask lulu
- Node.js:brew install node
- OpenClaw 网关:已运行并配置 Telegram 频道
- 辅助功能权限:系统设置 > 隐私与安全性 > 辅助功能 > 启用终端/osascript
网关配置(必需)
监控器通过 OpenClaw 的 /tools/invoke HTTP API 调用 sessions_spawn。此工具默认被阻止。需将其添加到 ~/.openclaw/openclaw.json 的白名单中:
json5
{
gateway: {
tools: {
allow: [sessions_spawn]
}
}
}
未配置时,警报会被检测到但无法转发(日志中显示 404)。
安装
bash
bash scripts/install.sh
此操作将:
- 1. 将仓库克隆到 ~/.openclaw/lulu-monitor/
- 安装 npm 依赖
- 配置 launchd 实现自动启动
- 启动服务
验证
bash
curl http://127.0.0.1:4441/status
应返回 {running:true,...}
发送带内联按钮的警报
⚠️ message 工具的 buttons/components 参数不适用于 Telegram 内联按钮。 必须通过 exec 使用 CLI:
bash
openclaw message send --channel telegram --target <聊天ID> \
--message 🔔 LuLu 警报:<摘要> \
--buttons [[{text:✅ 始终允许,callbackdata:lulu:allow},{text:✅ 允许一次,callbackdata:lulu:allow-once}],[{text:❌ 始终阻止,callbackdata:lulu:block},{text:❌ 阻止一次,callbackdata:lulu:block-once}]]
通过 CLI 发送后,回复 NO_REPLY 以避免重复消息。
处理回调
用户点击 Telegram 按钮时,OpenClaw 会收到如下回调:
callback_data: lulu:allow
callback_data: lulu:allow-once
callback_data: lulu:block
callback_data: lulu:block-once
处理方式:调用本地端点:
bash
curl -X POST http://127.0.0.1:4441/callback \
-H Content-Type: application/json \
-d {action:allow} # 或 block、allow-once、block-once
此操作将:
- 1. 点击 LuLu 警报上的相应按钮
- 将规则范围设为 endpoint
- 将规则持续时间设为 始终 或 进程生命周期
- 编辑 Telegram 消息以显示结果
故障排除
服务未运行
bash
检查状态
launchctl list | grep lulu-monitor
查看日志
tail -f ~/.openclaw/lulu-monitor/logs/stdout.log
重启
launchctl unload ~/Library/LaunchAgents/com.openclaw.lulu-monitor.plist
launchctl load ~/Library/LaunchAgents/com.openclaw.lulu-monitor.plist
辅助功能权限问题
AppleScript 需要权限才能控制 LuLu。前往:
系统设置 > 隐私与安全性 > 辅助功能
启用:终端、iTerm 或你使用的任何终端
未检测到警报
- - 确保 LuLu 正在运行:pgrep -x LuLu
- 检查警报窗口是否存在:osascript -e tell application System Events to tell process LuLu to get every window
卸载
bash
bash ~/.openclaw/lulu-monitor/skill/scripts/uninstall.sh
