#21648: feat: execution plan governance plugin

## **Summary** Introduces a plan-first governance layer making execution explicit and inspectable. Before tools run, an LLM generates a structured execution plan. The plan becomes the single source of truth — nothing happens unless it's in the plan. ## **Why** Current flow: LLM decides tool → tool executes → you find out after. Governed flow: LLM generates plan → plan validated → execution bound to plan. This complements security guardrails \#6095: they block *dangerous* calls, this blocks *unplanned* calls. ## **How It Works** 1. `before_request` hook intercepts user message 2. LLM generates structured plan (schema-defined JSON) 3. Plan stored by `runId` 4. Plan later validated/constrained/executed (probably without free-form tool calls from LLM) — not present in this PR ## **Schema** Current simplistic schema: * `description_for_user` — human-readable summary * `five_w_one_h` — who, what, where, when, why, how * `procedure` — ordered steps, no branching * `surface_effects` — what gets touched/modified/created/deleted * `constraints` — hard limits * `execution_mode` — preview or execute ## **Related** * Depends on \#6095(hook system) * Sketch/discussion:[ https://github.com/nayname/openclaw-secure-stack/pull/1](https://github.com/nayname/openclaw-secure-stack/pull/1) ## **Status** Proof of concept. This PR defines the model and artifact shape — it does not implement enforcement or execution binding. Looking for feedback on whether this direction aligns with governance extensibility post-\#6095. <!-- greptile_comment --> <h3>Greptile Summary</h3> This PR introduces a governance layer that generates execution plans before tool execution. However, the implementation has several critical issues that prevent it from working: - Uses non-existent hook `before_request` instead of valid hooks like `before_agent_start` or `before_prompt_build` - Imports incorrect types from `@anthropic/plugin-sdk` that don't exist in the actual exports - Calls `api.completion()` method which is not available on the plugin API - Accesses `runId` on hook context where it doesn't exist - Empty planning prompt template that would cause plan generation to fail - Event structure assumptions that don't match actual hook event types The concept is solid and aligns with the security extensibility goals, but the code needs significant rework to use the correct OpenClaw plugin APIs and hooks defined in PR \#6095. <h3>Confidence Score: 0/5</h3> - This PR cannot be merged - it contains multiple critical implementation errors that would cause runtime failures - The code uses non-existent hooks, imports types that don't exist, calls undefined API methods, and has an empty planning prompt. These are not minor issues but fundamental implementation problems that prevent the code from executing at all. The plugin would fail immediately on load or first invocation. - extensions/external-plan-governance/index.ts requires complete rework to use correct OpenClaw plugin APIs and hook system _{Last reviewed commit: 404ad20} <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->