Skip to content

Commit f7b2c42

Browse files
committed
docs: add advanced runtime/security setup guides, update README TOC and bridge docs
1 parent ca2552f commit f7b2c42

File tree

8 files changed

+256
-27
lines changed

8 files changed

+256
-27
lines changed

README.md

Lines changed: 41 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,6 @@ This project is intentionally **not** a general-purpose assistant platform with
152152

153153
- [Installation](#installation)
154154
- [Quick Start (Minimal)](#quick-start-minimal)
155-
- [Sprint A Reliability Highlights](#sprint-a-reliability-highlights)
156155
- [Configure an LLM key](#1-configure-an-llm-key-for-plannerrefinervision-helpers)
157156
- [Configure webhook auth](#2-configure-webhook-auth-required-for-webhook)
158157
- [Set an Admin Token](#3-optional-recommended-set-an-admin-token)
@@ -170,11 +169,15 @@ This project is intentionally **not** a general-purpose assistant platform with
170169
- [Templates](#templates)
171170
- [Execution Budgets](#execution-budgets)
172171
- [LLM Failover](#llm-failover)
172+
- [Advanced Security and Runtime Setup](#advanced-security-and-runtime-setup)
173+
- [Runtime hardening and startup gates](#runtime-hardening-and-startup-gates)
174+
- [Remote registry sync and constrained transforms](#remote-registry-sync-and-constrained-transforms)
175+
- [Connector command authorization policy](#connector-command-authorization-policy)
173176
- [State Directory & Logs](#state-directory--logs)
174177
- [Troubleshooting](#troubleshooting)
175178
- [Tests](#tests)
176179
- [Updating](#updating)
177-
- [Remote Control (Connector)](#-remote-control-connector)
180+
- [Remote Control (Connector)](#remote-control-connector)
178181
- [Security](#security)
179182

180183
---
@@ -194,17 +197,7 @@ If the UI loads but endpoints return 404, ComfyUI likely did not load the Python
194197

195198
## Quick Start (Minimal)
196199

197-
### Sprint A Reliability Highlights
198-
199-
Sprint A closes the M1 release gate with stronger config behavior and safer local convenience mode:
200-
201-
- `R53`: config save/apply semantics are explicit in `PUT /openclaw/config` responses
202-
- `R54`: frontend guards for stale/partial settings states reduce accidental overwrite risk
203-
- `R57`: provider/model precedence is deterministic and stable across save/test/chat paths
204-
- `S27`: `/openclaw/llm/chat` enforces same-origin checks in localhost convenience mode
205-
- `R60`: `/openclaw/llm/models` uses bounded in-memory caching (TTL + max entries)
206-
207-
### 1) Configure an LLM key (for Planner/Refiner/vision helpers)
200+
### 1 Configure an LLM key (for Planner/Refiner/vision helpers)
208201

209202
Set at least one of:
210203

@@ -334,12 +327,12 @@ Notes:
334327
- `POST /openclaw/webhook/validate` -dry-run render (no queue submission; includes render budgets + warnings)
335328
- `POST /openclaw/webhook/submit` -full pipeline: auth -normalize -idempotency -render -submit to queue
336329

337-
**Payload Mapping (F40)**:
330+
**Payload mapping**:
338331

339332
- Submit arbitrary payloads (GitHub, Discord, etc.) by adding `X-Webhook-Mapping-Profile: github_push` (or `discord_message`).
340333
- The internal engine maps fields to the canonical schema before validation.
341334

342-
**Job Events (R71)**:
335+
**Job events**:
343336

344337
- `GET /openclaw/events/stream` -SSE endpoint for real-time job lifecycle events (queued, running, completed, failed).
345338
- `GET /openclaw/events` -JSON polling fallback.
@@ -428,6 +421,7 @@ Bridge route groups:
428421
- `GET /bridge/health`
429422
- `POST /bridge/submit`
430423
- `POST /bridge/deliver`
424+
- `POST /bridge/handshake` (protocol compatibility check during sidecar startup)
431425
- Worker bridge routes:
432426
- `GET /bridge/worker/poll`
433427
- `POST /bridge/worker/result/{job_id}`
@@ -454,6 +448,35 @@ Standalone worker runtime:
454448
- Current implementation note:
455449
- worker queue/result/heartbeat persistence is in-memory (MVP); use persistent backing for production durability.
456450

451+
## Advanced Security and Runtime Setup
452+
453+
### Runtime hardening and startup gates
454+
455+
- Runtime profile resolution, startup security enforcement, module startup boundaries, and bridge protocol compatibility are documented in:
456+
- `docs/runtime_hardening_and_startup.md`
457+
- Key settings:
458+
- `OPENCLAW_RUNTIME_PROFILE` (`minimal` or `hardened`)
459+
- `OPENCLAW_BRIDGE_ENABLED`
460+
- `OPENCLAW_BRIDGE_DEVICE_TOKEN`, `OPENCLAW_BRIDGE_ALLOWED_DEVICE_IDS`
461+
462+
### Remote registry sync and constrained transforms
463+
464+
- Optional remote registry sync and constrained transform execution are documented in:
465+
- `docs/advanced_registry_and_transforms.md`
466+
- Key settings:
467+
- `OPENCLAW_ENABLE_REGISTRY_SYNC`, `OPENCLAW_REGISTRY_POLICY`
468+
- `OPENCLAW_ENABLE_TRANSFORMS`, `OPENCLAW_TRANSFORM_*`
469+
470+
### Connector command authorization policy
471+
472+
- Connector command authorization and allow-from policies are documented in:
473+
- `docs/connector.md#command-authorization-policy`
474+
- Key settings:
475+
- `OPENCLAW_COMMAND_OVERRIDES`
476+
- `OPENCLAW_COMMAND_ALLOW_FROM_PUBLIC`
477+
- `OPENCLAW_COMMAND_ALLOW_FROM_RUN`
478+
- `OPENCLAW_COMMAND_ALLOW_FROM_ADMIN`
479+
457480
## Templates
458481

459482
Templates live in `data/templates/`.
@@ -558,7 +581,7 @@ Notes:
558581
- If your pack folder name is not `comfyui-openclaw`, the smoke script may need `OPENCLAW_PACK_IMPORT_NAME=your-folder-name`.
559582
- If imports fail with a `services.*` module error, check for name collisions with other custom nodes and prefer package-relative imports.
560583

561-
### Operator Doctor (R72)
584+
### Operator Doctor
562585

563586
Run the built-in diagnostic tool to verify environment readiness (libraries, permissions, contract files):
564587

@@ -592,7 +615,7 @@ python3 -m unittest discover -s tests -p "test_*.py"
592615
- Git install: `git pull` inside `custom_nodes/comfyui-openclaw/`, then restart ComfyUI.
593616
- ComfyUI-Manager install: update from Manager UI, then restart ComfyUI.
594617

595-
## ? Remote Control (Connector)
618+
## Remote Control (Connector)
596619

597620
OpenClaw includes a standalone **Connector** process that allows you to control your local instance securely via **Telegram**, **Discord**, **LINE**, **WhatsApp**, **WeChat**, and **KakaoTalk**.
598621

@@ -603,7 +626,7 @@ OpenClaw includes a standalone **Connector** process that allows you to control
603626
- **WeChat encrypted mode**: Official Account encrypted webhook mode is supported when AES settings are configured.
604627
- **KakaoTalk response safety**: QuickReply limits and safe fallback handling are enforced for reliable payload behavior.
605628

606-
[- **See Setup Guide (docs/connector.md)**](docs/connector.md)
629+
- [See Setup Guide (`docs/connector.md`)](docs/connector.md)
607630

608631
## Security
609632

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
# Advanced Registry Sync and Constrained Transforms
2+
3+
This guide covers optional, high-control features that are disabled by default.
4+
5+
## Overview
6+
7+
- Remote registry sync uses quarantine and trust policy controls.
8+
- Constrained transforms execute trusted Python modules with strict runtime limits.
9+
- Both features are fail-closed when disabled.
10+
11+
## Remote registry sync
12+
13+
Enable remote registry sync:
14+
15+
```bash
16+
OPENCLAW_ENABLE_REGISTRY_SYNC=1
17+
```
18+
19+
Trust policy:
20+
21+
- `OPENCLAW_REGISTRY_POLICY=audit` (default): records signature/provenance issues for review
22+
- `OPENCLAW_REGISTRY_POLICY=strict`: rejects non-compliant artifacts
23+
24+
Behavior highlights:
25+
26+
- Quarantine lifecycle is persisted under the state directory:
27+
- `registry/quarantine/index.json`
28+
- Entries are tracked with audit trail records.
29+
- Anti-abuse controls include bounded dedupe windows and rate limiting.
30+
- Integrity and policy checks are enforced before activation paths.
31+
32+
If registry sync is not enabled, registry operations fail closed.
33+
34+
## Constrained transforms
35+
36+
Enable constrained transforms:
37+
38+
```bash
39+
OPENCLAW_ENABLE_TRANSFORMS=1
40+
```
41+
42+
Runtime limits:
43+
44+
- `OPENCLAW_TRANSFORM_TIMEOUT` (seconds, default `5`)
45+
- `OPENCLAW_TRANSFORM_MAX_OUTPUT` (bytes, default `65536`)
46+
- `OPENCLAW_TRANSFORM_MAX_PER_REQUEST` (default `5`)
47+
48+
Trusted module paths:
49+
50+
- Default trusted directory: `data/transforms`
51+
- Add extra trusted directories with `OPENCLAW_TRANSFORM_TRUSTED_DIRS`
52+
- Use OS path separator (`;` on Windows, `:` on Linux/macOS)
53+
54+
Security controls:
55+
56+
- Only `.py` modules are allowed
57+
- Module size is capped
58+
- Module hash is pinned at registration time
59+
- Integrity is re-checked before execution
60+
- Execution is bounded by timeout and output budget
61+
62+
If transforms are disabled, transform execution is denied and mapping-only behavior continues.
63+
64+
## Example hardened operator profile
65+
66+
```bash
67+
OPENCLAW_ENABLE_REGISTRY_SYNC=1
68+
OPENCLAW_REGISTRY_POLICY=strict
69+
OPENCLAW_ENABLE_TRANSFORMS=1
70+
OPENCLAW_TRANSFORM_TIMEOUT=3
71+
OPENCLAW_TRANSFORM_MAX_OUTPUT=32768
72+
OPENCLAW_TRANSFORM_MAX_PER_REQUEST=3
73+
```
74+
75+
## Rollout notes
76+
77+
1. Enable one feature at a time in a non-production environment.
78+
2. Review logs and operator diagnostics after startup.
79+
3. Keep strict policies for public or multi-tenant deployments.
80+
4. Treat trusted transform directories as code deployment boundaries.

docs/connector.md

Lines changed: 37 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,7 @@ Set the following environment variables (or put them in a `.env` file if you use
109109
- `OPENCLAW_CONNECTOR_KAKAO_PORT`: Port (default `8096`).
110110
- `OPENCLAW_CONNECTOR_KAKAO_PATH`: Webhook path (default `/kakao/webhook`).
111111

112-
**Image Delivery (F33):**
112+
**Image Delivery:**
113113

114114
- `OPENCLAW_CONNECTOR_PUBLIC_BASE_URL`: Public HTTPS URL of your connector (e.g. `https://your-tunnel.example.com`). Required for sending images.
115115
- `OPENCLAW_CONNECTOR_MEDIA_PATH`: URL path for serving temporary media (default `/media`).
@@ -122,6 +122,42 @@ Set the following environment variables (or put them in a `.env` file if you use
122122
> WeChat currently supports text-first control. Image/media upload delivery is not implemented in phase 1.
123123
> Kakao currently supports text-first control and quick replies. Rich media delivery is not enabled in the default Kakao webhook flow.
124124
125+
### Command authorization policy
126+
127+
Connector commands are evaluated through a centralized authorization policy with three command classes:
128+
129+
- `public`: low-risk status/help style commands
130+
- `run`: execution commands such as `/run` (still subject to trust/approval behavior)
131+
- `admin`: sensitive commands such as `/trace`, `/approvals`, `/approve`, `/reject`, and schedule controls
132+
133+
Default behavior:
134+
135+
- If no explicit allow-from list is configured for a command class, class-level defaults apply.
136+
- `admin` commands require the sender to be in `OPENCLAW_CONNECTOR_ADMIN_USERS`.
137+
- `public` and `run` commands still pass through each platform adapter's trust/allowlist checks.
138+
139+
Optional policy controls:
140+
141+
- `OPENCLAW_COMMAND_OVERRIDES`: JSON object mapping command name to class (`public`, `run`, `admin`).
142+
- `OPENCLAW_COMMAND_ALLOW_FROM_PUBLIC`: comma-separated sender IDs.
143+
- `OPENCLAW_COMMAND_ALLOW_FROM_RUN`: comma-separated sender IDs.
144+
- `OPENCLAW_COMMAND_ALLOW_FROM_ADMIN`: comma-separated sender IDs.
145+
146+
Normalization rules:
147+
148+
- Command keys in `OPENCLAW_COMMAND_OVERRIDES` are normalized to lowercase.
149+
- Missing leading `/` is added automatically.
150+
151+
Example:
152+
153+
```bash
154+
OPENCLAW_COMMAND_OVERRIDES='{"run":"admin","/status":"public"}'
155+
OPENCLAW_COMMAND_ALLOW_FROM_ADMIN=alice_id,bob_id
156+
OPENCLAW_COMMAND_ALLOW_FROM_RUN=alice_id,ops_bot_id
157+
```
158+
159+
If a class-level `OPENCLAW_COMMAND_ALLOW_FROM_*` list is set and non-empty, only listed IDs can run that class.
160+
125161
### 3. Usage
126162

127163
#### Running the Connector

docs/release/ci_regression_policy.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# CI Regression Policy (R52)
1+
# CI Regression Policy
22

33
To ensure stability and prevent regressions, all Pull Requests (PRs) must pass the following checks before merge.
44

@@ -32,5 +32,5 @@ They must pass even when internal implementation details change.
3232
If a change breaks a contract test:
3333

3434
1. **Verify**: Is the breakage intentional?
35-
2. **Deprecate**: If yes, follow the Deprecation Policy (R51).
35+
2. **Deprecate**: If yes, follow the Deprecation Policy.
3636
3. **Update**: Update the contract test to reflect the new behavior.

docs/release/compatibility_matrix.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# Compatibility Matrix (R51)
1+
# Compatibility Matrix
22

33
This document outlines the validated environments for ComfyUI-OpenClaw `v0.2.1` (M1 Release).
44

docs/release/support_policy.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# Support Policy (R51)
1+
# Support Policy
22

33
## Support Tiers
44

Lines changed: 90 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,90 @@
1+
# Runtime Hardening and Startup
2+
3+
This guide explains the startup security model and bridge compatibility behavior.
4+
5+
## What this covers
6+
7+
- Runtime profile selection
8+
- Hardened startup enforcement behavior
9+
- Module startup boundaries
10+
- Bridge protocol handshake compatibility
11+
12+
## Runtime profile
13+
14+
Use `OPENCLAW_RUNTIME_PROFILE` to select startup posture:
15+
16+
- `minimal` (default): compatibility-first
17+
- `hardened`: strict fail-closed startup checks
18+
19+
If the value is unknown, startup falls back to `minimal` with a warning.
20+
21+
You can verify the active profile through:
22+
23+
- `GET /openclaw/capabilities`
24+
- `GET /moltbot/capabilities`
25+
26+
The response includes `runtime_profile`.
27+
28+
## Hardened startup enforcement
29+
30+
When `OPENCLAW_RUNTIME_PROFILE=hardened`, startup enforces mandatory controls and aborts on failure.
31+
32+
Current mandatory checks:
33+
34+
- Authentication is configured for privileged actions
35+
- Unsafe egress bypass is not enabled:
36+
- `OPENCLAW_ALLOW_ANY_PUBLIC_LLM_HOST` must not bypass policy
37+
- `OPENCLAW_ALLOW_INSECURE_BASE_URL` must not bypass policy
38+
- If webhook module is active, webhook auth mode must be configured
39+
- Redaction service must be available
40+
41+
In `minimal` mode, the same checks emit warnings but do not block startup.
42+
43+
## Module startup boundaries
44+
45+
Module enablement is decided during startup and then locked.
46+
47+
Current boundary behavior:
48+
49+
- Core, security, observability, scheduler, webhook, and connector modules are initialized at startup
50+
- Bridge module initialization is conditional on `OPENCLAW_BRIDGE_ENABLED`
51+
- If bridge is disabled, bridge route registration is skipped
52+
53+
## Bridge protocol handshake
54+
55+
Sidecar startup performs protocol compatibility negotiation with:
56+
57+
- `POST /bridge/handshake`
58+
59+
Request body:
60+
61+
```json
62+
{ "version": 1 }
63+
```
64+
65+
Response behavior:
66+
67+
- `200` when compatible
68+
- `409` when incompatible (too old or too new)
69+
- Includes compatibility metadata such as server version and minimum supported version
70+
71+
The sidecar bridge client executes this handshake during startup before worker polling.
72+
73+
## Recommended startup baseline
74+
75+
Use this as a starting point for hardened deployments:
76+
77+
```bash
78+
OPENCLAW_RUNTIME_PROFILE=hardened
79+
OPENCLAW_ADMIN_TOKEN=replace-with-strong-token
80+
OPENCLAW_WEBHOOK_AUTH_MODE=hmac
81+
OPENCLAW_WEBHOOK_HMAC_SECRET=replace-with-strong-secret
82+
OPENCLAW_BRIDGE_ENABLED=1
83+
OPENCLAW_BRIDGE_DEVICE_TOKEN=replace-with-bridge-device-token
84+
```
85+
86+
Then validate:
87+
88+
1. Restart ComfyUI and check startup logs for security gate result.
89+
2. Call `GET /openclaw/capabilities` and confirm `runtime_profile`.
90+
3. If sidecar is used, verify handshake succeeds before worker polling begins.

docs/sidecar.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ The **OpenClaw Gateway** (sidecar) is a separate process that:
4242
stored here (authenticated) (no secrets)
4343
```
4444

45-
## Bridge API (R13 Contract)
45+
## Bridge API Contract
4646

4747
The sidecar communicates with ComfyUI-OpenClaw via the Bridge API:
4848

@@ -77,6 +77,6 @@ All mutating operations require an `idempotency_key` to prevent duplicate proces
7777

7878
## Next Steps
7979

80-
1. ~~**F10**~~ ✅ Implemented: bridge endpoints in ComfyUI-OpenClaw
81-
2. ~~**F13**~~ ✅ Implemented: delivery adapter contract in ComfyUI-OpenClaw
82-
3. **F46**: Implement standalone sidecar process/runtime (external deployable service)
80+
1. Bridge endpoints in ComfyUI-OpenClaw are implemented.
81+
2. Delivery adapter contract in ComfyUI-OpenClaw is implemented.
82+
3. Implement standalone sidecar process/runtime (external deployable service).

0 commit comments

Comments
 (0)