Skip to content

v0.2.9

Choose a tag to compare

View all tags
@rookiestar28 rookiestar28 released this 13 Feb 17:44
· 72 commits to main since this release
v0.2.9
000271c

Security Hardening: Auth/Observability boundaries, connector command controls, registry trust policy, transform isolation, integrity checks, and safe tooling controls

  • Delivered observability tier hardening with explicit sensitivity split:
    • Public-safe: /openclaw/health
    • Observability token: /openclaw/config, /openclaw/events, /openclaw/events/stream
    • Admin-only: /openclaw/logs/tail, /openclaw/trace/{prompt_id}, /openclaw/secrets/status, /openclaw/security/doctor
  • Delivered constrained transform isolation hardening:
    • process-boundary execution via TransformProcessRunner
    • timeout/output caps and network-deny worker posture
    • feature-gated default-off behavior for safer rollout
  • Delivered approval/checkpoint integrity hardening:
    • canonical JSON + SHA-256 integrity envelopes
    • tamper detection and fail-closed handling on integrity violations
    • migration-safe loading behavior for legacy persistence files
  • Delivered external tooling execution policy:
    • allowlist-driven tool definitions (data/tools_allowlist.json)
    • strict argument validation, bounded timeout/output, and redacted output handling
    • gated by OPENCLAW_ENABLE_EXTERNAL_TOOLS plus admin access policy
  • Extended security doctor coverage with wave-2 checks:
    • validates transform isolation posture
    • reports external tooling posture
    • verifies integrity module availability
  • Auth-coverage contract tests were updated to include new tool routes and prevent future route-auth drift regressions.
  • Added connector command authorization hardening:
    • separates command visibility from command execution privileges
    • centralizes per-command access checks to reduce cross-platform auth drift
    • supports explicit allow-list policy controls for sensitive command classes
    • adds operator-configurable command policy controls via OPENCLAW_COMMAND_OVERRIDES and OPENCLAW_COMMAND_ALLOW_FROM_{PUBLIC|RUN|ADMIN}
  • Added registry anti-abuse controls for remote distribution paths:
    • bounded request-rate controls and deduplication windows reduce abuse and accidental hot loops
    • stale anti-abuse state pruning keeps long-running deployments stable
  • Added registry preflight and trust-policy hardening:
    • static package safety checks are enforced before activation paths
    • policy-driven signature/trust posture supports audit and strict enforcement modes
    • registry trust mode is operator-controlled via OPENCLAW_REGISTRY_POLICY and preflight verification enforces fail-closed file-path requirements
Assets 2
Loading