diff --git a/.gitignore b/.gitignore index 9047b834445..70bbb115fe7 100644 --- a/.gitignore +++ b/.gitignore @@ -94,6 +94,8 @@ tmp/ IDENTITY.md USER.md *.tgz +*.tar.gz +*.zip .idea # local tooling @@ -153,6 +155,9 @@ apps/ios/LocalSigning.xcconfig apps/ios/build/ apps/shared/OpenClawKit/build/ Swabble/build/ +*.xcresult +*.trace +*.profraw # Generated protocol schema (produced via pnpm protocol:gen) dist/protocol.schema.json diff --git a/SECURITY.md b/SECURITY.md index 4958c88f936..5cc0c44f805 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -26,6 +26,7 @@ For OpenClaw core issues, submit through a private [GitHub Security Advisory](ht Maintainers may close, hide, delete, or otherwise take down public issues and PRs that disclose vulnerabilities or active security issues. We will redirect those reports through the private disclosure process so the issue can be triaged and fixed without giving attackers a public playbook. For full reporting instructions see our [Trust page](https://trust.openclaw.ai). +For maintainer response workflow, see the [incident response plan](docs/security/incident-response.md). OpenClaw does not currently run a paid bug bounty program. Please still disclose responsibly so we can fix real issues quickly. The best way to help the project right now is to send high-signal reports and, when practical, focused PRs. diff --git a/INCIDENT_RESPONSE.md b/docs/security/incident-response.md similarity index 87% rename from INCIDENT_RESPONSE.md rename to docs/security/incident-response.md index 90516b82374..fedde0c2f15 100644 --- a/INCIDENT_RESPONSE.md +++ b/docs/security/incident-response.md @@ -1,4 +1,13 @@ -# OpenClaw Incident Response Plan +--- +summary: "How OpenClaw triages, responds to, and follows up on security incidents" +title: "Incident response" +read_when: + - Responding to a security report or suspected security incident + - Preparing a coordinated disclosure or patched security release + - Reviewing post-incident follow-up expectations +--- + +# Incident Response ## 1. Detection and triage