vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-28 22:06:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
53,359 Commits 1,843 Branches 149 Tags
3ee1489cf9ef6d9030d893761ba01c2fefbbd35c
Commit Graph

9 Commits

Author SHA1 Message Date
Gio Della-Libera
fbb6340542 Policy: add agent-scoped policy overlays (#85817) 
* feat(policy): add agent-scoped policy overlays

* docs(policy): use generic agent-scoped examples

* fix(policy): generalize scoped policy overlays

* fix(policy): clean scoped overlay checks

* fix(policy): evaluate inherited scoped agent posture

* chore(policy): keep agent harness out of scoped policy pr
 2026-05-25 08:45:16 -07:00
Gio Della-Libera
4ffbd07c06 docs(policy): add policy rule reference tables (#85795) 2026-05-23 16:59:33 -07:00
Gio Della-Libera
1e2e614748 Policy: add tool posture conformance checks (#85482) 
* feat(policy): add tool posture conformance

* fix(policy): attest tool alsoAllow posture
 2026-05-23 16:44:42 -07:00
Gio Della-Libera
a94f3444a0 Policy: add agent workspace conformance checks (#85096) 
* feat(policy): add agent workspace conformance

* chore(policy): refresh agent workspace checks

* fix(policy): require enabled sandbox for workspace policy

* fix(policy): align agent workspace evidence with runtime
 2026-05-22 20:24:31 -07:00
Gio Della-Libera
dcc5e45b50 Policy: add gateway exposure checks (#81981) 
* feat(policy): add gateway exposure conformance

* fix(policy): align custom bind exposure evidence
 2026-05-22 14:18:01 -07:00
Gio Della-Libera
c85feace54 Policy: add secret and auth conformance checks (#81974) 
* feat(policy): add secrets auth conformance

* fix(policy): include sandbox ssh secret data

* fix(policy): complete secret input provenance

* fix(policy): cover media request secrets

* fix(policy): satisfy policy lint

* fix(policy): narrow secret conformance evidence

* fix(policy): cover request bearer token secrets
 2026-05-22 12:48:14 -07:00
Gio Della-Libera
6dbd5bd446 Policy: add model, network, and MCP conformance checks (#80783) 
* feat(policy): add model network and mcp conformance checks

* fix(policy): validate conformance rule shapes

* fix(policy): quote dynamic evidence paths

* fix(policy): scan per-agent model maps

* fix(policy): normalize model provider conformance
 2026-05-21 07:27:16 -07:00
Gio Della-Libera
a30ac3f8d7 Policy: add tool metadata conformance (#80056) 
* feat(policy): add tool metadata conformance checks

* Add policy trusted tool runtime gate

* Use requireMetadata for tool policy

Make tools.requireMetadata the canonical policy schema for risk, sensitivity, and owner requirements. Update runtime enforcement, doctor findings, evidence parsing, tests, and policy docs to use the new schema.

* fix(policy): persist approval metadata

* fix(policy): refresh approval metadata artifacts

* docs(policy): list all tool finding checks

* fix(policy): parse multiline tool metadata

* test(policy): cover unparseable policy check output

* fix(policy): resolve oc-path api in packaged dist

* fix(policy): clear post-rebase CI failures

* test(policy): clear post-rebase CI failures

* fix(policy): restore watch and align validation

* fix(policy): clear ci gate failures

* Simplify policy tool evidence parsing
 2026-05-20 20:47:32 -07:00
Gio Della-Libera
cbf72e5e26 feat(policy): add channel conformance checks (#80407) 
Summary:
- Add the bundled Policy plugin with policy-backed doctor checks for channel conformance.
- Add `openclaw policy check` attestations, accepted-attestation drift checks, and opt-in doctor repair.
- Add policy CLI docs, generated plugin inventory/reference docs, and changelog credit.

Verification:
- node --import tsx scripts/sync-plugin-versions.ts --check
- pnpm plugins:inventory:check
- pnpm docs:list
- git diff --check origin/main..HEAD
- node scripts/run-vitest.mjs extensions/policy/src/policy-state.test.ts extensions/policy/src/cli.test.ts extensions/policy/src/doctor/register.test.ts src/flows/bundled-health-checks.test.ts src/cli/program/register.maintenance.test.ts
- codex review --uncommitted; accepted finding fixed, reran clean
- codex review --commit HEAD
- GitHub CI for 4e09b067f4: CI, Workflow Sanity, CodeQL, CodeQL Critical Quality, OpenGrep PR Diff, Real behavior proof, Dependency Change Awareness all green; reran failed Windows Node setup job successfully

Co-authored-by: Gio Della-Libera <giodl73@gmail.com>
Co-authored-by: Gio Della-Libera <giodl@microsoft.com>
 2026-05-20 11:50:21 +01:00