openclaw

mirror of https://github.com/openclaw/openclaw.git synced 2026-04-13 02:01:16 +00:00

Author	SHA1	Message	Date
Peter Steinberger	1351bacaa4	docs(security): clarify localhost shared-auth trust model	2026-04-05 23:12:52 +01:00
Peter Steinberger	35e1605147	feat: add configurable context visibility	2026-04-03 04:34:57 +09:00
Peter Steinberger	dc0e0b0f68	docs(security): mark shared-secret HTTP auth as designed	2026-03-31 22:58:09 +09:00
Vincent Koc	cd5179314d	fix(acp): use semantic approval classes	2026-03-31 20:49:31 +09:00
Peter Steinberger	0633406ff6	fix(gateway): restore compat HTTP operator auth	2026-03-31 16:49:30 +09:00
Peter Steinberger	276ccd2583	fix(exec): default implicit target to auto	2026-03-30 06:03:08 +09:00
Peter Steinberger	5d4c4bb850	fix(exec): restore runtime-aware implicit host default	2026-03-29 21:18:41 +01:00
Peter Steinberger	9692dc7668	fix(security): harden nodes owner-only tool gating	2026-03-12 22:27:52 +00:00
Peter Steinberger	dc3bb1890b	docs: clarify gateway HTTP trust boundary	2026-03-12 16:40:36 +00:00
Peter Steinberger	daaf211e20	fix(node-host): fail closed on unbound interpreter approvals	2026-03-11 02:36:38 +00:00
Peter Steinberger	53a7e3b6e5	docs(security): clarify trusted operator control surfaces	2026-03-07 13:52:22 +00:00
Peter Steinberger	d4ec0ed3c7	docs(security): clarify trusted-local hardening-only cases	2026-03-02 23:28:54 +00:00
Peter Steinberger	cf5702233c	docs(security)!: document messaging-only onboarding default and hook/model risk	2026-03-02 18:15:49 +00:00
Peter Steinberger	f8459ef46c	docs(security): document sessions_spawn sandbox=require hardening	2026-03-02 01:29:19 +00:00
Agent	a374325fc2	docs(security): clarify local link-priming reports as out-of-scope	2026-03-01 22:34:32 +00:00
Peter Steinberger	58171c8918	docs(security): clarify parity-only command-risk reports	2026-02-26 22:37:12 +01:00
Peter Steinberger	f4391c1725	docs(security): clarify Teams fileConsent uploadUrl report scope	2026-02-26 17:58:38 +01:00
Peter Steinberger	9597cf1890	docs(security): scope obfuscation parity reports as hardening	2026-02-26 17:58:25 +01:00
Peter Steinberger	38c4944d76	docs(security): clarify trusted plugin boundary	2026-02-25 04:39:11 +00:00
Peter Steinberger	def993dbd8	refactor(tmp): harden temp boundary guardrails	2026-02-24 23:51:10 +00:00
Peter Steinberger	2d159e5e87	docs(security): document openclaw temp-folder boundary	2026-02-24 23:11:19 +00:00
Peter Steinberger	370d115549	fix: enforce workspaceOnly for native prompt image autoload	2026-02-24 14:47:59 +00:00
Peter Steinberger	f6afc8c5b6	docs(security): clarify host-side exec trust model defaults	2026-02-24 02:40:18 +00:00
Peter Steinberger	4032390572	docs(security): clarify trusted user-triggered local actions	2026-02-24 02:29:09 +00:00
Peter Steinberger	f0f886ecc4	docs(security): clarify gateway-node trust boundary in docs	2026-02-24 01:35:44 +00:00
Peter Steinberger	cfa44ea6b4	fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907 ) * fix(channels): default allowFrom to id-only; add dangerous name opt-in * docs(security): align channel allowFrom docs with id-only default	2026-02-24 01:01:51 +00:00
Peter Steinberger	41b0568b35	docs(security): clarify shared-agent trust boundaries	2026-02-24 01:00:05 +00:00
Peter Steinberger	400220275c	docs: clarify multi-instance recommendations for user isolation	2026-02-24 00:40:08 +00:00
Peter Steinberger	7d55277d72	docs: clarify operator trust boundary for shared gateways	2026-02-24 00:25:01 +00:00
Peter Steinberger	d68380bb7f	docs(security): clarify exposed-secret report scope	2026-02-24 00:17:21 +00:00
Peter Steinberger	7b4d2cb5cb	docs(security): clarify trusted-config dos scope	2026-02-23 23:57:26 +00:00
Peter Steinberger	9af3ec92a5	fix(gateway): add HSTS header hardening and docs	2026-02-23 19:47:29 +00:00
Peter Steinberger	b13fc7eccd	docs(security): clarify workspace memory trust boundary	2026-02-22 11:22:29 +01:00
Peter Steinberger	de2e5c7b74	docs(security): clarify dangerous control-ui bypass policy	2026-02-22 10:11:46 +01:00
Peter Steinberger	17c9d550e9	docs: clarify sessionKey trust boundary in security policy	2026-02-22 08:21:53 +01:00
Peter Steinberger	810218756d	docs(security): clarify trusted-host deployment assumptions	2026-02-21 12:53:12 +01:00
Peter Steinberger	2e421f32df	fix(security): restore trusted plugin runtime exec default	2026-02-19 16:01:29 +01:00
Peter Steinberger	808a60d3bd	docs: clarify intentional network-visible canvas model in security policy	2026-02-19 14:25:41 +01:00
Peter Steinberger	5e7c3250cb	fix(security): add optional workspace-only path guards for fs tools	2026-02-14 23:50:24 +01:00
Peter Steinberger	24d2c6292e	refactor(security): refine safeBins hardening	2026-02-14 19:59:13 +01:00
Peter Steinberger	6a386a7886	docs(security): clarify canvas host exposure and auth	2026-02-14 14:57:19 +01:00
Peter Steinberger	e21a7aad54	docs: recommend loopback-only gateway bind	2026-02-14 12:36:32 +01:00
Jamieson O'Reilly	0657d7c772	docs: expand vulnerability reporting guidelines in SECURITY.md	2026-02-10 15:39:04 +11:00
theonejvo	74fbbda283	docs: add security & trust documentation Add threat model (MITRE ATLAS), contribution guide, and security directory README. Update SECURITY.md with trust page reporting instructions and Jamieson O'Reilly as Security & Trust. Co-Authored-By: theonejvo <theonejvo@users.noreply.github.com>	2026-02-08 21:53:05 +11:00
Armin Ronacher	a767c584c7	Add prompt injection attacks to out of scope section	2026-01-31 13:17:24 +01:00
Peter Steinberger	2cdfecdde3	docs: clarify security scope	2026-01-30 21:51:28 +01:00
Peter Steinberger	9a7160786a	refactor: rename to openclaw	2026-01-30 03:16:21 +01:00
Peter Steinberger	6d16a658e5	refactor: rename clawdbot to moltbot with legacy compat	2026-01-27 12:21:02 +00:00
Peter Steinberger	83460df96f	chore: update molt.bot domains	2026-01-27 12:21:01 +00:00
Peter Steinberger	8b56f0e68d	docs: warn against public web binding	2026-01-27 03:30:34 +00:00

1 2

53 Commits