08beb6b0e8
Merged via squash.
Prepared head SHA: 2023e8cba1
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Reviewed-by: @giodl73-repo
3.0 KiB
summary, read_when, title
| summary | read_when | title | |
|---|---|---|---|
| Adds policy-backed doctor checks for workspace conformance. |
|
Policy plugin |
Policy plugin
Adds policy-backed doctor checks for workspace conformance.
Distribution
- Package:
@openclaw/policy - Install route: included in OpenClaw
Surface
plugin
Behavior
The Policy plugin contributes doctor health checks for policy-managed OpenClaw settings and governed workspace declarations. Policy currently covers channel conformance, governed tool metadata, MCP server posture, model-provider posture, private-network access posture, Gateway exposure posture, agent workspace/tool posture, configured global/per-agent tool posture, configured sandbox runtime posture, ingress/channel access posture, and OpenClaw config secret provider/auth profile posture.
Policy stores authored requirements in policy.jsonc, observes existing
OpenClaw settings and workspace declarations as evidence, and reports drift
through openclaw policy check and openclaw doctor --lint. A clean policy
check emits policy, evidence, findings, and attestation hashes that operators
can record for audit.
openclaw policy compare --baseline <file> compares one policy file to another
policy file. It is config-level conformance only: it uses policy rule metadata
to verify that the checked policy is not missing or weaker than the authored
baseline, and it does not inspect runtime state, credentials, or secret values.
Tool posture rules can require approved profiles, workspace-only filesystem
tools, bounded exec security/ask/host settings, disabled elevated mode, exact
alsoAllow entries, and required tool deny entries. The evidence records
additive alsoAllow entries because they can widen effective tool posture.
These checks observe config conformance only; they do not read runtime approval
state or add runtime enforcement.
Sandbox posture rules can require approved sandbox modes/backends, deny host container networking, deny container namespace joins, require read-only container mounts, deny container runtime socket mounts and unconfined container profiles, and require sandbox browser CDP source ranges. These checks observe config conformance only; they do not read runtime approval state, inspect live containers, or add runtime enforcement.
Named policy scopes under scopes.<scopeName> can add stricter normal policy
sections for the selector they list. agentIds supports tools,
agents.workspace, and sandbox; channelIds supports ingress.channels.
Runtime agent ids that are not explicitly listed in agents.list[] are checked
against inherited global/default posture rather than silently passing with no
evidence. Every scope present in policy.jsonc must be valid and enforceable
for its selector. Overlay rules are additional claims, so they do not weaken
top-level policy and can produce their own findings when the same observed
config violates both scopes.