mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-01 20:56:41 +00:00
af64a824a1
Policy: add sandbox posture conformance checks (#85572)
Merged via squash.
Prepared head SHA: 1cf1953d8c
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Reviewed-by: @giodl73-repo
63 lines
2.6 KiB
Markdown
63 lines
2.6 KiB
Markdown
---
|
|
summary: "Adds policy-backed doctor checks for workspace conformance."
|
|
read_when:
|
|
- You are installing, configuring, or auditing the policy plugin
|
|
title: "Policy plugin"
|
|
---
|
|
|
|
# Policy plugin
|
|
|
|
Adds policy-backed doctor checks for workspace conformance.
|
|
|
|
## Distribution
|
|
|
|
- Package: `@openclaw/policy`
|
|
- Install route: included in OpenClaw
|
|
|
|
## Surface
|
|
|
|
plugin
|
|
|
|
## Behavior
|
|
|
|
The Policy plugin contributes doctor health checks for policy-managed OpenClaw
|
|
settings and governed workspace declarations. Policy currently covers channel
|
|
conformance, governed tool metadata, MCP server posture, model-provider posture,
|
|
private-network access posture, Gateway exposure posture, agent workspace/tool
|
|
posture, configured global/per-agent tool posture, configured sandbox runtime
|
|
posture, and OpenClaw config secret provider/auth profile posture.
|
|
|
|
Policy stores authored requirements in `policy.jsonc`, observes existing
|
|
OpenClaw settings and workspace declarations as evidence, and reports drift
|
|
through `openclaw policy check` and `openclaw doctor --lint`. A clean policy
|
|
check emits policy, evidence, findings, and attestation hashes that operators
|
|
can record for audit.
|
|
|
|
Tool posture rules can require approved profiles, workspace-only filesystem
|
|
tools, bounded exec security/ask/host settings, disabled elevated mode, exact
|
|
`alsoAllow` entries, and required tool deny entries. The evidence records
|
|
additive `alsoAllow` entries because they can widen effective tool posture.
|
|
These checks observe config conformance only; they do not read runtime approval
|
|
state or add runtime enforcement.
|
|
|
|
Sandbox posture rules can require approved sandbox modes/backends, deny host
|
|
container networking, deny container namespace joins, require read-only container
|
|
mounts, deny container runtime socket mounts and unconfined container profiles,
|
|
and require sandbox browser CDP source ranges.
|
|
These checks observe config conformance only; they do not read runtime approval
|
|
state, inspect live containers, or add runtime enforcement.
|
|
|
|
Named agent policy scopes under `scopes.<scopeName>` can add stricter
|
|
normal policy sections for the runtime agent ids listed in `agentIds`. The
|
|
supported scoped sections are `tools`, `agents.workspace`, and `sandbox`.
|
|
Every scope present in `policy.jsonc` must be valid and
|
|
enforceable for its selector. Overlay rules are additional claims, so they do
|
|
not weaken top-level policy and can produce their own findings when the same
|
|
observed config violates both scopes. Runtime agent ids that are not explicitly
|
|
listed in `agents.list[]` are checked against inherited global/default posture
|
|
rather than silently passing with no evidence.
|
|
|
|
## Related docs
|
|
|
|
- [policy](/cli/policy)
|