5fb83af3e3
Policy: add ingress channel conformance checks (#85744)
Merged via squash.
Prepared head SHA: bd63c8d153
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Reviewed-by: @giodl73-repo
2.7 KiB
summary, read_when, title
| summary | read_when | title | |
|---|---|---|---|
| Adds policy-backed doctor checks for workspace conformance. |
|
Policy plugin |
Policy plugin
Adds policy-backed doctor checks for workspace conformance.
Distribution
- Package:
@openclaw/policy - Install route: included in OpenClaw
Surface
plugin
Behavior
The Policy plugin contributes doctor health checks for policy-managed OpenClaw settings and governed workspace declarations. Policy currently covers channel conformance, governed tool metadata, MCP server posture, model-provider posture, private-network access posture, Gateway exposure posture, agent workspace/tool posture, configured global/per-agent tool posture, configured sandbox runtime posture, ingress/channel access posture, and OpenClaw config secret provider/auth profile posture.
Policy stores authored requirements in policy.jsonc, observes existing
OpenClaw settings and workspace declarations as evidence, and reports drift
through openclaw policy check and openclaw doctor --lint. A clean policy
check emits policy, evidence, findings, and attestation hashes that operators
can record for audit.
Tool posture rules can require approved profiles, workspace-only filesystem
tools, bounded exec security/ask/host settings, disabled elevated mode, exact
alsoAllow entries, and required tool deny entries. The evidence records
additive alsoAllow entries because they can widen effective tool posture.
These checks observe config conformance only; they do not read runtime approval
state or add runtime enforcement.
Sandbox posture rules can require approved sandbox modes/backends, deny host container networking, deny container namespace joins, require read-only container mounts, deny container runtime socket mounts and unconfined container profiles, and require sandbox browser CDP source ranges. These checks observe config conformance only; they do not read runtime approval state, inspect live containers, or add runtime enforcement.
Named policy scopes under scopes.<scopeName> can add stricter normal policy
sections for the selector they list. agentIds supports tools,
agents.workspace, and sandbox; channelIds supports ingress.channels.
Runtime agent ids that are not explicitly listed in agents.list[] are checked
against inherited global/default posture rather than silently passing with no
evidence. Every scope present in policy.jsonc must be valid and enforceable
for its selector. Overlay rules are additional claims, so they do not weaken
top-level policy and can produce their own findings when the same observed
config violates both scopes.