limbo-ai 1.29.0 → 1.31.0

package/.gitlab-ci.yml

@@ -0,0 +1,208 @@
+# GitLab CI/CD — equivalent of .github/workflows/{ci,promote,publish}.yml
+# GitHub Actions originals are kept intact for when the account is restored.
+
+stages:
+  - test
+  - promote
+  - release
+
+variables:
+  NODE_VERSION: "22"
+  DOCKER_TLS_CERTDIR: "/certs"
+
+# ─── CI: runs on MRs and staging pushes ───────────────────────────
+
+docker-build:
+  stage: test
+  image: docker:latest
+  services:
+    - docker:dind
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == "staging"
+  script:
+    - docker build --tag limbo:ci-test .
+
+mcp-server-check:
+  stage: test
+  image: node:${NODE_VERSION}
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == "staging"
+  before_script:
+    - cd mcp-server && npm ci && cd ..
+  script:
+    - node --check mcp-server/index.js
+    - node --check setup-server/server.js
+
+tests:
+  stage: test
+  image: node:${NODE_VERSION}
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == "staging"
+  before_script:
+    - cd mcp-server && npm ci && cd ..
+  script:
+    - node -e "require('./cli.js')"
+    - node --test test/cli-filter.test.js test/cli-auth.test.js test/openclaw-migration.test.js test/setup-server.test.js test/entrypoint.test.js test/cli-compose.test.js test/red-phase.test.js test/mcp-tools.test.js test/cli-wizard-parity.test.js
+
+# ─── PROMOTE: auto-create MR from staging → main ──────────────────
+
+promote-staging-to-main:
+  stage: promote
+  image: alpine:latest
+  rules:
+    - if: $CI_COMMIT_BRANCH == "staging"
+  before_script:
+    - apk add --no-cache curl jq git
+  script:
+    - |
+      # Determine bump type from commits on staging not on main
+      git fetch origin main
+      COMMITS=$(git log origin/main..origin/staging --pretty=format:"%s" 2>/dev/null || echo "")
+      echo "--- Commits on staging not on main ---"
+      echo "$COMMITS"
+
+      if echo "$COMMITS" | grep -qE "^feat(\(.+\))?!:|BREAKING CHANGE"; then
+        TYPE="feat!"
+      elif echo "$COMMITS" | grep -qE "^feat(\(.+\))?:"; then
+        TYPE="feat"
+      elif echo "$COMMITS" | grep -qE "^fix(\(.+\))?:"; then
+        TYPE="fix"
+      else
+        TYPE="chore"
+      fi
+
+      echo "Bump type: $TYPE"
+
+      # Check for existing MR
+      EXISTING=$(curl -s --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" \
+        "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests?source_branch=staging&target_branch=main&state=opened" \
+        | jq '.[0].iid // empty')
+
+      if [ -z "$EXISTING" ]; then
+        # Create new MR
+        curl -s --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" \
+          -X POST "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests" \
+          -d "source_branch=staging" \
+          -d "target_branch=main" \
+          -d "title=${TYPE}: promote staging to main" \
+          -d "remove_source_branch=false" | jq '.web_url'
+        echo "Created new MR"
+      else
+        # Update existing MR title
+        curl -s --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" \
+          -X PUT "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests/${EXISTING}" \
+          -d "title=${TYPE}: promote staging to main" | jq '.web_url'
+        echo "Updated existing MR #${EXISTING}"
+      fi
+
+# ─── RELEASE: version bump + npm publish + docker push + tag ──────
+
+release:
+  stage: release
+  image: docker:latest
+  services:
+    - docker:dind
+  id_tokens:
+    NPM_ID_TOKEN:
+      aud: npm:registry.npmjs.org
+    SIGSTORE_ID_TOKEN:
+      aud: sigstore
+  environment: production
+  rules:
+    - if: $CI_COMMIT_BRANCH == "main"
+      when: on_success
+  variables:
+    GIT_STRATEGY: clone
+    GIT_DEPTH: "0"
+  before_script:
+    - apk add --no-cache nodejs npm git jq curl
+    - npm install -g npm@11.6.2
+  script:
+    - |
+      # Skip bot commits
+      if echo "$CI_COMMIT_MESSAGE" | grep -q "\[skip ci\]"; then
+        echo "Skipping release for [skip ci] commit"
+        exit 0
+      fi
+
+      # Determine version bump
+      LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
+      if [ -z "$LAST_TAG" ]; then
+        RANGE="HEAD"
+      else
+        RANGE="${LAST_TAG}..HEAD"
+      fi
+
+      COMMITS=$(git log "$RANGE" --first-parent --pretty=format:"%B" 2>/dev/null || echo "")
+      echo "--- First-parent commits since last tag ---"
+      echo "$COMMITS"
+
+      if echo "$COMMITS" | grep -qE "^feat(\(.+\))?!:|BREAKING CHANGE"; then
+        BUMP="major"
+      elif echo "$COMMITS" | grep -qE "^feat(\(.+\))?:"; then
+        BUMP="minor"
+      elif echo "$COMMITS" | grep -qE "^fix(\(.+\))?:"; then
+        BUMP="patch"
+      else
+        echo "No releasable changes found on main."
+        exit 0
+      fi
+
+      echo "Bump type: $BUMP"
+
+      # Bump version
+      npm version "$BUMP" --no-git-tag-version
+      VERSION=$(node -p "require('./package.json').version")
+      MAJOR=$(echo "$VERSION" | cut -d. -f1)
+      MINOR=$(echo "$VERSION" | cut -d. -f1-2)
+      echo "Publishing version: $VERSION"
+
+      # Docker: build and push to GitLab Container Registry
+      IMAGE="${CI_REGISTRY_IMAGE}"
+      echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+
+      docker build \
+        --tag "${IMAGE}:${VERSION}" \
+        --tag "${IMAGE}:${MINOR}" \
+        --tag "${IMAGE}:${MAJOR}" \
+        --tag "${IMAGE}:latest" \
+        .
+
+      docker push "${IMAGE}:${VERSION}"
+      docker push "${IMAGE}:${MINOR}"
+      docker push "${IMAGE}:${MAJOR}"
+      docker push "${IMAGE}:latest"
+
+      # npm publish (trusted publishing via OIDC — no token needed)
+      npm publish --provenance --access public
+
+      # Git: commit version bump and tag
+      git config user.name "gitlab-ci[bot]"
+      git config user.email "gitlab-ci[bot]@users.noreply.gitlab.com"
+      git remote set-url origin "https://oauth2:${GITLAB_TOKEN}@gitlab.com/${CI_PROJECT_PATH}.git"
+      git add package.json
+      git commit -m "chore: release v${VERSION} [skip ci]"
+      git tag "v${VERSION}"
+      git push origin main --follow-tags
+
+      # Create GitLab Release
+      PREV_TAG=$(git describe --tags --abbrev=0 "v${VERSION}^" 2>/dev/null || echo "")
+      if [ -n "$PREV_TAG" ]; then
+        CHANGELOG=$(git log "${PREV_TAG}..HEAD" --pretty=format:"- %s (%h)" --no-merges)
+      else
+        CHANGELOG=$(git log HEAD --pretty=format:"- %s (%h)" --no-merges)
+      fi
+
+      curl -s --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" \
+        -X POST "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases" \
+        -H "Content-Type: application/json" \
+        -d "{
+          \"tag_name\": \"v${VERSION}\",
+          \"name\": \"Limbo v${VERSION}\",
+          \"description\": $(echo "$CHANGELOG" | jq -Rs .)
+        }"
+
+      echo "Released v${VERSION}"

package/ARCHITECTURE.md

@@ -5,16 +5,16 @@
 
 ## What Is Limbo
 
-Self-hosted personal AI memory agent. Runs as a Docker container exposing a ZeroClaw gateway (WebSocket on :18789). Users interact via Telegram. The agent stores and retrieves knowledge from a markdown vault using MCP tools.
+Self-hosted personal AI memory agent. Runs as a Docker container exposing an OpenClaw gateway (WebSocket on :18789). Users interact via Telegram. The agent stores and retrieves knowledge from a markdown vault using MCP tools.
 
-**Stack**: ZeroClaw (Rust agent runtime, custom fork) + Node.js MCP server + SQLite FTS5 + Telegram bot.
+**Stack**: OpenClaw (Node.js agent runtime) + Node.js MCP server + SQLite FTS5 + Telegram bot.
 
 **Published as**: `limbo-ai` on npm — the CLI (`npx limbo-ai`) handles install, start, stop, update, and setup.
 
 ## High-Level Flow
 
 ```
-User (Telegram) → ZeroClaw Gateway (:18789) → LLM (configurable provider)
+User (Telegram) → OpenClaw Gateway (:18789) → LLM (configurable provider)
                                                     ↓
                                               MCP Tools (stdio)
                                                     ↓
@@ -26,8 +26,8 @@ User (Telegram) → ZeroClaw Gateway (:18789) → LLM (configurable provider)
 ```
 limbo/
 ├── cli.js                    # Main CLI (84KB) — install, start, stop, update, configure
-├── Dockerfile                # Multi-stage: deps → zeroclaw binary → runtime (node:22-slim)
-├── config.toml.template      # ZeroClaw config — rendered by entrypoint via envsubst
+├── Dockerfile                # Multi-stage: deps → runtime (node:22-slim)
+├── openclaw.json.template    # OpenClaw config — rendered by entrypoint via envsubst
 ├── docker-compose.yml        # Production reference (generated per-user into ~/.limbo)
 ├── docker-compose.dev.yml    # Local dev
 ├── docker-compose.test.yml   # Local testing
@@ -45,7 +45,7 @@ limbo/
 │       ├── store-file.js     # vault_store_file — binary files (images/PDFs) + linked note
 │       └── get-file.js       # vault_get_file — retrieve stored files as base64
 │
-├── workspace/                # Agent persona files (injected into ZeroClaw context)
+├── workspace/                # Agent persona files (injected into OpenClaw context)
 │   ├── system/               # Product-owned, root-owned, reset every boot
 │   │   ├── AGENTS.md         # Behavioral workflows and rules
 │   │   ├── TOOLS.md          # Tool usage instructions
@@ -64,7 +64,6 @@ limbo/
 │
 ├── scripts/
 │   ├── entrypoint.sh         # Container startup (13KB) — 12-stage orchestration
-│   ├── build-zeroclaw.sh     # Custom ZeroClaw image builder (multi-platform)
 │   └── install.sh            # Server provisioning (Ubuntu/Debian)
 │
 ├── evals/                    # End-to-end eval framework
@@ -81,7 +80,7 @@ limbo/
 ├── test/                     # Unit tests (node --test)
 │   ├── cli-filter.test.js
 │   ├── cli-auth.test.js
-│   ├── zeroclaw-migration.test.js
+│   ├── openclaw-migration.test.js
 │   ├── setup-server.test.js
 │   └── cli-wizard-parity.test.js
 │
@@ -90,36 +89,33 @@ limbo/
 └── squid/                    # Squid proxy config (for container network access)
 ```
 
-## Docker Build (3 stages)
+## Docker Build (2 stages)
 
 1. **deps** (node:22-slim) — `npm ci` + compile better-sqlite3 native addon
-2. **zeroclaw** — copies binary from custom image `ghcr.io/tomasward1/zeroclaw:<ver>-custom`
-3. **runtime** (node:22-slim) — non-root `limbo` user, copies app + binary + node_modules
+2. **runtime** (node:22-slim) — non-root `limbo` user, copies app + node_modules (OpenClaw included as npm dependency)
 
 **Data volume**: `/data` — contains vault/, db/, config/, logs/, backups/, memory/
 
-**Build arg**: `ZEROCLAW_IMAGE` — override to test custom ZeroClaw builds locally.
-
 ## Entrypoint Flow (scripts/entrypoint.sh)
 
 12-stage startup:
 1. Directory setup (`/data/*`)
-2. Secrets sync (`/run/secrets/` → `$ZEROCLAW_STATE_DIR/secrets/`)
+2. Secrets sync (`/run/secrets/` → `$OPENCLAW_STATE_DIR/secrets/`)
 3. First-run detection (presence of `.env` in /data)
 4. Setup wizard (if no `MODEL_PROVIDER` in .env → serve wizard on :18789)
 5. Workspace file seeding (templates → /data, system files symlinked)
-6. Config template rendering (envsubst on config.toml.template)
-7. Feature sections (Telegram, Voice, Web Search) conditionally appended to config.toml
+6. Config template rendering (envsubst on openclaw.json.template)
+7. Feature sections (Telegram, Voice, Web Search) conditionally merged into openclaw.json
 8. Auth profiles generation
 9. Migration runner
 10. FTS index build
 11. MCP server registration
-12. ZeroClaw launch
+12. OpenClaw launch
 
 ## MCP Server Details
 
 - **Protocol**: JSON-RPC 2.0 over stdio
-- **Invoked by ZeroClaw**: `node /app/mcp-server/index.js`
+- **Invoked by OpenClaw**: `node /app/mcp-server/index.js`
 - **Vault path**: `/data/vault/` (markdown files with YAML frontmatter)
 - **FTS database**: `/data/db/fts.db` (SQLite, WAL mode)
 - **Index**: In-memory hashmap of all vault notes, rebuilt on startup
@@ -145,18 +141,18 @@ topics:
 
 These are documented in the vault but rarely change:
 
-- **Extension = MCP tools, not ZeroClaw features**. New capabilities go in `mcp-server/tools/` as Node.js. Cargo features only for things that must compile into Rust (e.g., `rag-pdf`).
-- **Separate container, not plugin**. Limbo is a standalone Docker container, not an OpenClaw plugin.
+- **Extension = MCP tools, not OpenClaw core**. New capabilities go in `mcp-server/tools/` as Node.js.
+- **Separate container, not plugin**. Limbo is a standalone Docker container with OpenClaw as an npm dependency.
 - **System files reset on boot, user files persist**. AGENTS.md/TOOLS.md overwrite from image; SOUL.md/IDENTITY.md/USER.md survive across container restarts.
 - **Maps live in vault/maps/, notes in vault/notes/**. Separated to simplify `vault_update_map`.
-- **Feature integration pattern**: wizard toggle → secret file → env var → entrypoint appends TOML section.
+- **Feature integration pattern**: wizard toggle → secret file → env var → entrypoint merges JSON config section.
 - **Minimal .env triggers setup wizard**. Container detects first run by absence of `MODEL_PROVIDER`.
 
 ## Eval System
 
 - 20+ JSON test cases in `evals/cases/`
 - Each case: sends message via WebSocket, asserts on tool_called + response_matches + vault_state
-- Current baseline: 94.0% (FTS5 + ZeroClaw v0.6.3)
+- Current baseline: 94.0% (FTS5 + OpenClaw)
 - `node evals/cli.js run` → `compare --strict` → `promote`
 - Uses real LLM calls (costs tokens)
 
@@ -166,13 +162,13 @@ Key env vars (see `.env.example` for full list):
 - `MODEL_PROVIDER` — anthropic, openai, etc.
 - `TELEGRAM_ENABLED` — true/false
 - `LIMBO_PORT` — gateway port (default 18789)
-- `ZEROCLAW_STATE_DIR` — where ZeroClaw stores its state
+- `OPENCLAW_STATE_DIR` — where OpenClaw stores its state
 - `LIMBO_EVAL` — enables MCP tool call logging
 
 ## Testing
 
 ```bash
-npm test    # runs: cli-filter, cli-auth, zeroclaw-migration, setup-server, cli-wizard-parity
+npm test    # runs: cli-filter, cli-auth, openclaw-migration, setup-server, cli-wizard-parity
 ```
 
 Tests use Node.js built-in test runner (`node --test`).

package/README.md

@@ -15,7 +15,7 @@
 
 ---
 
-Limbo is a second brain with a conversational interface. It stores atomic notes in a local vault, searches them semantically, and maintains Maps of Content (MOCs) to keep knowledge navigable. Runs in a Docker container, accessible via Telegram or the ZeroClaw gateway.
+Limbo is a second brain with a conversational interface. It stores atomic notes in a local vault, searches them semantically, and maintains Maps of Content (MOCs) to keep knowledge navigable. Runs in a Docker container, accessible via Telegram or the OpenClaw gateway.
 
 ---
 
@@ -95,9 +95,9 @@ limbo config web-search --enable --api-key BSA_xxx  # Enable web search
 
 The setup wizard walks you through creating a Telegram bot and pairing it. Message your bot and Limbo responds — full agent with personality, memory logic, and vault tools.
 
-### ZeroClaw gateway
+### OpenClaw gateway
 
-Any [ZeroClaw](https://github.com/zeroclaw-labs/zeroclaw)-compatible client can connect via WebSocket:
+Any [OpenClaw](https://github.com/openclaw-ai/openclaw)-compatible client can connect via WebSocket:
 
 ```
 ws://localhost:18789
@@ -153,7 +153,7 @@ limbo config web-search --disable
 | Recommended | 1 GB | 1 | 5 GB |
 | With other services | 2 GB | 1 | 10 GB |
 
-Limbo uses ~35 MB at rest, peaks ~70 MB during cold starts. CPU usage is negligible.
+Limbo uses ~150 MB at rest, peaks ~300 MB during agent runs. CPU usage is negligible.
 
 ---
 
@@ -164,8 +164,8 @@ Limbo uses ~35 MB at rest, peaks ~70 MB during cold starts. CPU usage is negligi
 │              Docker Container           │
 │                                         │
 │  ┌─────────────┐    ┌────────────────┐  │
-│  │  ZeroClaw   │◄──►│  LLM (Claude   │  │
-│  │  daemon     │    │  or OpenAI)    │  │
+│  │  OpenClaw   │◄──►│  LLM (Claude   │  │
+│  │  gateway    │    │  or OpenAI)    │  │
 │  │  :18789     │    └────────┬───────┘  │
 │  └──────┬──────┘             │          │
 │         │           ┌────────▼───────┐  │
@@ -179,8 +179,8 @@ Limbo uses ~35 MB at rest, peaks ~70 MB during cold starts. CPU usage is negligi
 └─────────────────────────────────────────┘
 ```
 
-- **ZeroClaw** — Rust runtime (~5 MB RAM) handling connections, LLM routing, Telegram, and MCP tools
-- **MCP server** — Node.js vault read/write tools, spawned by ZeroClaw
+- **OpenClaw** — Node.js runtime (~150 MB) handling connections, LLM routing, Telegram, and MCP tools
+- **MCP server** — Node.js vault read/write tools, spawned by OpenClaw
 - **Vault** — plain markdown with YAML frontmatter, persisted in a Docker volume
 
 ---
@@ -215,7 +215,7 @@ Managed by `limbo start`, stored in `~/.limbo/.env`.
 | `AUTH_MODE` | `api-key` | `api-key` or `subscription` |
 | `MODEL_PROVIDER` | `anthropic` | `anthropic`, `openai`, `openai-codex`, or `openrouter` |
 | `MODEL_NAME` | `claude-sonnet-4-6` | Model to use |
-| `RUNTIME_REASONING_EFFORT` | `medium` | ZeroClaw `runtime.reasoning_effort` override |
+| `RUNTIME_REASONING_EFFORT` | `medium` | OpenClaw reasoning effort override |
 | `TELEGRAM_ENABLED` | `false` | Enable Telegram integration |
 | `VOICE_ENABLED` | `false` | Enable Groq voice transcription |
 | `WEB_SEARCH_ENABLED` | `false` | Enable Brave web search |
@@ -235,4 +235,21 @@ docker build -t limbo:dev . && docker compose up -d
 npm test
 ```
 
+### PR evals
+
+Standard PR validation should run from a staging-based worktree, not from your dirty repo checkout and not from a container that silently falls back to `latest`.
+
+```sh
+git fetch origin
+git worktree add -b codex/pr-242-eval /tmp/limbo-staging-eval-pr242 origin/staging
+git -C /tmp/limbo-staging-eval-pr242 merge --no-ff --no-edit origin/<pr-branch>
+docker build -t limbo:staging /tmp/limbo-staging-eval-pr242
+/tmp/limbo-staging-eval-pr242/evals/scripts/recreate-eval.sh
+```
+
+Notes:
+- The eval compose now fails fast unless `LIMBO_IMAGE` is explicitly set.
+- `evals/scripts/recreate-eval.sh` defaults to `limbo:staging` and verifies the recreated container is actually using that image.
+- Always validate the final container image with `docker inspect limbo-eval --format '{{.Config.Image}}'` before trusting eval or manual test results.
+
 See [CONTRIBUTING.md](./CONTRIBUTING.md) for release and deployment process.

package/SECURITY.md

@@ -10,14 +10,14 @@ Limbo runs inside a Docker container with the following hardening:
 - **Capabilities dropped**: All Linux capabilities are dropped (`cap_drop: ALL`)
 - **Process limit**: PID limit of 200 prevents fork bombs
 - **Loopback binding**: Gateway only listens on `127.0.0.1` — not exposed to LAN
-- **Writable paths**: Only `/data` (volume), `/home/limbo/.zeroclaw` (volume), `/tmp` (tmpfs), and `/home/limbo/.npm` (tmpfs) are writable
+- **Writable paths**: Only `/data` (volume), `/home/limbo/.openclaw` (volume), `/tmp` (tmpfs), and `/home/limbo/.npm` (tmpfs) are writable
 
 ## What Agents Can Access
 
 Inside the container, the AI agent can:
 
 - Read and write vault notes in `/data/vault/` (via MCP tools only)
-- Execute MCP tools registered through ZeroClaw native MCP (vault_search, vault_read, vault_write_note, vault_update_map)
+- Execute MCP tools registered through OpenClaw native MCP (vault_search, vault_read, vault_write_note, vault_update_map)
 - Search the web and fetch URLs (`web_search`, `web_fetch` — enabled for recommendations, link previews, etc.)
 - Respond to Telegram messages (if enabled, with pairing required)
 - Make network requests to AI provider APIs (Anthropic, OpenAI, OpenRouter)
@@ -36,7 +36,7 @@ Inside the container, the AI agent can:
 - **Access host filesystem**: Only the bind-mounted vault directory is accessible
 - **Spawn unlimited processes**: PID limit of 200
 
-## ZeroClaw Tool Policy
+## OpenClaw Tool Policy
 
 The agent runs with the most restrictive tool profile. On top of that:
 
@@ -57,18 +57,18 @@ API keys are stored as Docker Compose secrets:
 - **Not in environment**: Secrets are scrubbed from the process environment before the gateway starts
 - **Not in `docker inspect`**: Docker secrets don't appear in container inspect output
 - **`.env` file**: Only contains non-sensitive configuration (model provider, model name, language, etc.)
-- **Gateway auth**: ZeroClaw manages its own gateway authentication internally. All secrets (API keys, bot tokens) are scrubbed from the process environment before the daemon starts
+- **Gateway auth**: OpenClaw manages its own gateway authentication internally. All secrets (API keys, bot tokens) are scrubbed from the process environment before the daemon starts
 
-## ZeroClaw Security
+## OpenClaw Security
 
-Limbo uses ZeroClaw in a **personal assistant trust model** (one trusted operator per gateway). Key settings in `config.toml`:
+Limbo uses OpenClaw in a **personal assistant trust model** (one trusted operator per gateway). Key settings in `openclaw.json`:
 
-- `[gateway] host = "127.0.0.1"` — loopback only, no LAN exposure
-- `[gateway] allow_public_bind = false` — prevents binding to all interfaces
-- `[gateway.auth] mode = "token"` — all WebSocket clients must present a valid token
-- `[gateway.auth] token_file = "/run/secrets/gateway_token"` — reads auth token from Docker secret
-- `[session] dm_scope = "per-channel-peer"` — DM sessions are isolated per sender (when using Telegram)
-- `[channels.telegram] dm_policy = "pairing"` — unknown Telegram senders must be explicitly approved
+- `"host": "127.0.0.1"` — loopback only, no LAN exposure
+- `"allowPublicBind": false` — prevents binding to all interfaces
+- `"auth.mode": "token"` — all WebSocket clients must present a valid token
+- `"auth.tokenFile": "/run/secrets/gateway_token"` — reads auth token from Docker secret
+- `"session.dmScope": "per-channel-peer"` — DM sessions are isolated per sender (when using Telegram)
+- `"channels.telegram.dmPolicy": "pairing"` — unknown Telegram senders must be explicitly approved
 
 ## Network Access
 
@@ -105,4 +105,4 @@ If you discover a security vulnerability in Limbo:
 3. Include: description, reproduction steps, affected version, and impact assessment
 4. We will acknowledge within 48 hours and work on a fix
 
-For vulnerabilities in ZeroClaw itself, follow their responsible disclosure process at https://github.com/zeroclaw-labs/zeroclaw/security
+For vulnerabilities in OpenClaw itself, follow their responsible disclosure process at https://github.com/openclaw-ai/openclaw/security