securityclaw 0.0.1

package/bin/install-lib.mjs

@@ -0,0 +1,88 @@
+export function resolveInstallTarget(options = {}) {
+  const archivePath = typeof options.archivePath === "string" ? options.archivePath.trim() : "";
+  if (archivePath) {
+    return archivePath;
+  }
+
+  const npmSpec = typeof options.npmSpec === "string" ? options.npmSpec.trim() : "";
+  if (npmSpec) {
+    return npmSpec;
+  }
+
+  const packageName = typeof options.packageName === "string" ? options.packageName.trim() : "";
+  if (!packageName) {
+    throw new Error("SecurityClaw installer requires a package name or archive path.");
+  }
+
+  const packageVersion = typeof options.packageVersion === "string" ? options.packageVersion.trim() : "";
+  return packageVersion ? `${packageName}@${packageVersion}` : packageName;
+}
+
+export function buildInstallPlan(options = {}) {
+  const openclawBin = typeof options.openclawBin === "string" && options.openclawBin.trim()
+    ? options.openclawBin.trim()
+    : "openclaw";
+  const installTarget = resolveInstallTarget(options);
+  const restart = options.restart !== false;
+  const verify = options.verify !== false;
+
+  return [
+    [openclawBin, "plugins", "install", installTarget],
+    ...(restart ? [[openclawBin, "gateway", "restart"]] : []),
+    ...(verify ? [[openclawBin, "gateway", "status"]] : []),
+  ];
+}
+
+export function parseInstallArgs(argv = []) {
+  const options = {
+    restart: true,
+    verify: true,
+    dryRun: false,
+  };
+
+  for (let index = 0; index < argv.length; index += 1) {
+    const token = argv[index];
+    if (token === "--dry-run") {
+      options.dryRun = true;
+      continue;
+    }
+    if (token === "--no-restart") {
+      options.restart = false;
+      continue;
+    }
+    if (token === "--no-status") {
+      options.verify = false;
+      continue;
+    }
+    if (token === "--archive") {
+      const value = argv[index + 1];
+      if (!value) {
+        throw new Error("Missing value for --archive");
+      }
+      options.archivePath = value;
+      index += 1;
+      continue;
+    }
+    if (token === "--npm-spec") {
+      const value = argv[index + 1];
+      if (!value) {
+        throw new Error("Missing value for --npm-spec");
+      }
+      options.npmSpec = value;
+      index += 1;
+      continue;
+    }
+    if (token === "--openclaw-bin") {
+      const value = argv[index + 1];
+      if (!value) {
+        throw new Error("Missing value for --openclaw-bin");
+      }
+      options.openclawBin = value;
+      index += 1;
+      continue;
+    }
+    throw new Error(`Unknown install option: ${token}`);
+  }
+
+  return options;
+}

package/bin/securityclaw.mjs

@@ -0,0 +1,66 @@
+#!/usr/bin/env node
+
+import { readFileSync } from "node:fs";
+import { spawnSync } from "node:child_process";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+import { buildInstallPlan, parseInstallArgs } from "./install-lib.mjs";
+
+const ROOT = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
+const pkg = JSON.parse(readFileSync(path.join(ROOT, "package.json"), "utf8"));
+
+function printUsage() {
+  console.log(`SecurityClaw installer
+
+Usage:
+  securityclaw install [--dry-run] [--no-restart] [--no-status]
+  securityclaw install --archive <path-to-tgz>
+  securityclaw install --npm-spec <package@version>
+
+Examples:
+  npx securityclaw install
+  npx securityclaw install --dry-run
+`);
+}
+
+function runCommand(command, args, dryRun) {
+  const display = [command, ...args].map((part) => JSON.stringify(part)).join(" ");
+  console.log(display);
+  if (dryRun) {
+    return;
+  }
+
+  const result = spawnSync(command, args, {
+    cwd: ROOT,
+    stdio: "inherit",
+  });
+  if (result.status !== 0) {
+    process.exit(result.status ?? 1);
+  }
+}
+
+function main() {
+  const [command, ...rest] = process.argv.slice(2);
+  if (!command || command === "help" || command === "--help" || command === "-h") {
+    printUsage();
+    return;
+  }
+
+  if (command !== "install") {
+    console.error(`Unknown command: ${command}`);
+    printUsage();
+    process.exit(1);
+  }
+
+  const parsed = parseInstallArgs(rest);
+  const plan = buildInstallPlan({
+    packageName: pkg.name,
+    packageVersion: pkg.version,
+    ...parsed,
+  });
+
+  plan.forEach(([binary, ...args]) => runCommand(binary, args, parsed.dryRun));
+}
+
+main();

package/config/policy.default.yaml

@@ -0,0 +1,520 @@
+version: "1.0"
+policy_version: "2026-03-17"
+environment: "default"
+defaults:
+  approval_ttl_seconds: 900
+  persist_mode: "compat"
+hooks:
+  before_prompt_build:
+    enabled: true
+    timeout_ms: 40
+    fail_mode: "open"
+  before_tool_call:
+    enabled: true
+    timeout_ms: 50
+    fail_mode: "close"
+  after_tool_call:
+    enabled: true
+    timeout_ms: 50
+    fail_mode: "open"
+  tool_result_persist:
+    enabled: true
+    timeout_ms: 50
+    fail_mode: "close"
+  message_sending:
+    enabled: true
+    timeout_ms: 40
+    fail_mode: "open"
+policies:
+  - rule_id: "high-risk-command-block"
+    group: "execution_control"
+    control_domain: "execution_control"
+    title: "高危命令模式默认拦截"
+    description: "阻断删除、权限递归修改、下载后执行、提权和停用系统审计等高危命令模式。"
+    severity: "critical"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/high-risk-command"
+    enabled: true
+    priority: 320
+    decision: "block"
+    reason_codes:
+      - "HIGH_RISK_COMMAND_BLOCK"
+    match:
+      tool:
+        - "shell.exec"
+      tool_args_regex:
+        - '(^|\W)rm\s+-rf(\W|$)'
+        - '(^|\W)chmod\s+-R(\W|$)'
+        - '(curl|wget)\s+\S+\s*(\||&&)\s*(sh|bash)'
+        - '(^|\W)(sudo|doas|pkexec)\b'
+        - '(launchctl\s+unload|systemctl\s+(stop|disable))'
+
+  - rule_id: "untrusted-execution-challenge"
+    group: "execution_control"
+    control_domain: "execution_control"
+    title: "未受信输入驱动执行需审批"
+    description: "当未受信内容直接驱动执行类操作时，要求一次性、绑定 trace 的审批。"
+    severity: "high"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/untrusted-execution"
+    enabled: true
+    priority: 300
+    decision: "challenge"
+    reason_codes:
+      - "UNTRUSTED_EXECUTION_REQUIRES_APPROVAL"
+    approval_requirements:
+      ticket_required: true
+      approver_roles:
+        - "secops"
+        - "security-lead"
+      single_use: true
+      trace_binding: "trace"
+      ttl_seconds: 600
+    match:
+      trust_level:
+        - "untrusted"
+      tool_group:
+        - "execution"
+
+  - rule_id: "workspace-outside-write-block"
+    group: "data_access"
+    control_domain: "data_access"
+    title: "工作区外或系统目录写入删除默认拦截"
+    description: "阻断对工作区外和系统目录的写入、删除或覆盖类操作。"
+    severity: "critical"
+    owner: "platform-security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/outside-write"
+    enabled: true
+    priority: 280
+    decision: "block"
+    reason_codes:
+      - "OUTSIDE_WRITE_BLOCK"
+    match:
+      tool_group:
+        - "filesystem"
+      operation:
+        - "write"
+        - "delete"
+      resource_scope:
+        - "workspace_outside"
+        - "system"
+
+  - rule_id: "sensitive-directory-enumeration-challenge"
+    group: "data_access"
+    control_domain: "data_access"
+    title: "枚举敏感目录需审批"
+    description: "对凭据目录、个人内容目录、下载暂存区、浏览器资料目录和通信存储等高风险目录的枚举与搜索默认进入审批。"
+    severity: "high"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/sensitive-enumeration"
+    enabled: true
+    priority: 250
+    decision: "challenge"
+    reason_codes:
+      - "SENSITIVE_DIRECTORY_ENUMERATION_REQUIRES_APPROVAL"
+    approval_requirements:
+      approver_roles:
+        - "secops"
+      ttl_seconds: 600
+    match:
+      tool_group:
+        - "filesystem"
+      operation:
+        - "list"
+        - "search"
+      asset_labels:
+        - "credential"
+        - "personal_content"
+        - "download_staging"
+        - "browser_profile"
+        - "browser_secret_store"
+        - "communication_store"
+
+  - rule_id: "credential-path-access-challenge"
+    group: "credential_protection"
+    control_domain: "credential_protection"
+    title: "敏感凭据路径访问需审批"
+    description: "读取凭据目录、环境变量文件、密钥材料和云访问凭据时默认要求审批。"
+    severity: "critical"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/credential-path"
+    enabled: true
+    priority: 260
+    decision: "challenge"
+    reason_codes:
+      - "CREDENTIAL_PATH_ACCESS_REQUIRES_APPROVAL"
+    approval_requirements:
+      ticket_required: true
+      approver_roles:
+        - "secops"
+      ttl_seconds: 600
+    match:
+      tool_group:
+        - "filesystem"
+      operation:
+        - "read"
+        - "search"
+        - "list"
+      asset_labels:
+        - "credential"
+
+  - rule_id: "communication-store-access-challenge"
+    group: "data_access"
+    control_domain: "data_access"
+    title: "读取本地通信存储需审批"
+    description: "直接访问本地消息数据库、邮件存储和聊天历史目录时默认进入审批。"
+    severity: "high"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/communication-store"
+    enabled: true
+    priority: 255
+    decision: "challenge"
+    reason_codes:
+      - "COMMUNICATION_STORE_ACCESS_REQUIRES_APPROVAL"
+    approval_requirements:
+      approver_roles:
+        - "secops"
+      ttl_seconds: 600
+    match:
+      tool_group:
+        - "filesystem"
+      operation:
+        - "read"
+        - "search"
+        - "list"
+      asset_labels:
+        - "communication_store"
+
+  - rule_id: "public-network-egress-challenge"
+    group: "data_egress"
+    control_domain: "data_egress"
+    title: "访问公网接口需审批"
+    description: "访问公网、未知域、个人网盘或 paste 类站点时，至少要求显式审批。"
+    severity: "high"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/public-egress"
+    enabled: true
+    priority: 220
+    decision: "challenge"
+    reason_codes:
+      - "PUBLIC_EGRESS_REQUIRES_APPROVAL"
+    approval_requirements:
+      approver_roles:
+        - "secops"
+      ttl_seconds: 600
+    match:
+      tool_group:
+        - "network"
+      destination_type:
+        - "public"
+        - "personal_storage"
+        - "paste_service"
+
+  - rule_id: "sensitive-public-egress-block"
+    group: "data_egress"
+    control_domain: "data_egress"
+    title: "敏感数据向公网外发默认拦截"
+    description: "当请求命中客户、财务、PII、通信或密钥类数据标签时，禁止直接向公网外发。"
+    severity: "critical"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/sensitive-egress"
+    enabled: true
+    priority: 310
+    decision: "block"
+    reason_codes:
+      - "SENSITIVE_PUBLIC_EGRESS_BLOCK"
+    match:
+      tool_group:
+        - "network"
+      destination_type:
+        - "public"
+        - "personal_storage"
+        - "paste_service"
+      data_labels:
+        - "secret"
+        - "pii"
+        - "customer_data"
+        - "financial"
+        - "communications"
+
+  - rule_id: "sensitive-archive-challenge"
+    group: "data_egress"
+    control_domain: "data_egress"
+    title: "敏感内容归档导出需审批"
+    description: "对客户数据、财务资料、密钥或媒体资料进行归档、压缩或导出时要求审批。"
+    severity: "high"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/archive-export"
+    enabled: true
+    priority: 210
+    decision: "challenge"
+    reason_codes:
+      - "SENSITIVE_ARCHIVE_REQUIRES_APPROVAL"
+    approval_requirements:
+      approver_roles:
+        - "secops"
+      ttl_seconds: 600
+    match:
+      tool_group:
+        - "archive"
+      data_labels:
+        - "secret"
+        - "customer_data"
+        - "financial"
+        - "media"
+
+  - rule_id: "critical-control-plane-change-challenge"
+    group: "change_control"
+    control_domain: "change_control"
+    title: "关键控制面文件变更需审批"
+    description: "修改 CI/CD、部署、容器、Terraform、Kubernetes 或 IAM 相关文件时默认进入审批。"
+    severity: "critical"
+    owner: "platform-security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/control-plane-change"
+    enabled: true
+    priority: 240
+    decision: "challenge"
+    reason_codes:
+      - "CONTROL_PLANE_CHANGE_REQUIRES_APPROVAL"
+    approval_requirements:
+      ticket_required: true
+      approver_roles:
+        - "platform-security"
+      ttl_seconds: 900
+    match:
+      operation:
+        - "write"
+        - "delete"
+        - "modify"
+      path_glob:
+        - "**/.github/workflows/**"
+        - "**/Dockerfile"
+        - "**/*.tf"
+        - "**/k8s/**"
+        - "**/manifests/**"
+        - "**/deploy/**"
+        - "**/*secret*.yaml"
+        - "**/*iam*"
+
+  - rule_id: "email-content-access-challenge"
+    group: "data_access"
+    control_domain: "data_access"
+    title: "读取邮箱正文或附件需审批"
+    description: "邮箱正文、附件、搜索结果和批量导出默认纳入审批流。"
+    severity: "high"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/email-access"
+    enabled: true
+    priority: 180
+    decision: "challenge"
+    reason_codes:
+      - "EMAIL_CONTENT_ACCESS_REQUIRES_APPROVAL"
+    approval_requirements:
+      approver_roles:
+        - "secops"
+      ttl_seconds: 600
+    match:
+      tool_group:
+        - "email"
+      operation:
+        - "read"
+        - "search"
+        - "export"
+
+  - rule_id: "sms-content-access-challenge"
+    group: "data_access"
+    control_domain: "data_access"
+    title: "读取短信内容需审批"
+    description: "短信正文、会话历史、搜索结果和导出默认纳入审批流。"
+    severity: "high"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/sms-access"
+    enabled: true
+    priority: 185
+    decision: "challenge"
+    reason_codes:
+      - "SMS_CONTENT_ACCESS_REQUIRES_APPROVAL"
+    approval_requirements:
+      approver_roles:
+        - "secops"
+      ttl_seconds: 600
+    match:
+      tool_group:
+        - "sms"
+      operation:
+        - "read"
+        - "search"
+        - "export"
+        - "list"
+
+  - rule_id: "sms-otp-block"
+    group: "credential_protection"
+    control_domain: "credential_protection"
+    title: "读取短信验证码或登录通知默认拦截"
+    description: "命中 OTP、验证码或登录提醒等短信内容时直接拦截。"
+    severity: "critical"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/sms-otp"
+    enabled: true
+    priority: 305
+    decision: "block"
+    reason_codes:
+      - "SMS_OTP_ACCESS_BLOCK"
+    match:
+      tool_group:
+        - "sms"
+      data_labels:
+        - "otp"
+
+  - rule_id: "album-sensitive-read-challenge"
+    group: "data_access"
+    control_domain: "data_access"
+    title: "读取截图、扫描件或证件照片需审批"
+    description: "相册中的截图、录屏、扫描件、证件和 OCR 文本读取默认进入审批。"
+    severity: "high"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/album-sensitive-read"
+    enabled: true
+    priority: 175
+    decision: "challenge"
+    reason_codes:
+      - "ALBUM_SENSITIVE_READ_REQUIRES_APPROVAL"
+    approval_requirements:
+      approver_roles:
+        - "secops"
+      ttl_seconds: 600
+    match:
+      tool_group:
+        - "album"
+      tool_args_summary:
+        - "screenshot"
+        - "screen recording"
+        - "scan"
+        - "ocr"
+        - "id card"
+        - "passport"
+        - "截图"
+        - "录屏"
+        - "扫描"
+        - "证件"
+        - "发票"
+        - "合同"
+
+  - rule_id: "browser-credential-block"
+    group: "credential_protection"
+    control_domain: "credential_protection"
+    title: "读取浏览器 Cookie、密码库或历史数据库默认拦截"
+    description: "浏览器凭据、Cookie、自动填充、历史与下载数据库等高敏内容读取默认阻断。"
+    severity: "critical"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/browser-secret"
+    enabled: true
+    priority: 315
+    decision: "block"
+    reason_codes:
+      - "BROWSER_SECRET_ACCESS_BLOCK"
+    match:
+      tool_group:
+        - "browser"
+        - "filesystem"
+      operation:
+        - "read"
+        - "search"
+        - "list"
+      data_labels:
+        - "browser_secret"
+
+  - rule_id: "business-system-bulk-read-block"
+    group: "data_access"
+    control_domain: "data_access"
+    title: "业务系统批量读取默认拦截"
+    description: "CRM、ERP、HR、财务、工单与客服系统的批量读取或导出默认拦截。"
+    severity: "critical"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/business-bulk-read"
+    enabled: true
+    priority: 290
+    decision: "block"
+    reason_codes:
+      - "BUSINESS_SYSTEM_BULK_READ_BLOCK"
+    match:
+      tool_group:
+        - "business"
+      operation:
+        - "read"
+        - "search"
+        - "export"
+      min_record_count: 50
+
+  - rule_id: "break-glass-exception-challenge"
+    group: "approval_exception"
+    control_domain: "approval_exception"
+    title: "Break-glass 例外放行需单次审批"
+    description: "显式请求 break-glass 或策略例外时，要求工单、审批人角色和单次 trace 绑定。"
+    severity: "critical"
+    owner: "security"
+    playbook_url: "https://docs.securityclaw.local/playbooks/break-glass"
+    enabled: true
+    priority: 330
+    decision: "challenge"
+    reason_codes:
+      - "BREAK_GLASS_REQUIRES_APPROVAL"
+    approval_requirements:
+      ticket_required: true
+      approver_roles:
+        - "secops"
+        - "security-lead"
+      single_use: true
+      trace_binding: "trace"
+      ttl_seconds: 300
+    match:
+      tags:
+        - "break_glass"
+dlp:
+  on_dlp_hit: "sanitize"
+  patterns:
+    - name: "email"
+      type: "pii"
+      action: "mask"
+      regex: "[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,}"
+      flags: "ig"
+    - name: "api-key"
+      type: "secret"
+      action: "mask"
+      regex: "sk-[A-Za-z0-9]{10,}"
+    - name: "access-key"
+      type: "credential"
+      action: "mask"
+      regex: "AKIA[0-9A-Z]{16}"
+    - name: "bearer-token"
+      type: "token"
+      action: "remove"
+      regex: "Bearer\\s+[A-Za-z0-9._-]{12,}"
+    - name: "jwt"
+      type: "token"
+      action: "remove"
+      regex: "eyJ[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+"
+    - name: "private-key"
+      type: "credential"
+      action: "remove"
+      regex: "-----BEGIN(?: RSA| EC| OPENSSH| DSA)? PRIVATE KEY-----"
+    - name: "cookie-session"
+      type: "credential"
+      action: "mask"
+      regex: "(session(id)?|cookie)=[A-Za-z0-9._%+-]{12,}"
+      flags: "ig"
+    - name: "connection-string"
+      type: "credential"
+      action: "remove"
+      regex: "(postgres(ql)?|mysql|mongodb|redis|amqp):\\/\\/[^\\s\"']+"
+      flags: "ig"
+    - name: "internal-url"
+      type: "credential"
+      action: "mask"
+      regex: "https?:\\/\\/[A-Za-z0-9.-]+\\.(internal|corp|local)(:[0-9]+)?[^\\s\"']*"
+      flags: "ig"
+event_sink:
+  webhook_url: ""
+  timeout_ms: 3000
+  max_buffer: 100
+  retry_limit: 3