gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
clawsec/wiki/modules/nanoclaw-integration.md
T
David Abutbul 26af277afd feat(hermes-attestation-guardian): v0.1.0 release hardening (verify gate + trust policy + .mjs scan context) (#200) 
* feat(hermes-attestation-guardian): release v0.0.2 hardening

* docs(wiki): add v0.0.2 hardening update note

* docs: add Hermes support coverage to README and compatibility report

* fix(hermes-attestation-guardian): address baz review on crontab detection and doc dedup

* feat(wiki): add PR-200 skill feature/platform matrix

* docs(wiki): rewrite PR-200 matrix as narrative capability mapping

* docs(readme): add skill feature matrix with requested headers

* docs(readme): replace unknowns with mapped yes/no feature matrix

* docs: move NanoClaw and CI/CD details from README to wiki modules

* docs(readme): remove platform/suite sections and keep wiki module pointers

* docs(readme): refresh project structure to match current repo

* feat(hermes-attestation-guardian): add signed advisory feed verification pipeline

* feat(hermes-attestation-guardian): add advisory-gated guarded skill verification

* feat(hermes-attestation-guardian): add advisory scheduler helper and phase-3 parity docs

* docs(wiki): expand hermes attestation guardian capability coverage

* fix(pr-200): address Baz review findings across Hermes parity rollout

* test(sandbox): extend Hermes regression to cover feed, guarded verify, and advisory scheduler

* fix(pr-200): address Baz semver parsing and feed-state fallback visibility

* fix(ci): suppress shellcheck false positives in sandbox inline docker script

* fix(hermes-attestation-guardian): fail closed on unsupported advisory ranges

* fix(hermes-attestation-guardian): restore safe install verdict in sandbox

* fix(sandbox): capture guarded verify exit under set -e

* fix(semver): fail closed on malformed affected specifiers

* docs(readme): clarify hermes capability matrix wording

* refactor(feed): share signed artifact verification flow

* refactor(cron): share managed block helpers across setup scripts

* fix(feed): require checksum manifest artifacts when enabled

* chore(hermes-skill): relocate sandbox test, refresh docs, and add v0.1.0 release notes

* chore(docs): remove remaining hermes parity plan file

* chore(release): roll hermes-attestation-guardian to v0.1.0

* chore(release): remove standalone v0.1.0 release notes file

* docs(hermes): update README status to v0.1.0

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
2026-04-21 13:56:50 +03:00

127 lines
6.2 KiB
Markdown
Raw Permalink Blame History

# Module: NanoClaw Integration
## Responsibilities
- Port ClawSec advisory/signature logic into NanoClaw host+container architecture.
- Provide MCP tools that expose advisory checks, signature verification, and integrity monitoring.
- Maintain host-side cached advisory state with TLS/signature enforcement and IPC-triggered refresh.
- Protect critical NanoClaw files with baseline drift detection and hash-chained audit trails.
## Platform Support Summary (migrated from README)
ClawSec supports NanoClaw as a containerized WhatsApp-bot deployment model.
### `clawsec-nanoclaw` skill scope
- Location: `skills/clawsec-nanoclaw/`
- 9 MCP tools for advisory checks, package-safety checks, signature verification, and integrity monitoring.
- Automatic advisory feed refresh/caching on a recurring cadence.
- Platform filtering for NanoClaw-relevant advisories.
- IPC-based host/container communication model.
### NanoClaw advisory coverage
The feed and matching pipeline include NanoClaw-relevant terms:
- `NanoClaw`
- `WhatsApp-bot`
- `baileys`
Advisories can be explicitly platform-scoped via:
- `platforms: ["nanoclaw"]`
### Quick integration checklist
1. Copy skill files to the NanoClaw deployment.
2. Integrate MCP tools in the container runtime.
3. Configure host IPC handlers and advisory cache service.
4. Restart NanoClaw services.
Install guide:
- `skills/clawsec-nanoclaw/INSTALL.md`
## Key Files
- `skills/clawsec-nanoclaw/skill.json`: NanoClaw package contract and MCP tool registry.
- `skills/clawsec-nanoclaw/lib/signatures.ts`: secure fetch and Ed25519 verification primitives.
- `skills/clawsec-nanoclaw/lib/advisories.ts`: feed load and advisory matching helpers.
- `skills/clawsec-nanoclaw/host-services/advisory-cache.ts`: host cache manager.
- `skills/clawsec-nanoclaw/host-services/ipc-handlers.ts`: IPC request dispatch for advisory/signature tasks.
- `skills/clawsec-nanoclaw/host-services/skill-signature-handler.ts`: package signature verification service.
- `skills/clawsec-nanoclaw/guardian/integrity-monitor.ts`: baseline/diff/restore/audit engine.
- `skills/clawsec-nanoclaw/mcp-tools/*.ts`: container-side tool definitions.
## Public Interfaces
| Interface | Context | Notes |
| --- | --- | --- |
| `clawsec_check_advisories` | MCP tool | Lists advisories affecting installed skills. |
| `clawsec_check_skill_safety` | MCP tool | Returns install recommendation for a specific skill. |
| `clawsec_verify_skill_package` | MCP tool | Verifies detached package signature through host IPC. |
| `clawsec_check_integrity` | MCP tool | Runs integrity check, optional auto-restore for critical targets. |
| IPC task `verify_skill_signature` | Host service | Returns structured verification response with error codes. |
| IPC task `refresh_advisory_cache` | Host service | Refreshes signed advisory cache on demand. |
## Inputs and Outputs
Inputs/outputs are summarized in the table below.
| Type | Name | Location | Description |
| --- | --- | --- | --- |
| Input | Signed advisory feed | `https://clawsec.prompt.security/advisories/feed.json(.sig)` | Threat intelligence source for cache refresh. |
| Input | Package + signature files | Host filesystem paths | Pre-install package authenticity checks. |
| Input | Integrity policy | `guardian/policy.json` | Per-path mode and priority controls. |
| Output | Advisory cache | `/workspace/project/data/clawsec-advisory-cache.json` | Host-managed verified advisory data. |
| Output | Verification results | `/workspace/ipc/clawsec_results/*.json` | IPC response payload for tool calls. |
| Output | Integrity state | `.../soul-guardian/` | Baselines, snapshots, patches, quarantine, audit logs. |
## Configuration
| Setting | Default | Effect |
| --- | --- | --- |
| Feed URL | Hosted ClawSec advisory endpoint | Primary remote source for advisory cache manager. |
| Cache TTL | `5 minutes` | Controls staleness threshold before requiring refresh. |
| Fetch timeout | `10 seconds` | Limits host network wait time. |
| Allowed domains | `clawsec.prompt.security`, `prompt.security`, `raw.githubusercontent.com`, `github.com` | Restricts remote fetch targets. |
| Integrity policy modes | `restore`, `alert`, `ignore` | Controls automatic restoration and alert-only behavior. |
## Example Snippets
```ts
// host-side signature verification dispatch
const result = await deps.signatureVerifier.verify({
packagePath,
signaturePath,
publicKeyPem,
allowUnsigned: allowUnsigned || false,
});
```
```ts
// integrity monitor drift handling
if (baseline.mode === 'restore' && autoRestore) {
// quarantine modified file, restore approved snapshot, append audit event
}
```
## Edge Cases
- Disallowed domains or non-HTTPS URLs are blocked by security policy wrappers.
- Missing signature files can be tolerated only when `allowUnsigned` is explicitly set.
- IPC result waits can timeout, causing conservative block recommendations.
- Integrity engine refuses symlink operations to reduce path-redirection attacks.
- Audit-chain validation can detect tampering or corruption in historical records.
## Tests
| Test Scope | File/Path | Notes |
| --- | --- | --- |
| Type contracts | `skills/clawsec-nanoclaw/lib/types.ts` | Defines tool/IPC DB payload contracts. |
| Operational docs | `skills/clawsec-nanoclaw/docs/SKILL_SIGNING.md`, `skills/clawsec-nanoclaw/docs/INTEGRITY.md` | Describes verification/integrity usage patterns. |
| Cross-module behavior | Reuses suite verification patterns | Signature/checksum primitives ported from suite logic. |
## Source References
- skills/clawsec-nanoclaw/skill.json
- skills/clawsec-nanoclaw/lib/types.ts
- skills/clawsec-nanoclaw/lib/signatures.ts
- skills/clawsec-nanoclaw/lib/advisories.ts
- skills/clawsec-nanoclaw/host-services/advisory-cache.ts
- skills/clawsec-nanoclaw/host-services/ipc-handlers.ts
- skills/clawsec-nanoclaw/host-services/skill-signature-handler.ts
- skills/clawsec-nanoclaw/host-services/integrity-handler.ts
- skills/clawsec-nanoclaw/guardian/integrity-monitor.ts
- skills/clawsec-nanoclaw/guardian/policy.json
- skills/clawsec-nanoclaw/mcp-tools/advisory-tools.ts
- skills/clawsec-nanoclaw/mcp-tools/signature-verification.ts
- skills/clawsec-nanoclaw/mcp-tools/integrity-tools.ts
- skills/clawsec-nanoclaw/docs/SKILL_SIGNING.md
- skills/clawsec-nanoclaw/docs/INTEGRITY.md
Reference in New Issue View Git Blame Copy Permalink