gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
58b092d6d04665553cf12ff8075ad3285f01b3a9
clawsec/wiki/glossary.md
T
davida-ps cbc484faf3 Add comprehensive documentation for ClawSec modules and workflows (#75) 
- Introduced glossary for key terms and definitions related to security advisories, skill packaging, and CI/CD processes.
- Documented the Automation and Release Pipelines module, detailing responsibilities, key files, public interfaces, and configuration.
- Added ClawSec Suite Core module documentation, outlining its responsibilities, key files, public interfaces, and configuration.
- Created Frontend Web App module documentation, covering responsibilities, key files, public interfaces, and configuration.
- Added Local Validation and Packaging Tools module documentation, detailing responsibilities, key files, public interfaces, and configuration.
- Documented NanoClaw Integration module, including responsibilities, key files, public interfaces, and configuration.
- Introduced an overview of ClawSec, including purpose, repo layout, entry points, key artifacts, and workflows.
- Added a Security section outlining the security model, cryptographic controls, runtime enforcement, and incident playbooks.
- Created a Testing section detailing the testing strategy, verification layers, CI workflow coverage, and local testing commands.
- Documented the Workflow section, covering the end-to-end lifecycle, primary workflow map, local operator workflow, and operational risks.
2026-02-25 21:44:51 +02:00

2.9 KiB
Raw Blame History

Glossary

Terms

Term Definition
Advisory Feed JSON document (feed.json) containing security advisories for skills/platforms.
Affected Specifier Skill selector such as skill@1.2.3, wildcard, or range used in matching logic.
Guarded Install Two-step installer behavior that requires explicit confirmation when advisories match.
SBOM Files Skill-declared artifact list in skill.json used for packaging and validation.
Detached Signature Base64 signature file (.sig) stored separately from signed payload.
Checksum Manifest File hash map (checksums.json) used to verify payload integrity.

Skill Packaging Terms

Term Definition
Skill Tag Git tag formatted as <skill>-v<semver> used by release automation.
Release Assets Files attached to GitHub release (zip, skill.json, checksums, signatures).
Catalog Index public/skills/index.json, generated list consumed by web catalog.
Embedded Components Capability bundle from one skill included in another (for example feed embedded in suite).

Advisory and Security Terms

Term Definition
Fail-Closed Verification Reject payload if signature or checksum validation fails.
Unsigned Compatibility Mode Temporary bypass path enabled via CLAWSEC_ALLOW_UNSIGNED_FEED=1.
Suppression Rule Config entry matching checkId and skill to suppress known/accepted findings.
Key Fingerprint SHA-256 digest of DER-encoded public key used for key consistency checks.

Runtime and Platform Terms

Term Definition
OpenClaw Hook Runtime event handler (clawsec-advisory-guardian) that checks advisories.
NanoClaw IPC Host/container task exchange for advisory refresh, signature verification, integrity checks.
Integrity Baseline Stored approved hashes/snapshots for protected files.
Hash-Chained Audit Log Append-only audit log where each entry depends on prior hash.

CI/CD Terms

Term Definition
Poll NVD CVEs Workflow Scheduled workflow that fetches and transforms NVD CVEs into advisories.
Community Advisory Workflow Issue-label-triggered workflow that publishes approved community advisories.
Skill Release Workflow Tag-triggered packaging/signing/publishing pipeline for skills.
Deploy Pages Workflow Workflow that builds site assets and mirrors release/advisory artifacts.

Source References

  • types.ts
  • skills/clawsec-suite/skill.json
  • skills/clawsec-nanoclaw/skill.json
  • skills/clawsec-suite/scripts/guarded_skill_install.mjs
  • skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/feed.mjs
  • skills/clawsec-suite/hooks/clawsec-advisory-guardian/lib/suppression.mjs
  • skills/clawsec-nanoclaw/guardian/integrity-monitor.ts
  • scripts/populate-local-feed.sh
  • .github/workflows/poll-nvd-cves.yml
  • .github/workflows/community-advisory.yml
  • .github/workflows/skill-release.yml
  • .github/workflows/deploy-pages.yml
Reference in New Issue View Git Blame Copy Permalink