Ulrich Diedrichsen
|
73ce95d9cc
|
feat(security): implement core security shield infrastructure (Phase 1)
Add foundational security components for rate limiting, intrusion detection,
and activity logging:
Core Components:
- Security event logging system (schema, logger, aggregator)
- Rate limiting with token bucket + sliding window algorithm
- IP blocklist/allowlist management with auto-expiration
- Security configuration schema with opt-out mode defaults
Features:
- JSONL security log files (/tmp/openclaw/security-*.jsonl)
- LRU cache-based rate limiter (10k entry limit, auto-cleanup)
- File-based IP blocklist storage (~/.openclaw/security/blocklist.json)
- Tailscale CGNAT range auto-allowlisted (100.64.0.0/10)
- Configurable rate limits per-IP, per-device, per-sender
- Auto-blocking rules with configurable duration
Configuration:
- New security config section in OpenClawConfig
- Enabled by default for new deployments (opt-out mode)
- Comprehensive defaults for VPS security
Related to: Security shield implementation plan
Part of: Phase 1 - Core Features
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
2026-01-30 11:11:48 +01:00 |
|