ronitchidara
|
874caa32bc
|
security: add gateway rate limiting and security warnings
- Implement token bucket rate limiter with per-client tracking
- Add configurable limits: unauthenticated (60/min), authenticated (unlimited)
- Add channel message rate limiting (200/min per channel)
- Implement exponential backoff after auth failures (1s base, 60s max)
- Add startup security warnings for non-loopback binding without auth
- Add GatewayRateLimitConfig type to config schema
- All settings configurable via gateway.rateLimit in clawdbot.json
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2026-01-28 16:55:04 +05:30 |
|
ronitchidara
|
9d26cd5db2
|
security: integrate secrets-manager with all token stores
- Discord: secrets-manager as Priority 1 source, added "secrets" token source type
- Telegram: secrets-manager as Priority 1 source, added "secrets" token source type
- Slack: secrets-manager as Priority 1 source for both bot and app tokens
- WhatsApp: encrypted credentials support (.enc files) via readPossiblyEncryptedFile
- Added file encryption utilities: encryptFile, decryptFile, writePossiblyEncryptedFile
- Added migrateWebCredsToEncrypted() for WhatsApp credential migration
- All token tests updated with skipSecrets option for isolation testing
Priority order for all token resolution:
1. Secure secrets storage (keychain/encrypted file)
2. Config file (existing behavior)
3. Environment variables (default account only)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2026-01-28 16:55:04 +05:30 |
|