openclaw/src/config/types.security.ts
google-labs-jules[bot] 29b2d8acdc Comprehensive strictly local hardening and enhancements
This commit completes the "Strictly Local" journey by adding several key features:
- Permanent `security.strictLocal` configuration key.
- Hardened Docker sandbox isolation (enforces `network: "none"`).
- Local compliance checks in `moltbot security audit`.
- Ollama health and model checks in `moltbot doctor`.
- Local CLI-based TTS support (offline speech).
- Skill vetting to prevent external URL leakage in strict mode.
- Documentation and unit tests for all new functionality.

Co-authored-by: samibs <1743891+samibs@users.noreply.github.com>
2026-01-28 12:46:51 +00:00

13 lines
407 B
TypeScript

export type SecurityConfig = {
/**
* If true, hardens the configuration for strictly local usage.
* - Disables update checks on start.
* - Disables diagnostics.
* - Clears model fallbacks.
* - Denies external tools (web_search, web_fetch, browser).
* - Enforces Docker network isolation for sandboxes.
* - Refuses to use cloud-based model providers.
*/
strictLocal?: boolean;
};