iven/zclaw_openfang
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
5121a3c599b4b5f512830477a47bb7a3fa510f97
zclaw_openfang/config/security.toml
iven e49ba4460b feat(security): add security configuration and tool validation 
Security Configuration:
- config/security.toml with shell_exec, file_read, file_write, web_fetch, browser, and mcp settings
- Command whitelist/blacklist for shell execution
- Path restrictions for file operations
- SSRF protection for web fetch

Tool Security Implementation:
- ShellSecurityConfig with whitelist/blacklist validation
- ShellExecTool with actual command execution
- Timeout and output size limits
- Security checks before command execution

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-24 03:10:32 +08:00

108 lines
2.0 KiB
TOML
Raw Blame History

# ZCLAW Security Configuration
# Controls which commands and operations are allowed
[shell_exec]
# Enable shell command execution
enabled = true
# Default timeout in seconds
default_timeout = 60
# Maximum output size in bytes
max_output_size = 1048576 # 1MB
# Whitelist of allowed commands
# If whitelist is non-empty, only these commands are allowed
allowed_commands = [
"git",
"npm",
"pnpm",
"node",
"cargo",
"rustc",
"python",
"python3",
"pip",
"ls",
"cat",
"echo",
"mkdir",
"rm",
"cp",
"mv",
"grep",
"find",
"head",
"tail",
"wc",
]
# Blacklist of dangerous commands (always blocked)
blocked_commands = [
"rm -rf /",
"dd",
"mkfs",
"format",
"shutdown",
"reboot",
"init",
"systemctl",
]
[file_read]
enabled = true
# Allowed directory prefixes (empty = allow all)
allowed_paths = []
# Blocked paths (always blocked)
blocked_paths = [
"/etc/shadow",
"/etc/passwd",
"~/.ssh",
"~/.gnupg",
]
[file_write]
enabled = true
# Maximum file size in bytes (10MB)
max_file_size = 10485760
# Blocked paths
blocked_paths = [
"/etc",
"/usr",
"/bin",
"/sbin",
"C:\\Windows",
"C:\\Program Files",
]
[web_fetch]
enabled = true
# Request timeout in seconds
timeout = 30
# Maximum response size in bytes (10MB)
max_response_size = 10485760
# Block internal/private IP ranges (SSRF protection)
block_private_ips = true
# Allowed domains (empty = allow all)
allowed_domains = []
# Blocked domains
blocked_domains = []
[browser]
# Browser automation settings
enabled = true
# Default page load timeout in seconds
page_timeout = 30
# Maximum concurrent sessions
max_sessions = 5
# Block access to internal networks
block_internal_networks = true
[mcp]
# MCP protocol settings
enabled = true
# Allowed MCP servers (empty = allow all)
allowed_servers = []
# Blocked MCP servers
blocked_servers = []
# Maximum tool execution time in seconds
max_tool_time = 300
Reference in New Issue View Git Blame Copy Permalink