nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: fix security page P1s -- dmScope, heading style, roadmap language 

- Add missing per-peer dmScope value to isolation options
- Fix heading style: 3./4. -> 3)/4) for consistency with other numbered sections
- Add channel qualifier to 'Separate Numbers' heading (WhatsApp/Signal/Telegram)
- Remove roadmap speculation ('We may add readOnlyMode later')
This commit is contained in:
Vincent Koc 2026-03-30 09:46:57 +09:00
parent d3429e0c70
commit 169bbc82f2
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/gateway/security/index.md
View File

@ -505,6 +505,7 @@ Treat the snippet above as **secure DM mode**:
- Default: `session.dmScope: "main"` (all DMs share one session for continuity).
- Local CLI onboarding default: writes `session.dmScope: "per-channel-peer"` when unset (keeps existing explicit values).
- Secure DM mode: `session.dmScope: "per-channel-peer"` (each channel+sender pair gets an isolated DM context).
- Cross-channel peer isolation: `session.dmScope: "per-peer"` (each sender gets one session across all channels of the same type).
If you run multiple accounts on the same channel, use `per-account-channel-peer` instead. If the same person contacts you on multiple channels, use `session.identityLinks` to collapse those DM sessions into one canonical identity. See [Session Management](/concepts/session) and [Configuration](/gateway/configuration).
@ -919,22 +920,20 @@ Details: [Logging](/gateway/logging)
In group chats, only respond when explicitly mentioned.
### 3. Separate Numbers
### 3) Separate numbers (WhatsApp, Signal, Telegram)
Consider running your AI on a separate phone number from your personal one:
For phone-number-based channels, consider running your AI on a separate phone number from your personal one:
- Personal number: Your conversations stay private
- Bot number: AI handles these, with appropriate boundaries
### 4. Read-Only Mode (Today, via sandbox + tools)
### 4) Read-only mode (via sandbox + tools)
You can already build a read-only profile by combining:
You can build a read-only profile by combining:
- `agents.defaults.sandbox.workspaceAccess: "ro"` (or `"none"` for no workspace access)
- tool allow/deny lists that block `write`, `edit`, `apply_patch`, `exec`, `process`, etc.
We may add a single `readOnlyMode` flag later to simplify this configuration.
Additional hardening options:
- `tools.exec.applyPatch.workspaceOnly: true` (default): ensures `apply_patch` cannot write/delete outside the workspace directory even when sandboxing is off. Set to `false` only if you intentionally want `apply_patch` to touch files outside the workspace.