diff --git a/examples/real-openclaw-demo/.env.example b/examples/real-openclaw-demo/.env.example index 61a376a..bcf7c90 100644 --- a/examples/real-openclaw-demo/.env.example +++ b/examples/real-openclaw-demo/.env.example @@ -13,3 +13,17 @@ SECURECLAW_VERBOSE=true # Optional: Slow mode for recording demos DEMO_SLOW_MODE=false + +# ============================================================================= +# Sidecar Security Configuration (v0.7.1+) +# ============================================================================= + +# Policy Reload Authentication: Bearer token required for /policy/reload endpoint +# If set, requests must include: Authorization: Bearer +# Leave empty to allow unauthenticated reloads (not recommended for production) +PREDICATE_POLICY_RELOAD_SECRET=demo-reload-secret + +# SSRF Whitelist: Comma-separated list of host:port pairs to allow +# These endpoints bypass SSRF protection (use for internal services) +# Example: PREDICATE_SSRF_ALLOW=localhost:8080,internal-api:3000 +# PREDICATE_SSRF_ALLOW= diff --git a/examples/real-openclaw-demo/Dockerfile.sidecar b/examples/real-openclaw-demo/Dockerfile.sidecar index ff15dc2..461d126 100644 --- a/examples/real-openclaw-demo/Dockerfile.sidecar +++ b/examples/real-openclaw-demo/Dockerfile.sidecar @@ -2,6 +2,15 @@ # # Uses Ubuntu 24.04 LTS which has GLIBC 2.39 (required by the sidecar binary). # Downloads the binary from GitHub releases - cached in Docker layers. +# +# CLI Options (v0.7.1+): +# --policy-reload-secret : Require bearer token for /policy/reload +# --disable-policy-reload : Disable /policy/reload endpoint (returns 404) +# --ssrf-allow : Whitelist host:port for SSRF bypass (repeatable) +# +# Environment Variables: +# PREDICATE_POLICY_RELOAD_SECRET : Same as --policy-reload-secret +# LOCAL_IDP_SIGNING_KEY : Key for local JWT signing FROM ubuntu:24.04 diff --git a/examples/real-openclaw-demo/docker-compose.playground.yml b/examples/real-openclaw-demo/docker-compose.playground.yml index bb42f5c..684d6c0 100644 --- a/examples/real-openclaw-demo/docker-compose.playground.yml +++ b/examples/real-openclaw-demo/docker-compose.playground.yml @@ -26,6 +26,12 @@ services: # ========================================================================= # Predicate Authority Sidecar - Run Time Assurance (RTA) Execution Proxy # ========================================================================= + # + # Security Features (v0.7.1+): + # --policy-reload-secret : Require bearer token for /policy/reload endpoint + # --disable-policy-reload : Disable /policy/reload entirely (returns 404) + # --ssrf-allow : Whitelist specific host:port for SSRF bypass + # predicate-sidecar: build: context: . @@ -35,6 +41,8 @@ services: environment: # Demo signing key (replace in production) LOCAL_IDP_SIGNING_KEY: "demo-secret-key-replace-in-production-minimum-32-chars" + # Security: Require bearer token for policy reload (v0.7.1+) + PREDICATE_POLICY_RELOAD_SECRET: "${PREDICATE_POLICY_RELOAD_SECRET:-demo-reload-secret}" volumes: # Mount policy file (YAML or JSON supported) - ./policy.yaml:/app/policy.yaml:ro @@ -47,6 +55,7 @@ services: --mode local_only --policy-file /app/policy.yaml --log-level info + --ssrf-allow predicate-sidecar:8000 run healthcheck: test: ["CMD-SHELL", "curl -sf http://localhost:8000/health || exit 1"] diff --git a/examples/real-openclaw-demo/docker-compose.yml b/examples/real-openclaw-demo/docker-compose.yml index ec374d2..c1dd851 100644 --- a/examples/real-openclaw-demo/docker-compose.yml +++ b/examples/real-openclaw-demo/docker-compose.yml @@ -3,6 +3,12 @@ version: "3.8" services: # Predicate Authority Sidecar - Authorization Engine (Rust-based) # Builds from Dockerfile.sidecar which downloads binary from GitHub releases + # + # Security Features (v0.7.1+): + # --policy-reload-secret : Require bearer token for /policy/reload endpoint + # --disable-policy-reload : Disable /policy/reload entirely (returns 404) + # --ssrf-allow : Whitelist specific host:port for SSRF bypass + # sidecar: build: context: . @@ -11,8 +17,12 @@ services: - "8787:8787" environment: LOCAL_IDP_SIGNING_KEY: "demo-secret-key-replace-in-production-minimum-32-chars" + # Security: Require bearer token for policy reload (v0.7.1+) + PREDICATE_POLICY_RELOAD_SECRET: "${PREDICATE_POLICY_RELOAD_SECRET:-demo-reload-secret}" volumes: - ./policy.json:/etc/predicate/policy.json:ro + # Note: Security features are configured via environment variables (v0.7.1+) + # PREDICATE_POLICY_RELOAD_SECRET enforces bearer token auth on /policy/reload healthcheck: test: ["CMD-SHELL", "curl -sf http://localhost:8787/health || exit 1"] interval: 2s diff --git a/examples/real-openclaw-demo/policy.yaml b/examples/real-openclaw-demo/policy.yaml index b447249..ea4893d 100644 --- a/examples/real-openclaw-demo/policy.yaml +++ b/examples/real-openclaw-demo/policy.yaml @@ -46,6 +46,17 @@ metadata: compliance: ["SOC2", "GDPR"] default_posture: "deny" +# ============================================================================ +# SSRF WHITELIST (v0.7.1+) +# ============================================================================ +# Bypass SSRF protection for specific internal services. +# Use sparingly - only for trusted internal endpoints that need direct access. +# +# ssrf_whitelist: +# - "internal-api:3000" +# - "metrics-service:9090" +# - "localhost:8080" + # ============================================================================ # DENY RULES - Explicit blocks (evaluated first, highest priority) # ============================================================================