v2.0.0 — Runtime Guards + 30 New Patterns

What's New in v2.0.0

30 New Detection Patterns (190 → 220)

• Infrastructure attack patterns (18 patterns) — env variable injection, symlink traversal, Windows exec evasion, network/fetch misconfig, extended SSRF, bind/proxy misconfig
• Auth anti-patterns (4 patterns) — fail-open catch, string "undefined" coercion, partial identity matching, non-constant-time comparison
• Supply chain install patterns (4 patterns) — curl/wget/PowerShell pipe-to-shell, password-protected archive evasion
• Container misconfiguration (4 patterns) — home dir bind mount, root filesystem mount, seccomp/apparmor unconfined

5 Runtime Guard Modules

Drop-in security middleware for AI agent runtimes:

• SSRF Guard (guards/ssrf) — DNS pinning, IP blocklists (RFC 1918, loopback, link-local, CGNAT, IPv6), redirect validation
• Download Guard (guards/download) — body size caps, connection/response timeouts, content-type validation
• Exec Allowlist (guards/exec-allow) — default-deny execution, resolved binary path matching, env var filtering, evasion detection
• Path Traversal Validator (guards/fs-safe) — TOCTOU-safe file open, symlink validation, post-open inode verification
• Webhook Verifier (guards/webhook) — timing-safe HMAC verification for GitHub, Slack, Stripe + generic factory

Stats

• 220 detection patterns (was 190)
• 254 tests passing (was 123)
• 5 runtime guard modules (new)
• Full OWASP ASI mapping (ASI01–ASI10)

Research Foundation

All patterns trace to published research:

• OpenClaw vulnerability catalog (80+ security commits, 12 categories)
• ClawHavoc supply chain campaign (341 malicious skills)
• Gemini deep research analysis (45 sources, 8 CVEs)

See CHANGELOG.md for full details.