clawdstrike 0.2.5

Security guards and policy engine for AI agent execution
Documentation
# CI/CD Ruleset
# Designed for automated pipeline environments
version: "1.1.0"
name: CI/CD
description: Security rules for CI/CD pipeline environments

guards:
  forbidden_path:
    patterns:
      # Prevent access to CI secrets
      - "**/.github/secrets/**"
      - "**/.gitlab-ci-secrets/**"
      - "**/.circleci/secrets/**"
      # Standard sensitive paths
      - "**/.ssh/**"
      - "**/id_rsa*"
      - "**/id_ed25519*"
      - "**/.aws/**"
      - "**/.gnupg/**"
      - "/etc/shadow"
      - "/etc/passwd"
      # Windows credential stores
      - "**/AppData/Roaming/Microsoft/Credentials/**"
      - "**/AppData/Local/Microsoft/Credentials/**"
      - "**/AppData/Roaming/Microsoft/Vault/**"
      # Windows registry hives
      - "**/NTUSER.DAT"
      - "**/Windows/System32/config/SAM"
      - "**/Windows/System32/config/SECURITY"
      - "**/Windows/System32/config/SYSTEM"
    exceptions:
      # Allow reading workflow files
      - "**/.github/workflows/**"
      - "**/.gitlab-ci.yml"
      - "**/.circleci/config.yml"

  egress_allowlist:
    allow:
      # Package registries (essential for CI)
      - "*.npmjs.org"
      - "registry.npmjs.org"
      - "registry.yarnpkg.com"
      - "pypi.org"
      - "files.pythonhosted.org"
      - "crates.io"
      - "static.crates.io"
      - "rubygems.org"
      - "packagist.org"
      - "proxy.golang.org"
      - "storage.googleapis.com"
      # Container registries
      - "*.docker.io"
      - "*.docker.com"
      - "*.gcr.io"
      - "ghcr.io"
      - "*.ecr.aws"
      # Code hosting
      - "github.com"
      - "api.github.com"
      - "*.githubusercontent.com"
      - "gitlab.com"
      - "api.gitlab.com"
      # Build tools
      - "gradle.org"
      - "plugins.gradle.org"
      - "repo.maven.apache.org"
    block: []
    default_action: block

  secret_leak:
    patterns:
      - name: aws_access_key
        pattern: "AKIA[0-9A-Z]{16}"
        severity: critical
      - name: github_token
        pattern: "gh[ps]_[A-Za-z0-9]{36}"
        severity: critical
      - name: private_key
        pattern: "-----BEGIN\\s+(RSA\\s+)?PRIVATE\\s+KEY-----"
        severity: critical
      - name: docker_auth
        pattern: "(?i)docker[_\\-]?(password|token)\\s*[:=]"
        severity: critical
    skip_paths:
      - "**/test/**"
      - "**/tests/**"

  patch_integrity:
    max_additions: 5000
    max_deletions: 2500
    require_balance: false
    max_imbalance_ratio: 50.0
    forbidden_patterns:
      - "(?i)disable[\\s_\\-]?(security|auth|ssl|tls)"
      - "(?i)rm\\s+-rf\\s+/"
      - "(?i)chmod\\s+777"

  shell_command:
    enabled: true
    enforce_forbidden_paths: true

  mcp_tool:
    allow:
      - read_file
      - write_file
      - list_directory
      - run_tests
      - build
    block:
      - shell_exec
      - deploy_production
    require_confirmation: []
    default_action: block
    max_args_size: 5242880  # 5MB

settings:
  fail_fast: true
  verbose_logging: true
  session_timeout_secs: 1800  # 30 minutes (CI jobs should be fast)