clawdstrike 0.2.5

Security guards and policy engine for AI agent execution
Documentation
# Default Ruleset
# Balanced security for AI agent execution
version: "1.1.0"
name: Default
description: Default security rules for AI agent execution

guards:
  forbidden_path:
    patterns:
      # SSH keys
      - "**/.ssh/**"
      - "**/id_rsa*"
      - "**/id_ed25519*"
      - "**/id_ecdsa*"
      # AWS credentials
      - "**/.aws/**"
      # Environment files
      - "**/.env"
      - "**/.env.*"
      # Git credentials
      - "**/.git-credentials"
      - "**/.gitconfig"
      # GPG keys
      - "**/.gnupg/**"
      # Kubernetes
      - "**/.kube/**"
      # Docker
      - "**/.docker/**"
      # NPM tokens
      - "**/.npmrc"
      # Password stores
      - "**/.password-store/**"
      - "**/pass/**"
      # 1Password
      - "**/.1password/**"
      # System paths (Unix)
      - "/etc/shadow"
      - "/etc/passwd"
      - "/etc/sudoers"
      # Windows credential stores
      - "**/AppData/Roaming/Microsoft/Credentials/**"
      - "**/AppData/Local/Microsoft/Credentials/**"
      - "**/AppData/Roaming/Microsoft/Vault/**"
      # Windows registry hives
      - "**/NTUSER.DAT"
      - "**/Windows/System32/config/SAM"
      - "**/Windows/System32/config/SECURITY"
      - "**/Windows/System32/config/SYSTEM"
    exceptions: []

  egress_allowlist:
    allow:
      # AI APIs
      - "*.openai.com"
      - "*.anthropic.com"
      # Code hosting
      - "api.github.com"
      - "github.com"
      - "*.githubusercontent.com"
      # Package registries
      - "*.npmjs.org"
      - "registry.npmjs.org"
      - "pypi.org"
      - "files.pythonhosted.org"
      - "crates.io"
      - "static.crates.io"
    block: []
    default_action: block

  secret_leak:
    patterns:
      - name: aws_access_key
        pattern: "AKIA[0-9A-Z]{16}"
        severity: critical
      - name: github_token
        pattern: "gh[ps]_[A-Za-z0-9]{36}"
        severity: critical
      - name: openai_key
        pattern: "sk-[A-Za-z0-9]{48}"
        severity: critical
      - name: private_key
        pattern: "-----BEGIN\\s+(RSA\\s+)?PRIVATE\\s+KEY-----"
        severity: critical
    skip_paths:
      - "**/test/**"
      - "**/tests/**"
      - "**/*_test.*"
      - "**/*.test.*"

  patch_integrity:
    max_additions: 1000
    max_deletions: 500
    require_balance: false
    max_imbalance_ratio: 10.0
    forbidden_patterns:
      - "(?i)disable[\\s_\\-]?(security|auth|ssl|tls)"
      - "(?i)skip[\\s_\\-]?(verify|validation|check)"
      - "(?i)rm\\s+-rf\\s+/"
      - "(?i)chmod\\s+777"

  shell_command:
    enabled: true
    enforce_forbidden_paths: true

  mcp_tool:
    allow: []
    block:
      - shell_exec
      - run_command
      - raw_file_write
      - raw_file_delete
    require_confirmation:
      - file_write
      - file_delete
      - git_push
    default_action: allow
    max_args_size: 1048576

settings:
  fail_fast: false
  verbose_logging: false
  session_timeout_secs: 3600