clawdstrike 0.2.5

Security guards and policy engine for AI agent execution
Documentation
# Strict Ruleset
# Maximum security with minimal permissions
version: "1.1.0"
name: Strict
description: Strict security rules with minimal permissions

guards:
  forbidden_path:
    patterns:
      # All default patterns plus more
      - "**/.ssh/**"
      - "**/id_rsa*"
      - "**/id_ed25519*"
      - "**/id_ecdsa*"
      - "**/.aws/**"
      - "**/.env"
      - "**/.env.*"
      - "**/.git-credentials"
      - "**/.gitconfig"
      - "**/.gnupg/**"
      - "**/.kube/**"
      - "**/.docker/**"
      - "**/.npmrc"
      - "**/.password-store/**"
      - "**/pass/**"
      - "**/.1password/**"
      - "/etc/shadow"
      - "/etc/passwd"
      - "/etc/sudoers"
      # Windows credential stores
      - "**/AppData/Roaming/Microsoft/Credentials/**"
      - "**/AppData/Local/Microsoft/Credentials/**"
      - "**/AppData/Roaming/Microsoft/Vault/**"
      # Windows registry hives
      - "**/NTUSER.DAT"
      - "**/NTUSER.DAT.*"
      - "**/Windows/System32/config/SAM"
      - "**/Windows/System32/config/SECURITY"
      - "**/Windows/System32/config/SYSTEM"
      # Windows certificate stores
      - "**/AppData/Roaming/Microsoft/SystemCertificates/**"
      # Registry export files
      - "**/*.reg"
      # Additional strict paths
      - "**/.vault/**"
      - "**/.secrets/**"
      - "**/credentials/**"
      - "**/private/**"
    exceptions: []

  egress_allowlist:
    allow: []  # No domains allowed by default
    block: []
    default_action: block

  secret_leak:
    patterns:
      - name: aws_access_key
        pattern: "AKIA[0-9A-Z]{16}"
        severity: critical
      - name: github_token
        pattern: "gh[ps]_[A-Za-z0-9]{36}"
        severity: critical
      - name: openai_key
        pattern: "sk-[A-Za-z0-9]{48}"
        severity: critical
      - name: anthropic_key
        pattern: "sk-ant-[A-Za-z0-9\\-]{95}"
        severity: critical
      - name: private_key
        pattern: "-----BEGIN\\s+(RSA\\s+)?PRIVATE\\s+KEY-----"
        severity: critical
      - name: npm_token
        pattern: "npm_[A-Za-z0-9]{36}"
        severity: critical
      - name: slack_token
        pattern: "xox[baprs]-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*"
        severity: critical
      - name: generic_api_key
        pattern: "(?i)(api[_\\-]?key|apikey)\\s*[:=]\\s*[A-Za-z0-9]{32,}"
        severity: error
    skip_paths:
      - "**/test/**"
      - "**/tests/**"

  patch_integrity:
    max_additions: 500
    max_deletions: 200
    require_balance: true
    max_imbalance_ratio: 5.0
    forbidden_patterns:
      - "(?i)disable[\\s_\\-]?(security|auth|ssl|tls)"
      - "(?i)skip[\\s_\\-]?(verify|validation|check)"
      - "(?i)rm\\s+-rf\\s+/"
      - "(?i)chmod\\s+777"
      - "(?i)eval\\s*\\("
      - "(?i)exec\\s*\\("
      - "(?i)reverse[_\\-]?shell"
      - "(?i)bind[_\\-]?shell"

  shell_command:
    enabled: true
    enforce_forbidden_paths: true

  mcp_tool:
    allow:
      - read_file
      - list_directory
      - search
      - grep
    block: []
    require_confirmation: []
    default_action: block
    max_args_size: 524288  # 512KB

  prompt_injection:
    enabled: true
    warn_at_or_above: suspicious
    block_at_or_above: suspicious
    max_scan_bytes: 200000

  jailbreak:
    enabled: true
    detector:
      block_threshold: 40
      warn_threshold: 15
      max_input_bytes: 200000
      session_aggregation: true

settings:
  fail_fast: true
  verbose_logging: false
  session_timeout_secs: 1800  # 30 minutes