You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Migrated from issue #114, originally opened by @Thalia325. Moved to a discussion for broader design conversation.
Related capability
Security & Governance (能守护)
Problem or motivation
ClawMaster has decent local single-user usability today, but from an enterprise deployment and production-governance perspective the security / governance baseline is incomplete. Concretely:
/api today relies primarily on a single shared service token, and still accepts the token via URL query parameters (e.g. serviceToken / token). This leaks tokens into browser history, into reverse-proxy / API gateway / WAF / APM logs, and into anything that captures shared links, triage notes, or terminal output — and makes per-user audit attribution impossible.
Dangerous operations do add an extra header check, but the underlying credential is still the same shared token. That makes today's model closer to "local admin mode" than "governable team mode," and violates least-privilege.
Configuration is still centered on plain JSON files. openclaw.json carries provider / channel configuration, and .clawmaster/settings.json is part of the same plaintext system. That means secrets and ordinary config aren't layered, backups / exports / migrations drag sensitive data along, there's no unified secret-storage abstraction, and nothing is set up to later adopt keychain / KMS / Vault.
Minimal RBAC and a unified audit-event model are missing. The system can't clearly answer: who changed the config, who enabled a given plugin / skill / MCP, who executed reset / restore / uninstall, and for any change — when, against which object, and whether it succeeded.
The Capabilities page is more "visibility" than "governance." It shows installed/enabled counts and runtime summaries, but lacks the metadata enterprise governance actually needs: owner, approval state, risk level, last-reviewed, last-changed-by, policy / scope / quota state.
The README already lists vault, RBAC, and spend caps as planned — the direction is recognized but implementation hasn't reached production-grade quality.
Proposed solution
Treat this as a single "enterprise security & governance baseline" initiative, phased.
Phase 1 — Immediately reduce risk
Fully remove query-string token support; do not allow serviceToken / token for authentication.
Support only Authorization: Bearer ... or an explicit header.
Separate dangerous-operation confirmation from ordinary API access — stop reusing a single shared token.
Update docs and the CLI / browser-open logic so no more token-carrying URLs get generated.
Define the boundary of sensitive fields: provider API keys, channel tokens, third-party access credentials, and other fields that must not live in ordinary JSON config.
Introduce a secret-storage abstraction: ordinary config stays in JSON, sensitive fields leave ordinary config, first version can be a local implementation with keychain / KMS / Vault later.
Extend the Capabilities page from a stats page to a governance page with: owner, source, approval state, risk level, last reviewed at, last changed by.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Related capability
Security & Governance (能守护)
Problem or motivation
ClawMaster has decent local single-user usability today, but from an enterprise deployment and production-governance perspective the security / governance baseline is incomplete. Concretely:
/apitoday relies primarily on a single shared service token, and still accepts the token via URL query parameters (e.g.serviceToken/token). This leaks tokens into browser history, into reverse-proxy / API gateway / WAF / APM logs, and into anything that captures shared links, triage notes, or terminal output — and makes per-user audit attribution impossible.Dangerous operations do add an extra header check, but the underlying credential is still the same shared token. That makes today's model closer to "local admin mode" than "governable team mode," and violates least-privilege.
Configuration is still centered on plain JSON files.
openclaw.jsoncarries provider / channel configuration, and.clawmaster/settings.jsonis part of the same plaintext system. That means secrets and ordinary config aren't layered, backups / exports / migrations drag sensitive data along, there's no unified secret-storage abstraction, and nothing is set up to later adopt keychain / KMS / Vault.Minimal RBAC and a unified audit-event model are missing. The system can't clearly answer: who changed the config, who enabled a given plugin / skill / MCP, who executed reset / restore / uninstall, and for any change — when, against which object, and whether it succeeded.
The
Capabilitiespage is more "visibility" than "governance." It shows installed/enabled counts and runtime summaries, but lacks the metadata enterprise governance actually needs: owner, approval state, risk level, last-reviewed, last-changed-by, policy / scope / quota state.The README already lists vault, RBAC, and spend caps as planned — the direction is recognized but implementation hasn't reached production-grade quality.
Proposed solution
Treat this as a single "enterprise security & governance baseline" initiative, phased.
Phase 1 — Immediately reduce risk
serviceToken/tokenfor authentication.Authorization: Bearer ...or an explicit header.Phase 2 — Establish minimal secret & permission abstractions
admin,operator,viewer.Phase 3 — Build governance & audit capability
Acceptance criteria
Alternatives considered
Beta Was this translation helpful? Give feedback.
All reactions