Hardened governance baseline and OpenClaw configuration profiles for structured, bounded OpenClaw operation.
This repository provides a structured governance baseline (CGS) and hardened OpenClaw configuration profiles designed to reduce accidental tool-surface expansion and improve operational discipline.
The intent is to provide a mechanically enforceable baseline using documented OpenClaw configuration features.
This project is not:
- A security certification
- A sandbox replacement
- An adversarial isolation framework
- A multi-tenant protection system
It is a governance baseline built on documented OpenClaw controls.
- Tested against: OpenClaw
v2026.2.25 - Validation date:
2026-02-26
Current state: profile posture checks are implemented and passing; enforcement tests are partially complete. See
VERIFY.mdfor current PASS/NOT PROVEN status.
- Clone this repository.
- Copy secure profile:
profiles/openclaw.secure.profile.json5→~/.openclaw/openclaw.json
- Copy governance artifacts from
governance/into your OpenClaw workspace (if you use the governance bundle). - Restart OpenClaw.
- Run validation:
scripts/validate-governance.ps1
- Review:
VERIFY.mddocs/evidence/
- Explicit workspace pinning (
agents.defaults.workspace) - Workspace containment (
agents.defaults.workspaceOnly: true) - Explicit policy intent (
policy.allow,policy.deny) - Bash execution disabled (
commands.bash: false) - Config writes disabled (
commands.config: false)
No undocumented keys are intentionally required by this baseline.
Current VERIFY.md posture (as of latest run):
- Config/schema validation: NOT PROVEN
- Disallowed tool invocation: NOT PROVEN
- Workspace traversal containment: NOT PROVEN
- Secret scan: PASS
Evidence is available in docs/evidence/.
Release should be labeled "secure baseline" only when checks 1–4 are PASS.
Governance artifacts contain no embedded secrets by design.
Sensitive values must be provided by end users via:
- Environment variables (recommended), or
- Local-only OpenClaw config (
~/.openclaw/openclaw.json) not committed to git.
See docs/SECRET-HANDLING.md.
cosyn-openclaw is intentionally a baseline repository.
It must include only baseline-grade artifacts such as:
- Hardened reference profiles
- Governance baseline JSON artifacts
- Validation scripts and evidence workflow
- Documentation for secure onboarding and operation
It must not include strategic/private engine content, including:
- Full enforcement runtimes
- Adaptive governance engines
- Enterprise compliance systems
- Proprietary orchestration logic
- Commercial deployment frameworks
If any such content appears, it should be moved to private cosyn-core under explicit approval.
Controls rely on what the OpenClaw runtime officially supports. This repo does not guarantee protection against:
- Malicious local operators
- Compromised host systems
- Undocumented runtime behavior
Use this as a governance baseline, then validate in your own environment.
docs/INDEX.md— documentation entry pointVERIFY.md— current verification postureRELEASE_CHECKLIST.md— release readiness gateBOUNDARY_CHANGELOG.md— strategic boundary rollout notes
Licensed under the MIT License. See LICENSE.