Handbook
Security Model
Require approval for:
Default posture
- Local-first by default.
- Read-only before write.
- Proposal before execution.
- Template execution before raw execution.
- Human approval before irreversible actions.
- Redaction before evidence export.
Trust boundaries
| Boundary | Rule |
|---|---|
| Lenses | system of record for run/evidence/approval state |
| Blueprints | canonical policy and evidence expectations |
| LCDL | no arbitrary execution; governed reasoning only |
| Fleet | bearer token is powerful; expose templates to agents first |
| Hermes | memory is not governance |
| Factory | implementation output must be verified before acceptance |
| OpenClaw | chat is ingress/status unless policy explicitly allows approval |
Human gates
Require approval for:
- repo writes,
- Fleet job submission,
- external network calls outside configured endpoints,
- release/deploy actions,
- modification of Blueprints baseline,
- credential/provider changes,
- agent autonomy upgrades.
Redaction expectations
Evidence must not expose:
- bearer tokens,
- API keys,
.envcontents,- auth headers,
- private keys,
- raw sensitive user or customer data unless deliberately approved.