clawshield-public/policy/examples/adaptive_crosslayer.yaml at master · SleuthCo/clawshield-public · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# Cross-Layer Adaptive Security Policy
# Demonstrates ClawShield's defense-in-depth integration between
# the proxy (Layer 1), firewall (Layer 2), and eBPF monitor (Layer 3).
#
# When enabled, security events from one layer automatically trigger
# defensive responses in other layers via the event bus.

default_action: deny

evaluation_timeout_ms: 150

max_message_bytes: 262144  # 256KB

# --- Access Control ---

allowlist:
  - chat.send
  - chat.stream
  - chat.cancel
  - tools.invoke
  - tools.list
  - agents.list
  - resources.list
  - resources.read

denylist:
  - shell.exec
  - system.raw
  - file.delete
  - db.raw_query
  - process.exec
  - eval

# --- Argument Filters ---

arg_filters:
  - tool: "chat.send"
    regex: "(api_key|password|token|secret)[^\\w]*[=:]?\\s*['\"]?[a-zA-Z0-9/+._-]{20,}['\"]?"
  - tool: "tools.invoke"
    regex: "(api_key|password|token|secret)[^\\w]*[=:]?\\s*['\"]?[a-zA-Z0-9/+._-]{20,}['\"]?"

# --- Security Scanners ---

vuln_scan:
  enabled: true
  rules:
    - sqli
    - ssrf
    - path_traversal
    - command_injection
    - xss

prompt_injection:
  enabled: true
  scan_requests: true
  scan_responses: true
  canary_tokens: true
  sensitivity: medium       # Starts at medium — adaptive controller can elevate to high
  trusted_response_tools:
    - "tools/list"
    - "resources/list"

malware_scan:
  enabled: true
  checks:
    - magic_bytes
    - entropy
    - signatures
    - archive_safety
    - script_detection
  entropy_threshold: 6.5
  max_decoded_size: 10485760

# --- Cross-Layer Adaptive Response ---
#
# The event bus connects all three security layers:
#   eBPF (Python) --> Unix Socket --> Proxy (Go) --> Firewall (Go)
#
# Rules define automatic reactions when events from one layer
# match trigger conditions.

adaptive:
  enabled: true
  socket_path: /tmp/clawshield-events.sock

  rules:
    # Rule 1: Privilege escalation detected by eBPF
    # → Elevate injection scanner sensitivity to "high" for 5 minutes
    - trigger:
        source: ebpf
        type: privesc
      action: elevate_sensitivity
      params:
        duration_seconds: 300

    # Rule 2: Suspicious command execution detected by eBPF
    # → Elevate injection scanner sensitivity (high severity only)
    - trigger:
        source: ebpf
        type: exec_suspicious
        min_severity: high
      action: elevate_sensitivity
      params:
        duration_seconds: 180

    # Rule 3: Port scan detected by eBPF
    # → Temporarily restrict domain access for 10 minutes
    - trigger:
        source: ebpf
        type: port_scan
      action: restrict_domains
      params:
        duration_seconds: 600

    # Rule 4: Multiple injection attempts blocked by proxy
    # → Switch default action to deny for 15 minutes (attack in progress)
    - trigger:
        source: proxy
        type: injection_blocked
        min_count: 3
        window_seconds: 60
      action: elevate_default_deny
      params:
        duration_seconds: 900

    # Rule 5: Malware detected in response by proxy
    # → Immediately switch to deny-by-default for 30 minutes
    - trigger:
        source: proxy
        type: malware_blocked
      action: elevate_default_deny
      params:
        duration_seconds: 1800