mirror of
https://github.com/we-promise/sure.git
synced 2026-04-06 22:11:23 +00:00
ea49c988b9
* Guard docs workflow to upstream repo Agent-Logs-Url: https://github.com/jjmata/sure/sessions/230a651a-b564-49fa-9563-4986fc5f2c13 Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Limit docs workflow token permissions Agent-Logs-Url: https://github.com/jjmata/sure/sessions/230a651a-b564-49fa-9563-4986fc5f2c13 Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Add OpenClaw service to AI compose example * Adjust OpenClaw compose and Pipelock defaults * Keep OpenClaw gateway running when unconfigured * Include Ollama in external-assistant profile * Tidy up language/simplify names * Make `profile` name more explicit (local-ai) * Clarify `local-ai` is included in OpenClaw profile * Correct internal roting for OpenClaw --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com>
73 lines
1.8 KiB
YAML
73 lines
1.8 KiB
YAML
# Pipelock configuration for Docker Compose
|
|
# See https://github.com/luckyPipewrench/pipelock for full options.
|
|
#
|
|
# New in v2.0: trusted_domains, redirect profiles, attack simulation,
|
|
# security scoring, process sandbox, and enhanced tool poisoning detection.
|
|
# Run `pipelock simulate --config <file>` to test your config against 24 attack scenarios.
|
|
# Run `pipelock audit score --config <file>` for a security posture score (0-100).
|
|
|
|
version: 1
|
|
mode: balanced
|
|
|
|
# Trusted domains: allow services whose public DNS resolves to private IPs.
|
|
# Prevents SSRF scanner from blocking legitimate internal traffic.
|
|
# trusted_domains:
|
|
# - "api.internal.example.com"
|
|
# - "*.corp.example.com"
|
|
|
|
forward_proxy:
|
|
enabled: true
|
|
max_tunnel_seconds: 300
|
|
idle_timeout_seconds: 60
|
|
|
|
websocket_proxy:
|
|
enabled: false
|
|
max_message_bytes: 1048576
|
|
max_concurrent_connections: 128
|
|
scan_text_frames: true
|
|
allow_binary_frames: false
|
|
forward_cookies: false
|
|
strip_compression: true
|
|
max_connection_seconds: 3600
|
|
idle_timeout_seconds: 300
|
|
origin_policy: rewrite
|
|
|
|
dlp:
|
|
scan_env: true
|
|
include_defaults: true
|
|
|
|
response_scanning:
|
|
enabled: true
|
|
action: warn
|
|
include_defaults: true
|
|
|
|
mcp_input_scanning:
|
|
enabled: true
|
|
action: block
|
|
on_parse_error: block
|
|
|
|
mcp_tool_scanning:
|
|
enabled: true
|
|
action: warn
|
|
detect_drift: true
|
|
|
|
mcp_tool_policy:
|
|
enabled: false
|
|
action: warn
|
|
# Redirect profiles (v2.0): route matched tool calls to audited handler programs
|
|
# instead of blocking. The handler returns a synthetic MCP response.
|
|
# redirect_profiles:
|
|
# safe-fetch:
|
|
# exec: ["/pipelock", "internal-redirect", "fetch-proxy"]
|
|
# reason: "Route fetch calls through audited proxy"
|
|
|
|
mcp_session_binding:
|
|
enabled: true
|
|
unknown_tool_action: warn
|
|
|
|
tool_chain_detection:
|
|
enabled: true
|
|
action: warn
|
|
window_size: 20
|
|
max_gap: 3
|