Security Overview

• Secrets at rest: AES-256-GCM encryption for all stored secrets. Never plaintext on disk.
• Password hashing: bcrypt/argon2 with tuned cost factors.
• Credential redaction: 14+ token format patterns detected and masked with SHA-256 before logging or display.
• Secret rotation: audit trails track every rotation event with timestamps and actor identity.

• Three auth modes: session cookie, magic-link bearer token, and API key bearer token.
• RBAC: role-based access control with scoped API keys.
• Session management: server-side session store with revocation support.
• Timing-safe comparison: all token comparisons use constant-time algorithms to prevent timing attacks.
• MFA support: admin sessions require multi-factor authentication.

• Rate limiting: sliding window at 60 req/min per endpoint class. Policy-based overrides available.
• Body size limits: enforced per route to prevent oversized payload attacks.
• ReDoS protection: input patterns validated against catastrophic backtracking.
• Idempotency keys: prevent duplicate operations from retry storms.

• Boundary markers: system prompts, user input, and tool results are separated with structured delimiters.
• Unicode normalization: input is normalized before processing to prevent homograph and zero-width character attacks.
• Tool result isolation: tool outputs are treated as untrusted data and never injected directly into system prompts.

• Per-plugin SSRF prevention: DNS pinning, private IP blocking, and redirect validation per plugin execution context.
• Sandbox toggle: plugins can run in sandboxed mode with restricted filesystem and network access.
• 4-tier security profiles: plugins are classified by risk level with corresponding execution constraints.
• Package validation: zip MIME verification, manifest parsing, entry file checks, and optional malware scanning.

• Security headers: CSP, X-Frame-Options, X-Content-Type-Options enforced on all responses.
• CORS: allowlist-based. Localhost-only in local mode, explicit origins in remote mode.
• CSRF protection: token-based CSRF prevention on all state-changing endpoints.
• Webhook signatures: HMAC verification on all incoming webhook payloads.

• Marketplace counter-signatures: plugin packages are signed by the marketplace after review. Agents verify the signature before install.
• Checksum verification: SHA-256 checksums validated on download and install.
• Signed download URLs: time-limited, HMAC-signed URLs for package delivery.
• Submission review pipeline: human review with 24-48 hour SLA before any plugin goes live.

• Capability drop: cap-drop ALL removes all Linux capabilities by default.
• seccomp/AppArmor: kernel-level syscall filtering for containerized deployments.
• Read-only filesystem: container root filesystem mounted read-only where possible.
• Non-root execution: all services run as unprivileged users inside containers.

• Audit logging: all security-relevant events logged with actor, action, resource, and timestamp.
• API key auth failures: tracked and rate-limited to detect brute force attempts.
• Security regression tests: automated test suite validates all controls on every deployment.
• Incident response: 6 runbooks served via API for common security scenarios.

Run these locally to verify the security posture of your ClawMagic instance.

pnpm audit              # dependency vulnerability scan
pnpm sast               # static analysis security testing
pnpm policy-check       # verify security policies
pnpm test:security      # run security test suite
pnpm test:integration   # end-to-end security validation