openclaw/gogcli
openclaw/gogcli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity
main
gogcli/internal/safetyprofile
History
Drew Burchfield 46900109e0
fix(safety): compile baked policy to code to resist binary tampering 
Compile baked safety-profile policies into generated hash switches so the raw allow/deny rule strings are no longer embedded as a patchable YAML blob.

Verification before merge:
- `go test ./cmd/bake-safety-profile ./internal/safetyprofile ./internal/cmd`
- `make lint`
- `./build-safe.sh safety-profiles/agent-safe.yaml -o bin/gog-agent-safe-review`
- `./build-safe.sh safety-profiles/readonly.yaml -o bin/gog-readonly-review`
- runtime block checks for agent-safe and readonly baked binaries

Co-authored-by: drewburchfield <drewburchfield@gmail.com>
2026-05-04 05:55:05 +01:00
..
hash.go fix(safety): compile baked policy to code to resist binary tampering 2026-05-04 05:55:05 +01:00
parse_test.go fix(safety): compile baked policy to code to resist binary tampering 2026-05-04 05:55:05 +01:00
parse.go fix(safety): compile baked policy to code to resist binary tampering 2026-05-04 05:55:05 +01:00
profile.go fix(safety): compile baked policy to code to resist binary tampering 2026-05-04 05:55:05 +01:00