docs: add Station profiles security roadmap#346
Conversation
|
Codex review: needs maintainer review before merge. Reviewed June 24, 2026, 4:58 AM ET / 08:58 UTC. Summary Reproducibility: not applicable. This PR implements a feature roadmap/skeleton rather than fixing a reproducible current-main bug. Source inspection and comments verify current main lacks the Station/modelAccess surface and the PR is additive. Review metrics: 2 noteworthy metrics.
Root-cause cluster Members:
Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Merge the roadmap/skeleton only after maintainers explicitly accept the internal Station/modelAccess boundary; otherwise keep the docs roadmap and defer Do we have a high-confidence way to reproduce the issue? Not applicable: this PR implements a feature roadmap/skeleton rather than fixing a reproducible current-main bug. Source inspection and comments verify current main lacks the Station/modelAccess surface and the PR is additive. Is this the best way to solve the issue? Unclear: the staged docs and disabled skeleton are maintainable if maintainers want to bless this API seam. The safer alternative is to split docs from runtime code until the Station/modelAccess contract is approved. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 0301236b2752. Label changesLabel changes:
Label justifications:
Evidence reviewedSecurity concerns:
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
30ebfc8 to
27c0d91
Compare
Document the Station profile and modelAccess boundaries from issue openclaw#193 so future implementation PRs have reviewable phase gates. Co-authored-by: Cursor <cursoragent@cursor.com>
Scaffold the first buildable slice of the Station profile primitive from issue openclaw#193, matching the disabled-by-default skeleton style used elsewhere in the repo. internal/station provides: - StationProfile config struct with YAML parsing and validation - the AgentProfile boundary type (repo-owned command, Crabbox-supervised) - feature-gated phase enforcement (Gate) that returns clear "not yet enabled" errors until each roadmap phase is turned on - ModelAccessPolicy as a separate, audited field that is never sourced from env.allow, with AuthorizeModelAccess rejecting any gateway leaked through env.allow forwarding Nothing is enabled by default: profiles are inert unless explicitly enabled, and no station command, lifecycle, or live credential delivery is wired up yet (those land in later, separately reviewed phases). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Update the Station profiles roadmap status to reflect that internal/station now ships the disabled-by-default config primitive, agent-profile boundary, phase gates, and env.allow-separated modelAccess gating, while the CLI command and live credential delivery remain future phases. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
09be5ff to
d690067
Compare
|
@clawsweeper re-review Maintainer repair/proof update for current head Local validation passed after the modelAccess/env.allow boundary hardening: GitHub PR checks are now green on the same head: CI/Go, CI/Apple VZ, CI/Worker, CI/Scripts, CI/Docs, CI/Release Check, and Socket checks. Remaining maintainer note: this should still be treated as security/product-signoff gated unless ClawSweeper/maintainers accept the unwired Station/modelAccess skeleton and the hardened env boundary as sufficient for this roadmap PR. |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review Updated the PR body so it no longer presents this as docs-only. It now calls out the unwired |
|
@clawsweeper re-review Fixed the remaining source-reproducible finding: the roadmap Head: Local verification passed: Public CI is green across Go, Apple VZ, Worker, Scripts, Docs, and Release Check. |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review Checked current head The earlier
Current PR state has proof sufficient and green CI; remaining blocker should be maintainer/security signoff for the unwired Station/modelAccess seam, not the stale selector mismatch. |
|
Maintainer/security signoff for current head I am accepting this as an unwired internal skeleton and roadmap boundary, not as shipped Station runtime behavior:
Current validation: Public CI is green and merge state is clean. Merging with rebase, not squash. |
Summary
internal/stationpackage for parsing Station profiles, agent profile phase gates, and modelAccess policy checks.modelAccessexplicitly security-gated and separate from ordinaryenv.allowforwarding.agentprofile example so it is admitted byNewAgentProfile, with a regression test that extracts the roadmap YAML sample.Scope / merge note
This is a roadmap and internal skeleton PR. It does not wire Station profiles into the runtime path yet and should not be treated as closing the full Station/modelAccess product roadmap.
Because this introduces new security-boundary code under
internal/station, it still needs maintainer/security signoff even though current CI and local validation are green.Verification
Maintainer validation on current head
b0aeec9cc23c55d6b85f19d73af2da083e6a0158:GitHub checks are green on the same head: Go, Apple VZ, Worker, Scripts, Docs, Release Check, and Socket checks.
Refs #193.