mirror of
https://github.com/qwibitai/nanoclaw.git
synced 2026-07-06 18:52:03 +08:00
3906104960
Rewrite docs/SECURITY.md against the real v2 codepaths: the actual buildMounts mount table, the allowReadWrite allowlist schema the mount validator enforces, and the true defaults (egress open, no CPU/mem limits, additional mounts blocked until an allowlist exists). Replace the deleted v1 perimeter (main/non-main groups, ephemeral containers, IPC authorization, /dev/null .env shadow, data/sessions path) with a v2 Trust Model built on user_roles and long-lived per-session containers. Drop the dangling /add-golden-registry reference. Mark docs/docker-sandboxes.md and docs/APPLE-CONTAINER-NETWORKING.md as v1-historical and update the docs/README.md portal rows. Remove the Apple Container native-runtime claims from README.md (no runtime seam exists; container-runtime.ts hardcodes docker). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
NanoClaw Documentation
The official documentation is at docs.nanoclaw.dev.
The files in this directory are original design documents and developer references. For the most current and accurate information, use the documentation site.
| This directory | Documentation site |
|---|---|
| SPEC.md | Architecture |
| SECURITY.md | Security model |
| REQUIREMENTS.md | Introduction |
| docker-sandboxes.md | v1-historical — reference only |
| APPLE-CONTAINER-NETWORKING.md | v1-historical — reference only |