Skip to content

docs: improve Claw Compactor integration + security notes #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
aeromomo wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: improve Claw Compactor integration + security notes #80

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@ One wallet, 41+ models, zero API keys.
| [Screenshots](#-screenshots) | See it in action |
| [Payment](#-payment) | x402 non-custodial USDC |
| [Configuration](#%EF%B8%8F-configuration) | Environment variables |
| [Compactor Integration](#-compactor-integration) | ClawRouter × Claw Compactor |
| [Security Notes](#-security-notes) | Secrets and wallet safety |
| [Troubleshooting](#-troubleshooting) | `doctor` AI-powered diagnostics |
| [vs OpenRouter](#-vs-openrouter) | Why ClawRouter wins |
| [Support](#-support) | Telegram, X, founders |
Expand Down Expand Up @@ -236,6 +238,33 @@ For basic usage, no configuration needed. For advanced options:

---

## 🦞 Compactor Integration

If you want maximum savings, pair ClawRouter with Claw Compactor.

- Claw Compactor reduces token volume (input size)
- ClawRouter reduces token unit cost ($/token)

Recommended order:

`Compactor -> ClawRouter -> Provider`

**Guide:** [docs/claw-compactor-integration.md](docs/claw-compactor-integration.md)

---

## 🔐 Security Notes

For operators and contributors, read the secrets policy before production use:

- no plaintext seed persistence
- token redaction in logs
- secure credential storage guidance

**Policy:** [docs/security-secrets.md](docs/security-secrets.md)

---

## 🥊 vs OpenRouter

| | OpenRouter / LiteLLM | ClawRouter |
Expand Down
86 changes: 86 additions & 0 deletions docs/claw-compactor-integration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
# ClawRouter × Claw Compactor Integration Guide

This guide explains how to combine:

- **ClawRouter** (model routing + payment)
- **Claw Compactor** (context compression)

Together, they reduce cost from two directions:

1. **Fewer tokens sent** (Compactor)
2. **Lower $/token paid** (Router)

---

## Why combine them?

ClawRouter alone optimizes model choice.
Claw Compactor alone optimizes context size.

Using both usually gives better savings than either one alone.

---

## Recommended order in request pipeline

```text
OpenClaw request
-> Claw Compactor (compress context)
-> ClawRouter (route to lowest-cost capable model)
-> Provider
```

Compaction should happen **before routing**, so router sees the real token footprint.

---

## Practical setup

1. Install and enable ClawRouter plugin
2. Install Claw Compactor in your workspace
3. Enable Compactor auto mode (or hook mode)
4. Keep ClawRouter on `auto` profile

---

## Validation checklist

Use the same workload and compare:

- Baseline: no compaction + fixed expensive model
- Router only
- Compactor only
- Router + Compactor

Track:

- input/output tokens
- effective $/request
- p95 latency
- task quality / regression rate

---

## Safety notes

- Keep compression deterministic and reversible where possible
- Do not compress secrets into logs or headers
- Audit tool-output compression for semantic loss before production rollout

---

## What ClawRouter already includes

ClawRouter contains built-in context compression layers inspired by Claw Compactor (dictionary, observation compression, dynamic codebook).

Use external Claw Compactor when you need:

- workspace-level file compression workflows
- custom memory/markdown compression policies
- explicit per-run savings reporting in chat

---

## Attribution

Parts of ClawRouter compression architecture are inspired by Claw Compactor design patterns.
58 changes: 58 additions & 0 deletions docs/security-secrets.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# Security: Secrets, Wallet Material, and Local State

This document defines secure defaults for ClawRouter operators and contributors.

## 1) Never persist seed material in plaintext

High-risk secrets must not be written to disk unencrypted:

- wallet mnemonic / seed phrase
- private keys
- exported wallet seeds
- long-lived API tokens

If persistence is required, use OS-backed secure storage (Keychain / Secret Service / KMS).

Comment on lines +5 to +15
Copy link

@coderabbitai coderabbitai bot Mar 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Verify how wallet material persistence/export is described across the repo.
rg -n -C2 'wallet\.key|/wallet export|mnemonic|seed phrase|private key|BLOCKRUN_WALLET_KEY'

Repository: BlockRunAI/ClawRouter

Length of output: 50378

🏁 Script executed:

#!/bin/bash
# Check if README exists and what it says about wallet persistence
if [ -f README.md ]; then
  echo "=== README lines 185-195 ==="
  sed -n '185,195p' README.md
  echo ""
  echo "=== README lines 205-215 ==="
  sed -n '205,215p' README.md
  echo ""
  echo "=== Checking for /wallet export documentation ==="
  grep -n -i "wallet.*export\|export.*wallet" README.md || echo "Not found in README"
fi

Repository: BlockRunAI/ClawRouter

Length of output: 1162

🏁 Script executed:

#!/bin/bash
# Check if wallet.key files are encrypted or plaintext by looking at auth.ts more closely
echo "=== Checking how wallet.key is actually written ==="
grep -A5 "writeFile.*WALLET_FILE\|writeFile.*wallet.key" src/auth.ts | head -20
echo ""
echo "=== Checking if any encryption is applied ==="
rg -n "encrypt|cipher|AES|bcrypt" src/auth.ts

Repository: BlockRunAI/ClawRouter

Length of output: 389

Policy contradicts actual wallet storage — plaintext files violate stated security requirement.

Lines 5-15 require high-risk secrets "must not be written to disk unencrypted" and recommend OS-backed secure storage (Keychain / Secret Service / KMS). However, README line 190 documents that wallet material is saved plaintext to ~/.openclaw/blockrun/wallet.key, and README line 211 advertises /wallet export to retrieve it. The implementation in src/auth.ts confirms this: writeFile(WALLET_FILE, derived.evmPrivateKey, { mode: 0o600 }) writes the EVM private key unencrypted, as does the mnemonic file—relying only on Unix file permissions (0o600), not encryption.

Either update the policy to document that plaintext storage with file-level permissions is an accepted exception, or implement actual encryption (Keychain on macOS, Secret Service on Linux, DPAPI on Windows) before this document is published.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@docs/security-secrets.md` around lines 5 - 15, The docs and code conflict:
src/auth.ts currently persists high-risk material (writeFile(WALLET_FILE,
derived.evmPrivateKey, and the mnemonic file) in plaintext with only 0o600
permissions while docs claim secrets must not be written unencrypted; fix by
replacing plain file writes in src/auth.ts (the writeFile calls that store
WALLET_FILE and mnemonic) with an OS-backed secure storage integration
(Keychain/SecretService/DPAPI) or a cross-platform library (e.g., keytar) so
private keys/mnemonics are stored encrypted in the OS credential store and
adjust the /wallet export flow to retrieve from that secure store, or
alternatively update the security-secrets.md policy to explicitly document the
accepted plaintext-on-disk exception and update README references to WALLET_FILE
and the /wallet export behavior to match that documented exception.

---

## 2) Token handling

- Read tokens from env at runtime
- Avoid printing tokens in logs
- Redact sensitive values in diagnostics and errors
- Prefer short-lived credentials when possible

---

## 3) File permissions are defense-in-depth, not primary protection

`chmod 600` is useful but **not sufficient** for critical key material.

Treat local files as potentially recoverable through:

- backups
- endpoint compromise
- misconfigured sync

---

## 4) Contributor checklist for security-sensitive PRs

Before merge:

- [ ] Secret-bearing files are avoided or encrypted
- [ ] Logs do not leak secrets
- [ ] New env vars are documented with risk level
- [ ] Fallback paths do not silently downgrade security
- [ ] Migration/cleanup steps exist for legacy insecure state

---

## 5) Incident response

If potential secret leakage is discovered:

1. Rotate impacted credentials immediately
2. Revoke/replace wallet material if applicable
3. Add temporary guardrails to block re-introduction
4. Publish a patch + security note