Skip to content

feat(ape): add Agent Policy Engine extension #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Lightheartdevs merged 7 commits into from
Mar 16, 2026
Merged

feat(ape): add Agent Policy Engine extension #70

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
9b4be14
feat(ape): add Agent Policy Engine extension
Mar 8, 2026
7172903
feat(ape): add attribution to HLX_research_language upstream
Mar 9, 2026
b19a138
fix(ape): normalize path before startswith check in path_guard
Mar 9, 2026
46fdaf8
fix(ape): address security review findings
Mar 10, 2026
c13695d
Fix security issues in APE policy engine and redact LiveKit credentials
Mar 11, 2026
caf8757
Merge origin/main into feat/ape-policy-extension
Mar 11, 2026
aea1527
Remove python3/node from default policy allowlist
Mar 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions dream-server/config/ape/policy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# APE Policy Configuration
# Reload is automatic — edit this file and APE picks it up within ~30s.
#
# Intent classes: ExecuteCommand, WriteFile, ReadFile, NetworkFetch, SpawnAgent, Other
#
# Modes:
# allow — always permit
# deny — always block
# allowlist — permit only listed commands; optionally reject by regex pattern
# path_guard — permit writes only within allowed_paths

version: 1

intents:
ExecuteCommand:
mode: allowlist
allowed:
- ls
- cat
- grep
- find
- head
- tail
- wc
- echo
- pwd
- env
- which
- curl # allow curl but deny pipe-to-shell pattern below
- wget
deny_patterns:
- 'rm\s+-rf' # no recursive deletes
- '>\s*/dev/sd' # no raw disk writes
- 'curl[^|]+\|\s*sh' # no curl | sh
- 'wget[^|]+\|\s*sh' # no wget | sh
- 'bash\s+-i' # no interactive bash
- 'nc\s+.*-e' # no netcat reverse shells

WriteFile:
mode: path_guard
allowed_paths:
- /home/node/.openclaw/workspace
- /tmp/openclaw

ReadFile:
mode: allow

NetworkFetch:
mode: allow

SpawnAgent:
mode: allow

Other:
mode: allow

rate_limit:
requests_per_minute: 60
16 changes: 16 additions & 0 deletions dream-server/extensions/services/ape/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
FROM python:3.12-slim

WORKDIR /app

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY main.py .

RUN adduser --system --no-create-home ape

EXPOSE 7890

USER ape

CMD ["python", "main.py"]
35 changes: 35 additions & 0 deletions dream-server/extensions/services/ape/compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
services:
ape:
build:
context: ./extensions/services/ape
dockerfile: Dockerfile
container_name: dream-ape
restart: unless-stopped
security_opt:
- no-new-privileges:true
environment:
- APE_PORT=${APE_PORT:-7890}
- APE_POLICY_FILE=/config/policy.yaml
- APE_AUDIT_LOG=/data/ape/audit.jsonl
- APE_RATE_LIMIT_RPM=${APE_RATE_LIMIT_RPM:-60}
- APE_STRICT_MODE=${APE_STRICT_MODE:-false}
- APE_API_KEY=${APE_API_KEY:-}
volumes:
- ./config/ape:/config:ro
- ./data/ape:/data/ape
ports:
- "127.0.0.1:${APE_PORT:-7890}:7890"
deploy:
resources:
limits:
cpus: '0.5'
memory: 256M
reservations:
cpus: '0.1'
memory: 64M
healthcheck:
test: ["CMD", "curl", "-sf", "http://localhost:7890/health"]
interval: 30s
timeout: 5s
retries: 3
start_period: 10s
Loading
Loading