# Hardening Plan: Claude Code Complete Agent

Make this repo a demonstrable proof that Claude Code handles
OpenClaw's security challenges — not just a claim, but evidence.

## Context

`security/openclaw-security-assessment.md` documents 9 OpenClaw
CVEs and maps them to Claude Code mitigations. But the repo itself
doesn't yet demonstrate these mitigations. The hooks are demo
shell scripts, settings.json is basic, and no scan data exists.

## Tasks

### 1. Harden settings.json

Replace the demo allow/deny lists with a production-quality
permission model that maps to specific OpenClaw CVEs.

**Current state:** Basic glob patterns (`Bash(ls:*)`, `Bash(rm -rf *)`)
**Target state:** Scoped permissions with clear security rationale

File: `.claude/settings.json`

Reference: llm-security `reference-config-generator.mjs` output
for what Grade A looks like.

### 2. Upgrade hooks to production quality

The current `hooks/pre-tool-use.sh` and `hooks/post-tool-use.sh`
are demo bash scripts with grep-based pattern matching. Replace
with hooks that demonstrate real security patterns.

**Option A:** Document which llm-security hooks cover which CVEs
and recommend users install the llm-security plugin.

**Option B:** Include lightweight standalone hooks in this repo
that demonstrate the patterns (not the full llm-security suite).

Option A is more honest. Option B duplicates work.

Files: `hooks/`, `.claude/settings.json` (hook config)

### 3. Create CVE-to-mitigation mapping

Add a document that explicitly connects each OpenClaw CVE to
the specific Claude Code feature or configuration that prevents it.

| CVE | Attack | Claude Code defense | Where configured |
|-----|--------|-------------------|------------------|
| CVE-2026-22172 | Client self-declares scope | Single-user, no scope model | Architecture |
| CVE-2026-25253 | WebSocket hijack | No gateway/port | Architecture |
| CVE-2026-32048 | Sandbox child escape | Permission hooks | settings.json |
| CVE-2026-30741 | Prompt injection RCE | pre-prompt-inject-scan | llm-security plugin |
| ... | ... | ... | ... |

File: `security/cve-mitigation-map.md`

### 4. Run security scan and include results

Run `/security posture` and `/security scan` against the repo.
Include the results as documentation (not raw JSON — formatted
summary with grade).

File: `security/scan-results.md`

### 5. Update security/README.md

Add the new documents to the index. Rewrite the intro to
position the security/ directory as evidence, not just docs.

### 6. Update README.md security section

Reference the scan results and CVE mapping. The security section
should answer: "How do I know this is actually secure?"

## Verification

- [ ] `settings.json` has scoped permissions (not `Bash(*)`)
- [ ] Each OpenClaw CVE maps to a specific defense in this repo
- [ ] Security scan results included and show Grade B or higher
- [ ] README security section references evidence, not just claims
- [ ] All changes committed and pushed to Forgejo

## Estimated scope

6 files modified/created. One session. No dependencies added.