nthfuncx/nanoclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update outdated documentation, add docs portal links

Browse Source 
- README.md: add docs.nanoclaw.dev link, point architecture and security
  references to documentation site
- CHANGELOG.md: add all releases from v1.1.0 through v1.2.21 (was only v1.2.0),
  link to full changelog on docs site
- docs/REQUIREMENTS.md: update multi-channel references (NanoClaw now supports
  WhatsApp, Telegram, Discord, Slack, Gmail), update RFS to reflect existing
  skills, fix deployment info (macOS + Linux)
- docs/SECURITY.md: generalize WhatsApp-specific language to channel-neutral
- docs/DEBUG_CHECKLIST.md: use Docker commands (default runtime) instead of
  Apple Container syntax, generalize WhatsApp references
- docs/README.md: new file pointing to docs.nanoclaw.dev as the authoritative
  source, with mapping table from local files to docs site pages

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
glifocat
2026-03-24 10:40:04 +01:00
parent deee4b2a96
commit 01b6258f59
6 changed files with 182 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/SECURITY.md
View File

@@ -7,7 +7,7 @@
| Main group | Trusted | Private self-chat, admin control |
| Non-main groups | Untrusted | Other users may be malicious |
| Container agents | Sandboxed | Isolated execution environment |
| WhatsApp messages | User input | Potential prompt injection |
| Incoming messages | User input | Potential prompt injection |
## Security Boundaries
@@ -76,7 +76,7 @@ Real API credentials **never enter containers**. Instead, the host runs an HTTP
5. Agents cannot discover real credentials — not in environment, stdin, files, or `/proc`
**NOT Mounted:**
- WhatsApp session (`store/auth/`) - host only
- Channel auth sessions (`store/auth/`) - host only
- Mount allowlist - external, never mounted
- Any credentials matching blocked patterns
- `.env` is shadowed with `/dev/null` in the project root mount
@@ -97,7 +97,7 @@ Real API credentials **never enter containers**. Instead, the host runs an HTTP
```
┌──────────────────────────────────────────────────────────────────┐
│ UNTRUSTED ZONE │
WhatsApp Messages (potentially malicious) │
Incoming Messages (potentially malicious)
└────────────────────────────────┬─────────────────────────────────┘
▼ Trigger check, input escaping