Merge pull request #15 from PredicateSystems/example_ssrf

example updated with policy-reload secret

Author: rcholic

examples/real-openclaw-demo/.env.example

@@ -13,3 +13,17 @@ SECURECLAW_VERBOSE=true
 
 # Optional: Slow mode for recording demos
 DEMO_SLOW_MODE=false
+
+# =============================================================================
+# Sidecar Security Configuration (v0.7.1+)
+# =============================================================================
+
+# Policy Reload Authentication: Bearer token required for /policy/reload endpoint
+# If set, requests must include: Authorization: Bearer <secret>
+# Leave empty to allow unauthenticated reloads (not recommended for production)
+PREDICATE_POLICY_RELOAD_SECRET=demo-reload-secret
+
+# SSRF Whitelist: Comma-separated list of host:port pairs to allow
+# These endpoints bypass SSRF protection (use for internal services)
+# Example: PREDICATE_SSRF_ALLOW=localhost:8080,internal-api:3000
+# PREDICATE_SSRF_ALLOW=

examples/real-openclaw-demo/Dockerfile.sidecar

@@ -2,6 +2,15 @@
 #
 # Uses Ubuntu 24.04 LTS which has GLIBC 2.39 (required by the sidecar binary).
 # Downloads the binary from GitHub releases - cached in Docker layers.
+#
+# CLI Options (v0.7.1+):
+#   --policy-reload-secret <SECRET>  : Require bearer token for /policy/reload
+#   --disable-policy-reload          : Disable /policy/reload endpoint (returns 404)
+#   --ssrf-allow <HOST:PORT>         : Whitelist host:port for SSRF bypass (repeatable)
+#
+# Environment Variables:
+#   PREDICATE_POLICY_RELOAD_SECRET   : Same as --policy-reload-secret
+#   LOCAL_IDP_SIGNING_KEY            : Key for local JWT signing
 
 FROM ubuntu:24.04
 

examples/real-openclaw-demo/docker-compose.playground.yml

@@ -26,6 +26,12 @@ services:
   # =========================================================================
   # Predicate Authority Sidecar - Run Time Assurance (RTA) Execution Proxy
   # =========================================================================
+  #
+  # Security Features (v0.7.1+):
+  #   --policy-reload-secret  : Require bearer token for /policy/reload endpoint
+  #   --disable-policy-reload : Disable /policy/reload entirely (returns 404)
+  #   --ssrf-allow            : Whitelist specific host:port for SSRF bypass
+  #
   predicate-sidecar:
     build:
       context: .
@@ -35,6 +41,8 @@ services:
     environment:
       # Demo signing key (replace in production)
       LOCAL_IDP_SIGNING_KEY: "demo-secret-key-replace-in-production-minimum-32-chars"
+      # Security: Require bearer token for policy reload (v0.7.1+)
+      PREDICATE_POLICY_RELOAD_SECRET: "${PREDICATE_POLICY_RELOAD_SECRET:-demo-reload-secret}"
     volumes:
       # Mount policy file (YAML or JSON supported)
       - ./policy.yaml:/app/policy.yaml:ro
@@ -47,6 +55,7 @@ services:
       --mode local_only
       --policy-file /app/policy.yaml
       --log-level info
+      --ssrf-allow predicate-sidecar:8000
       run
     healthcheck:
       test: ["CMD-SHELL", "curl -sf http://localhost:8000/health || exit 1"]

examples/real-openclaw-demo/docker-compose.yml

@@ -3,6 +3,12 @@ version: "3.8"
 services:
   # Predicate Authority Sidecar - Authorization Engine (Rust-based)
   # Builds from Dockerfile.sidecar which downloads binary from GitHub releases
+  #
+  # Security Features (v0.7.1+):
+  #   --policy-reload-secret  : Require bearer token for /policy/reload endpoint
+  #   --disable-policy-reload : Disable /policy/reload entirely (returns 404)
+  #   --ssrf-allow            : Whitelist specific host:port for SSRF bypass
+  #
   sidecar:
     build:
       context: .
@@ -11,8 +17,12 @@ services:
       - "8787:8787"
     environment:
       LOCAL_IDP_SIGNING_KEY: "demo-secret-key-replace-in-production-minimum-32-chars"
+      # Security: Require bearer token for policy reload (v0.7.1+)
+      PREDICATE_POLICY_RELOAD_SECRET: "${PREDICATE_POLICY_RELOAD_SECRET:-demo-reload-secret}"
     volumes:
       - ./policy.json:/etc/predicate/policy.json:ro
+    # Note: Security features are configured via environment variables (v0.7.1+)
+    # PREDICATE_POLICY_RELOAD_SECRET enforces bearer token auth on /policy/reload
     healthcheck:
       test: ["CMD-SHELL", "curl -sf http://localhost:8787/health || exit 1"]
       interval: 2s

examples/real-openclaw-demo/policy.yaml

@@ -46,6 +46,17 @@ metadata:
   compliance: ["SOC2", "GDPR"]
   default_posture: "deny"
 
+# ============================================================================
+# SSRF WHITELIST (v0.7.1+)
+# ============================================================================
+# Bypass SSRF protection for specific internal services.
+# Use sparingly - only for trusted internal endpoints that need direct access.
+#
+# ssrf_whitelist:
+#   - "internal-api:3000"
+#   - "metrics-service:9090"
+#   - "localhost:8080"
+
 # ============================================================================
 # DENY RULES - Explicit blocks (evaluated first, highest priority)
 # ============================================================================