let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: note session log disk access

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-17 19:30:40 +00:00
parent a7c0887f94
commit e71fa4a145
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/concepts/memory.md
View File

@@ -165,6 +165,7 @@ Notes:
- Session updates are debounced and indexed lazily on the next `memory_search` (or manual `clawdbot memory index`). - Session updates are debounced and indexed lazily on the next `memory_search` (or manual `clawdbot memory index`).
- Results still include snippets only; `memory_get` remains limited to memory files. - Results still include snippets only; `memory_get` remains limited to memory files.
- Session indexing is isolated per agent (only that agents session logs are indexed). - Session indexing is isolated per agent (only that agents session logs are indexed).
- Session logs live on disk (`~/.clawdbot/agents/<agentId>/sessions/*.jsonl`). Any process/user with filesystem access can read them, so treat disk access as the trust boundary. For stricter isolation, run agents under separate OS users or hosts.
### SQLite vector acceleration (sqlite-vec) ### SQLite vector acceleration (sqlite-vec)

8
docs/gateway/security.md
View File

@@ -52,6 +52,14 @@ When the audit prints findings, treat this as a priority order:
5. **Plugins/extensions**: only load what you explicitly trust. 5. **Plugins/extensions**: only load what you explicitly trust.
6. **Model choice**: prefer modern, instruction-hardened models for any bot with tools. 6. **Model choice**: prefer modern, instruction-hardened models for any bot with tools.
## Local session logs live on disk
Clawdbot stores session transcripts on disk under `~/.clawdbot/agents/<agentId>/sessions/*.jsonl`.
This is required for session continuity and (optionally) session memory indexing, but it also means
**any process/user with filesystem access can read those logs**. Treat disk access as the trust
boundary and lock down permissions on `~/.clawdbot` (see the audit section below). If you need
stronger isolation between agents, run them under separate OS users or separate hosts.
## Node execution (system.run) ## Node execution (system.run)
If a macOS node is paired, the Gateway can invoke `system.run` on that node. This is **remote code execution** on the Mac: If a macOS node is paired, the Gateway can invoke `system.run` on that node. This is **remote code execution** on the Mac: