ArchitectureSecurity Architecture

Security Architecture

Security Module Architecture

Version: v0.7.0
Last Updated: 2026-01-22
Namespace: src/security/, src/auth/, src/ai/sql/
Status: ✅ Production Ready

The Security layer implements a defense-in-depth strategy, covering authentication, data protection, and attack mitigation.

For OpenClaw-specific current security boundaries, use:

  • docs/security/OPENCLAW_SECURITY_MODEL.md

🔐 Authentication & Authorization (src/auth/)

Jorvis uses a dual-strategy authentication system:

1. Strategies

  • Google OAuth 2.0 (GoogleStrategy): Primary user entry point.
  • JWT (JwtStrategy): Stateless session management. Access tokens are issued after successful OAuth login.

2. Access Control (AuthService)

  • Allowlist: Strictly enforced email (AUTH_ALLOWED_EMAILS) and domain (AUTH_ALLOWED_DOMAINS) checks using environment variables.
  • Guards:
    • JwtAuthGuard: Protects standard API endpoints.
    • ServiceTokenGuard: Protects service-to-service communication (e.g., cron jobs).
    • ApiKeyGuard: Protects internal REST endpoints (e.g. from OpenWebUI) using a static API key to prevent unauthorized access if exposed publicly.

🛡️ Data Encryption (src/security/encryption/)

Jorvis implements Application-Level Encryption (ALE) for sensitive fields before they touch the database.

AesEncryptionService

  • Algorithm: AES-256-GCM (Authenticated Encryption).
  • Key Management:
    • Supports Key Rotation via JORVIS_ENCRYPTION_KEYS JSON map.
    • Format: v{keyId}:{iv}:{authTag}:{ciphertext}
    • Automatic fallback to legacy/dev keys if configured.
  • Usage: Encrypts API keys, diverse secrets, and sensitive PII.

🚦 Rate Limiting (src/security/throttler/)

Protect the API from abuse and DoS attacks.

RedisThrottlerStorageService

  • Backend: Redis (distributed state).
  • Logic: Fixed window counters (SIMPLE Increment/Expire).
  • Config:
    • TTL: Time window in seconds.
    • Limit: Max requests per window.

⚔️ SQL Injection Prevention (src/sql/)

A specialized perimeter guard for the Text-to-SQL engine.

SqlGuardService

Before any generated SQL is executed, it passes through the SQL Guard:

  1. Read-Only Enforcement: Regex validation ensuring only SELECT statements are permitted.
  2. Keyword Blacklist: Blocks DROP, DELETE, ALTER, GRANT, etc.
  3. Strict Typing: Enforces string parameters where possible.

⚙️ Configuration

VariableDescription
AUTH_ALLOWED_EMAILSComma-separated list of allowed user emails.
AUTH_ALLOWED_DOMAINSComma-separated list of allowed domains (e.g., example.com).
JORVIS_ENCRYPTION_KEYSJSON map of ID -> 64-char Hex Key.
JORVIS_CURRENT_KEY_IDID of the key to use for new encryptions.