Skip to content

v0.7.0 — Guardrails (NeMo-style) + FTS5 fix

Choose a tag to compare

@MuhammadHasbiAshshiddieqy MuhammadHasbiAshshiddieqy released this 24 Jun 22:38

First stable release — exits the -alpha pre-release phase.

Added — Guardrails (NeMo-style input/output rails)

Adopts the NVIDIA NeMo Guardrails architecture natively (no LangChain/heavy deps), closing OpenCLAWN's biggest gap: nothing previously checked LLM output.

  • security/guardrails.py — pure-stdlib GuardrailEngine + rails (extractable):
    • input: PromptInjectionRail (wraps Shield, BLOCK)
    • output: PromptLeakRail (BLOCK system-prompt leak), PIIRail (REDACT email/card/api-key)
  • core/guardrails_config.py — per-rail on/off in app_settings, read per-turn (live UI toggles), fail-safe default-on
  • agent_loop integration: redacts/blocks before storing to history/memory; emits guardrail SSE event

Streaming note: already-streamed tokens can't be unsent; output rails operate on the full turn.content to keep PII out of stored memory and flag the UI.

Fixed — FTS5 query sanitization (memory L4)

Raw user queries hit FTS5 MATCH; punctuation (. , : ( ) ") is FTS5 operator syntax, so ordinary queries like "bug login: OAuth." always errored → L4 cross-session search failed silently. New fts5_query() tokenizes + quotes + ORs terms; punctuated queries now find matches.


Tests: 490 passing, ruff clean.