config.example.yaml

# ClawVault Configuration
# Copy to ~/.ClawVault/config.yaml and customize

proxy:
  host: "127.0.0.1"
  port: 8765
  ssl_verify: true
  intercept_hosts:
    - "api.openai.com"
    - "api.anthropic.com"
    - "api.siliconflow.cn"
    - "*.openai.azure.com"
    - "generativelanguage.googleapis.com"

detection:
  enabled: true
  api_keys: true
  passwords: true
  private_ips: true
  pii: true
  custom_patterns: []

guard:
  mode: "permissive" # permissive | interactive | strict
  auto_sanitize: false
  blocked_domains: []

monitor:
  daily_token_budget: 50000
  monthly_token_budget: 1000000
  cost_alert_usd: 50.0

audit:
  retention_days: 7
  log_level: "INFO"
  export_format: "json"

dashboard:
  enabled: true
  host: "127.0.0.1"
  port: 8766

cloud:
  enabled: false
  aiscc_api_url: "https://api.aiscc.io/v1/audit"
  aiscc_api_key: ""

openclaw:
  session_redaction:
    enabled: true
    sessions_root: "~/.openclaw/agents"
    state_file: "~/.ClawVault/state/openclaw_session_redactor.json"
    lock_timeout_ms: 3000
    watch_debounce_ms: 250
    watch_step_ms: 50
    processing_retries: 3

file_monitor:
  enabled: true
  watch_home_sensitive: true
  watch_project_sensitive: true
  watch_patterns:
    - ".env"
    - ".env.*"
    - "*.pem"
    - "*.key"
    - "*.p12"
    - "*.pfx"
    - "secrets.yaml"
    - "secrets.json"
    - "credentials.json"
    - "service-account*.json"
    - "id_rsa"
    - "id_ed25519"
  scan_content_on_change: true
  max_file_size_kb: 512
  alert_on_delete: true
  alert_on_create: true
  alert_on_modify: true

# Custom guard rules (previously in rules.yaml)
# Example:
# rules:
#   - id: block-injections
#     name: Block all prompt injections
#     enabled: true
#     action: block
#     when:
#       has_injections: true
rules: []

# Per-agent overrides (previously in agents.yaml)
agents:
  version: "1.0"
  entries: {}

# Vault presets (configuration scenarios)
vaults:
  version: "1.0"
  presets: []  # Auto-populated with builtin presets on first load