docs: add safety docs and OpenClaw gap roadmap
This commit is contained in:
William Valentin
@@ -67,6 +67,7 @@ Flynn provides a full CLI via the `flynn` binary (or `npx tsx src/cli/index.ts`
|
||||
| `flynn setup` | Interactive setup wizard |
|
||||
| `flynn gmail-auth` | Authenticate with Gmail via OAuth2 |
|
||||
| `flynn gcal-auth` | Authenticate with Google Calendar via OAuth2 |
|
||||
| `flynn skills` | List/install/manage skills |
|
||||
|
||||
### Examples
|
||||
|
||||
@@ -117,6 +118,27 @@ hooks:
|
||||
silent: [notify]
|
||||
```
|
||||
|
||||
## Safety Model
|
||||
|
||||
Flynn is designed to be safe-by-default when expanded beyond "chat":
|
||||
|
||||
- **Tool policy** restricts which tools are even available to a given context (profiles + allow/deny + per-agent/per-provider overrides).
|
||||
- **Skills** can declare explicit capabilities (`manifest.json.permissions`) which are enforced at runtime.
|
||||
- **Sandboxing** can isolate high-risk execution (shell/process) per-session via Docker.
|
||||
- **Prompt-injection hardening** treats fetched content/tool output as untrusted data and blocks obviously unsafe tool calls when untrusted content is present.
|
||||
- **Audit logs** record tool usage and approvals with redaction.
|
||||
|
||||
Details: `docs/security/SAFE_PERSONAL_AGENT.md`
|
||||
|
||||
## Agent-Oriented Architecture Diagram
|
||||
|
||||
If you want a fast mental model of where to start as an AI agent / contributor:
|
||||
|
||||
- `docs/architecture/AGENT_DIAGRAM.md`
|
||||
- `docs/architecture/CONTRIBUTOR_MAP.md`
|
||||
- `docs/architecture/TYPESCRIPT_MAP.md`
|
||||
- `docs/architecture/SYMBOL_INDEX.md`
|
||||
|
||||
### Model Providers
|
||||
|
||||
| Provider | Config |
|
||||
|
||||
Reference in New Issue
Block a user