#23780: Gateway: fail closed on insecure state directory permissions
gateway
size: M
trusted-contributor
## Summary
- refuse gateway startup when OpenClaw state files are group/world readable or writable
- inspect `$OPENCLAW_STATE_DIR`, `openclaw.json`, `.env`, and credentials files/directories
- return actionable remediation guidance that points to `openclaw doctor --fix`
## Why
This makes state-dir hardening fail-closed instead of best-effort, preventing accidental startup in insecure local-permission states.
## Tests
- `pnpm vitest run src/gateway/startup-permissions.test.ts`
<!-- greptile_comment -->
<h3>Greptile Summary</h3>
Added fail-closed permission checks during gateway startup to prevent insecure state directory configurations. The implementation inspects `$OPENCLAW_STATE_DIR`, `openclaw.json`, `.env`, and credentials files for group/world readability or writability, rejecting startup with actionable remediation guidance pointing to `openclaw doctor --fix`.
- Introduced `assertGatewayStartupPermissionSafety()` in `src/gateway/startup-permissions.ts` that recursively audits state files and directories
- Integrated permission checks into gateway startup sequence in `src/gateway/server.impl.ts` before plugin auto-enable
- Added comprehensive test coverage including happy path, world-readable config, and group-readable credentials scenarios
- Leverages existing `inspectPathPermissions()` infrastructure from `src/security/audit-fs.ts` for cross-platform permission inspection
<h3>Confidence Score: 5/5</h3>
- This PR is safe to merge with minimal risk
- The implementation is well-structured, uses existing security infrastructure, handles edge cases properly (symlinks, missing files, Windows ACLs), and has thorough test coverage. The fail-closed approach is the correct security posture for permission validation. The integration point in the startup sequence is appropriate (after config validation, before plugin auto-enable).
- No files require special attention
<sub>Last reviewed commit: b75ef52</sub>
<!-- greptile_other_comments_section -->
<!-- /greptile_comment -->
Most Similar PRs
#23719: Gateway: fail closed startup on insecure state/config permissions
by bmendonca3 · 2026-02-22
93.4%
#23364: Gateway: add risk-ack interlock for dangerous Control UI flags
by bmendonca3 · 2026-02-22
83.5%
#21120: Security/Gateway: guard dangerous HTTP /tools/invoke re-enables
by bmendonca3 · 2026-02-19
80.0%
#11455: fix(gateway): default gateway.mode to local when unset
by AnonO6 · 2026-02-07
79.2%
#21100: Security/Gateway: require explicit break-glass env for Control UI b...
by bmendonca3 · 2026-02-19
79.2%
#23444: Gateway: move auth token storage to state dotenv by default
by bmendonca3 · 2026-02-22
77.3%
#23361: Gateway: reject scope assertions without identity binding
by bmendonca3 · 2026-02-22
77.1%
#12234: gateway: incident tracking, recover command, and ciao ERR_SERVER_CL...
by levineam · 2026-02-09
77.0%
#23355: Gateway: fail closed on untrusted proxy headers
by bmendonca3 · 2026-02-22
76.8%
#19937: fix(gateway): validate token/password auth modes and isolate gatewa...
by NewdlDewdl · 2026-02-18
76.2%