LLM/pocketpaw
1
0
Fork 0
mirror of https://github.com/pocketpaw/pocketpaw.git synced 2026-05-19 00:17:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
dev
pocketpaw/docs/security/audit-cli.mdx
Prakash 57b807c117 docs(seo): optimize titles, descriptions, headings, and cross-links 
Comprehensive SEO optimization across 80 documentation pages:

Title optimization (all pages):
- Replaced generic titles like "Architecture", "Discord", "Slack"
  with search-intent titles like "PocketPaw Architecture: Event-Driven
  Message Bus", "Discord Bot Setup: Add PocketPaw to Your Server"
- All titles now 50-70 characters with qualifying keywords

Meta descriptions:
- Expanded 7 short descriptions (under 145 chars) to 150-160 chars
- Roadmap description expanded from 76 to 196 chars
- Troubleshooting, Codex CLI, OpenCode, WebMCP all expanded

H1 heading fixes:
- Ensured single H1 per page matching the frontmatter title
- All H1 headings updated to match new optimized titles

Internal cross-links:
- Added Related CardGroup sections to 60+ individual pages
- Each links to 2-3 related pages within and across sections
- Channels link to channel guides, backends link to Ollama guide, etc.

Em dash cleanup:
- Replaced em dashes with colons, periods, or double hyphens
  across multiple files in tools/, channels/, integrations/

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 17:41:36 +05:30

77 lines
2.4 KiB
Plaintext
Raw Permalink Blame History

---
title: "Audit CLI: Command-Line Security Analysis"
description: "Run 7 automated security checks on your PocketPaw installation with the --security-audit CLI flag. Detects common misconfigurations and optionally applies fixes with the --fix option."
section: Security
ogType: article
keywords: ["security audit", "cli tool", "misconfiguration", "auto-fix", "security checks"]
tags: ["security", "cli", "audit"]
---
# Audit CLI: Command-Line Security Analysis
PocketPaw includes a built-in security audit that checks for common misconfigurations and vulnerabilities.
## Running the Audit
```bash
# Run all checks
pocketpaw --security-audit
# Run with auto-fix
pocketpaw --security-audit --fix
```
## Checks Performed
| # | Check | Description | Auto-Fix |
|---|-------|-------------|----------|
| 1 | Config permissions | `config.json` should be 600 | Yes |
| 2 | API key exposure | Check for keys in env/logs | No |
| 3 | Audit log integrity | Verify log file is valid | No |
| 4 | Token storage | OAuth tokens have proper permissions | Yes |
| 5 | MCP configuration | Validate MCP server configs | No |
| 6 | Tool policy | Check for overly permissive policies | No |
| 7 | Guardian AI status | Verify Guardian AI is active | No |
## Output
The audit produces a report like:
```
PocketPaw Security Audit
========================
[PASS] Config file permissions: 600
[WARN] API key found in environment variable (expected)
[PASS] Audit log integrity: valid
[FAIL] Token file permissions: 644 (should be 600)
[PASS] MCP configuration: valid
[WARN] Tool policy: full profile (no restrictions)
[PASS] Guardian AI: active
Results: 4 passed, 2 warnings, 1 failure
```
## Auto-Fix
When run with `--fix`, the audit automatically resolves issues it can:
- Sets file permissions to 600 for config and token files
- Creates missing directories with proper permissions
Issues that require manual intervention (like API key management) are reported but not auto-fixed.
## Related
<CardGroup>
<Card title="Audit Log" icon="lucide:file-check" href="/security/audit-log">
The append-only JSONL log that the audit CLI validates for integrity.
</Card>
<Card title="Self-Audit Daemon" icon="lucide:activity" href="/security/self-audit-daemon">
Automated background checks that run continuously without manual invocation.
</Card>
<Card title="Security Overview" icon="lucide:shield" href="/security">
Full overview of PocketPaw's 7-layer security stack.
</Card>
</CardGroup>
Reference in New Issue View Git Blame Copy Permalink