clawtilla-security-review
Analystes en sécurité de l'information Network-security review of the Clawtilla agent-firewall stack — the Docker network cage, the clawpatrol gateway, WireGuard transport, TLS interception, credential injection, and the egress/ingress posture. Reason like a low-level networking + Docker security engineer (cage isolation, NAT/routing, Linux capabilities and namespaces, WireGuard, TLS MITM, enrollment integrity, secret containment). Use this whenever reviewing changes to or auditing the Compose stack — the tracked `stack/` or a deployed copy of it (its compose.yaml, Dockerfile, gateway.hcl, the gateway/client entrypoints) — any network / firewall / routing / capability / isolation config, or when the user asks for a "security review", "network review", "posture audit", or "does the cage still hold" on this repo — even if they don't say the words "network security". Prefer this over a generic code review when the change touches how agents reach the network or how secrets leave the gateway.
2026-06-02