Remove env/printenv from safe bins list and add deny patterns for bare env/printenv/set/export commands that dump all environment variables including secrets. Expand credential scrubbing to detect connection strings (PostgreSQL, MySQL, MongoDB, Redis, AMQP), generic KEY=/SECRET=/CREDENTIAL= environment variables, DSN/DATABASE_URL patterns, and long hex strings (64+ chars) that may be encryption keys or hashes.
Multi-agent AI gateway with WebSocket RPC, HTTP API, and messaging channel integrations.
Go port of OpenClaw with multi-tenant PostgreSQL, per-user isolation, security hardening,
and production observability.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>