v6.8.21

Fix bugs.

v6.8.2

Unified Plugin Architecture — Embedded Gateway & Dashboard

OpenGuardrails 6.8.0 consolidates the architecture into a single MoltGuard plugin that runs everything locally. The standalone CLI has been removed — AI Security Gateway and Dashboard now run embedded in the plugin process.

---

Architecture Changes

Removed

• CLI Package (cli/) — Removed entirely. Dashboard and Gateway are now embedded in MoltGuard.
• Standalone openguardrails npm package — No longer needed. Install MoltGuard directly via ClawHub.

Changed

• AI Security Gateway — Now runs embedded in the MoltGuard plugin process (port 53669). No separate process management needed.
• Dashboard — Now runs embedded in the MoltGuard plugin process (ports 53667/53668). Auto-starts when plugin loads.
• Gateway Port — Changed from 8900 to 53669 for consistency with other OpenGuardrails ports.
• Gateway Config Location — Moved from ~/.openguardrails/gateway.json to ~/.openclaw/extensions/moltguard/data/gateway.json.

---

AI Security Gateway (gateway/)

Added

• Activity Monitoring — Real-time tracking of sanitization events with addActivityListener() API. Events include redaction counts, categories, and timing.
• Per-Request Mapping Store — mapping-store.ts for tracking placeholder-to-original mappings across streaming responses.
• Embedded Mode — startGateway(configPath, embedded=true) for in-process use without process exit on errors.
• Backend URL Routing — Support for /backend/{name}/chat/completions URL pattern to route to specific backends.
• Path Prefix Routing — Backend config supports pathPrefix for matching requests by URL path.

Changed

• Placeholder Format — Updated to __PII_{TYPE}_{ID}__ format (e.g., __PII_SECRET_00000001__, __PII_EMAIL_ADDRESS_00000002__).
• Config Structure — Simplified backend configuration with auto-type inference from baseUrl.

---

MoltGuard Plugin (moltguard/)

Added

• /og_sanitize Command — Enable/disable AI Security Gateway with on/off arguments.
• /og_scan Command — Scan workspace files for security risks (skills, plugins, memories, workspace md files). Results viewable in Dashboard.
• /og_autoscan Command — Enable/disable automatic file scanning on workspace changes. Results viewable in Dashboard.
• Workspace Scanner — workspace-scanner.ts for scanning all OpenClaw workspace files.
• File Watcher — file-watcher.ts for monitoring file changes and triggering auto-scans.
• Gateway Activity Reporting — Sanitization events are reported to the embedded Dashboard.

Changed

• Gateway Management — gateway-manager.ts rewritten to manage embedded gateway (no subprocess spawning).
• Dashboard Auto-Start — Dashboard starts automatically when plugin loads (no manual /og_dashboard needed for basic use).

---

Dashboard (dashboard/)

Added

• Gateway Activity Page — New /gateway page showing sanitization activity, redaction counts by category, and real-time event log.
• Gateway Activity API — POST /api/gateway/activity endpoint for receiving activity events from embedded gateway.
• Gateway Activity Schema — New gateway_activity table for storing sanitization events.

---

Documentation

• Updated gateway/CLAUDE.md — Comprehensive documentation of embedded gateway architecture, activity monitoring, and programmatic API.
• Updated docs/architecture.md — Reflects unified plugin architecture without CLI.
• Updated README.md — Simplified installation and usage instructions.

---

Migration Guide

From 6.7.x to 6.8.0

1. Uninstall CLI (if installed):

   npm uninstall -g openguardrails

2. Update MoltGuard plugin:

   openclaw plugins update moltguard
   openclaw gateway restart

3. Gateway config migration (automatic):

   • Old config at ~/.openguardrails/gateway.json is still read as fallback
   • New config location: ~/.openclaw/extensions/moltguard/data/gateway.json

4. Port change:

   • If you have firewall rules for port 8900, update them to 53669

v6.7.17

RC1

v6.6.12

Agent Security Release.

v5.2.7

v5.2.7

v5.2.6

Fix bugs

v5.2.5

Fix bugs

v5.2.0

Major Enhancements to Enterprise DLP for AI Applications

Version 5.1.3 introduces significant upgrades to OpenGuardrails’ Data Loss Prevention (DLP) capabilities, further strengthening protection for enterprise AI applications and preventing sensitive data leakage to external large language models (LLMs).

---

Enhanced DLP for Enterprise AI

Intelligent Model Switching & Data Desensitization

• Automatic switching between private models and external LLMs based on data sensitivity.
• Real-time data masking (desensitization) and secure restoration ensure that sensitive enterprise data is never exposed to external models.
• Effectively prevents confidential information from being leaked to public or third-party LLMs while preserving business continuity and response quality.

---

New GenAI-Powered Sensitive Data Detection

• Introduced GenAI-based sensitive data recognition and masking, enabling:

  • More accurate identification of complex, context-aware sensitive information
  • Better coverage of unstructured and semi-structured enterprise data

• Significantly improves detection precision compared to rule-based or regex-only approaches.

---

Additional Improvements

Self-Service False Positive Appeal & Resolution

• Users can now submit false positive appeals directly.
• Approved appeals can automatically resolve restrictions, reducing operational overhead and improving user experience.

Risk-Aware Response Substitution

• Added risk-aware alternative response generation:

  • When high-risk content is detected, the system can safely provide compliant substitute answers
  • Ensures usability while maintaining strict security and compliance standards.

---

Summary

OpenGuardrails v5.1.3 delivers a major leap forward in enterprise-grade AI security by combining intelligent model routing, GenAI-driven DLP, and improved user self-service capabilities—enabling organizations to adopt AI with confidence, control, and compliance.

v5.0.6

Fresh new enterprise UI design.

v4.5.0

Direct Model Access and bug fixes.