Fix: Improve daemon startup reliability and add secrets-in-args audit check (#75)

* fix: daemon silent death after fork + add secrets-in-process-args audit

Fix two issues reported by OpenClaw customers:

1. Daemon process dies silently after fork with no logs or error output.
   The child was forked with stdio:'ignore', so any errors during module
   loading or config parsing were swallowed. Now:
   - stdout/stderr redirect to daemon-startup.log before logger init
   - IPC channel detects child readiness or early exit
   - uncaughtException/unhandledRejection handlers installed before main()
   - forkDaemon reports startup log contents on failure

2. Container secrets visible via `ps aux` (new check OC-H-064).
   When containers are started with `docker run -e SECRET=value`, the
   secret is visible to any process on the host via /proc/*/cmdline.
   The new audit check flags sensitive env vars passed inline and
   recommends Docker secrets, --env-file, or mounted files instead.

* chore: update package-lock.json after npm install

* fix: ensure ~/.g0 directory exists before opening startup log

forkDaemon() opens the startup log file before writePid() creates the
directory. If ~/.g0/ doesn't exist yet (e.g. first run without prior
saveDaemonConfig call), fs.openSync would fail with ENOENT.

* fix: harden daemon startup, improve secret detection, update docs

Daemon robustness (process.ts, runner.ts):
- resolveRunnerPath() now throws with searched paths instead of silently
  returning a non-existent path that causes a cryptic fork failure
- Startup log truncated on each start (mode 'w') with 0o600 permissions
  to prevent unbounded growth and restrict access
- FD leak fixed: startupLogFd is now closed if writePid() throws
- Extracted settle() helper to deduplicate event handler cleanup logic
- Signal handlers (SIGTERM/SIGINT) registered before IPC ready signal
  so a kill during initialization triggers graceful shutdown

Secret detection (openclaw-deployment.ts, OC-H-064):
- Added missing sensitive patterns: AWS_SECRET, GOOGLE_APPLICATION_CREDENTIALS,
  PASSPHRASE, OAUTH_CLIENT_SECRET, HMAC, JWT_SECRET
- Added exact-match token patterns (_TOKEN$, TOKEN$) to catch GITHUB_TOKEN,
  GH_TOKEN etc. without false-positiving on TOKEN_ENDPOINT
- Expanded safe patterns: AUTHORIZATION_TYPE, AUTH_TYPE, TOKEN_URL,
  TOKEN_ISSUER, TOKEN_VALIDITY, REFRESH_TOKEN_ENDPOINT, etc.
- DATABASE_URL only flagged when it contains embedded credentials (user:pass@)

Documentation (openclaw-deployment-guide.md):
- Added OC-H-064 to the container deep audit table (now 36 checks)
- Added "Never Pass Secrets via -e Flags" section with good/bad examples
- Added "Daemon won't stay alive" troubleshooting section with
  startup log, common causes, and verification steps

* chore: bump version to 1.5.0

- package.json and package-lock.json version bump
- CHANGELOG.md entry for v1.5.0 (daemon fixes, OC-H-064)
- Updated version references in evidence-collector test and docs

* fix: restore tree-sitter entry in package-lock.json

npm ci on CI was failing because the node_modules/tree-sitter@0.21.1
entry was missing from the lock file. The language-specific parsers
(tree-sitter-python, etc.) were present but the base tree-sitter
package was stripped by npm install on a machine without native build
tools. Restored the entry from main.

Author: JBAhire

CHANGELOG.md

@@ -5,6 +5,20 @@ All notable changes to g0 will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.5.0] - 2026-03-11
+
+### Fixed
+
+- **Daemon Silent Death** - `forkDaemon()` now redirects child stdout/stderr to `daemon-startup.log` and uses IPC handshake to detect early exit. Previously the child was forked with `stdio: 'ignore'`, so crashes during module loading or config parsing produced zero output. Parent now waits for a `daemon-ready` message or captures the startup log on failure
+- **Runner Path Resolution** - `resolveRunnerPath()` throws with searched paths instead of silently returning a non-existent path that caused cryptic fork failures
+- **Signal Handler Timing** - SIGTERM/SIGINT handlers moved to execute immediately after logger initialization, ensuring graceful shutdown even if later initialization steps fail
+- **Startup FD Leak** - `startupLogFd` is now closed if `writePid()` throws during daemon startup
+
+### Added
+
+- **Secrets in Process Args (OC-H-064)** - New critical audit check detects secrets (API keys, passwords, tokens) passed via Docker `-e` flags, which are visible to all users on the host via `ps aux`. Recommends Docker secrets, `--env-file`, or mounted files instead
+- **Global Crash Handlers** - `uncaughtException` and `unhandledRejection` handlers installed before `main()` in the daemon runner, capturing startup crashes to the startup log
+
 ## [1.4.0] - 2026-03-10
 
 ### Added

docs/openclaw-deployment-guide.md

@@ -34,7 +34,7 @@ A complete guide for securing self-hosted OpenClaw deployments with g0. Covers e
 ## Prerequisites
 
 - **OpenClaw** v2026.2.23+ (patched for CVE-2026-25253 and CVE-2026-28363)
-- **g0** v1.4.0+ (`npm install -g @guard0/g0`)
+- **g0** v1.5.0+ (`npm install -g @guard0/g0`)
 - **Docker** and **Docker Compose** (for containerized deployments)
 - **Linux host** (for iptables, auditd — macOS supported for scanning only)
 - Root/sudo access (for iptables and auditd rule installation)
@@ -70,7 +70,7 @@ g0 daemon start
 
 ## Deployment Audit Checks
 
-g0 performs 35 deployment-level checks across 7 categories:
+g0 performs 36 deployment-level checks across 7 categories:
 
 | g0 Check | Category | Description | Severity |
 |----------|----------|-------------|----------|
@@ -96,7 +96,7 @@ g0 performs 35 deployment-level checks across 7 categories:
 
 **Categories**: NET (network), CRED (credentials), DOCK (Docker/container), DATA (data protection), O11Y (observability), SYS (system), FORNS (forensics)
 
-### Container Deep Audit (OC-H-056..063)
+### Container Deep Audit (OC-H-056..064)
 
 g0 performs deep inspection of running Docker containers:
 
@@ -110,6 +110,7 @@ g0 performs deep inspection of running Docker containers:
 | **OC-H-061** | DOCK | OPENCLAW_DISABLE_BONJOUR should be set | Low |
 | **OC-H-062** | DOCK | Sensitive host paths should not be mounted | High |
 | **OC-H-063** | DOCK | Container images should be verified/signed | Medium |
+| **OC-H-064** | CRED | Secrets passed via `-e` flags are visible in `ps aux` | Critical |
 
 ---
 
@@ -427,6 +428,34 @@ chmod 600 /data/.openclaw/agents/*/.env
 
 g0 detects duplicate credential groups automatically during the deployment audit.
 
+### Never Pass Secrets via `-e` Flags (OC-H-064)
+
+**Finding:** Secrets passed as `docker run -e SECRET_KEY=value` are visible to **every user on the host** via `ps aux` or `/proc/{pid}/cmdline`. This is a critical exposure that g0 now detects automatically.
+
+**Bad — visible in process list:**
+
+```bash
+# Anyone on the host can see this secret:
+docker run -e OPENAI_API_KEY=sk-proj-abc123... openclaw-agent
+```
+
+**Good — use Docker secrets or `--env-file`:**
+
+```bash
+# Option 1: Docker secrets (Swarm mode)
+echo "sk-proj-abc123..." | docker secret create agent1_openai_key -
+
+# Option 2: env-file with restricted permissions
+echo "OPENAI_API_KEY=sk-proj-abc123..." > /data/.openclaw/agents/agent-1/.env
+chmod 600 /data/.openclaw/agents/agent-1/.env
+docker run --env-file /data/.openclaw/agents/agent-1/.env openclaw-agent
+
+# Option 3: Mount secret as a file
+docker run -v /data/secrets/openai_key:/run/secrets/openai_key:ro openclaw-agent
+```
+
+g0 inspects running container environment variables and flags any sensitive values (API keys, tokens, passwords, credentials) that are passed inline rather than via files or secret stores.
+
 ---
 
 ## Step 6: Docker Socket Isolation
@@ -1357,6 +1386,33 @@ g0 looks for OpenClaw indicators in these locations:
 
 Ensure your `agentDataPath` is correct in `~/.g0/daemon.json`.
 
+### Daemon won't stay alive / exits immediately
+
+If `g0 daemon start` reports a PID but the process dies immediately:
+
+1. **Check the startup log** — errors during early initialization are captured here:
+
+```bash
+cat ~/.g0/daemon-startup.log
+```
+
+2. **Check the daemon log** — if the daemon survived past initial startup:
+
+```bash
+g0 daemon logs
+```
+
+3. **Common causes:**
+   - Missing Node.js modules — reinstall g0: `npm install -g @guard0/g0`
+   - Corrupt `daemon.json` — validate: `cat ~/.g0/daemon.json | python3 -m json.tool`
+   - No swap + high memory pressure — the OOM killer may be terminating the process. Check `dmesg | grep -i oom`
+
+4. If the startup log is empty, the runner script could not be located. Verify the installation:
+
+```bash
+ls $(dirname $(which g0))/../lib/node_modules/@guard0/g0/dist/src/daemon/runner.js
+```
+
 ### "iptables: Permission denied"
 
 Egress rule application requires root/sudo. Either:
@@ -1396,7 +1452,7 @@ sudo auditctl -l    # Verify rules are loaded
 ### False Positives in Static Scan
 
 If you see false positives like SQL injection on logger lines:
-1. g0 v1.4.0+ includes fixes for common FPs (e.g., AA-CE-012 on Python f-string logging)
+1. g0 v1.5.0+ includes fixes for common FPs (e.g., AA-CE-012 on Python f-string logging)
 2. Add specific rules to `exclude_rules` in `.g0.yaml`
 3. Use `--min-confidence medium` (default) to hide low-confidence generic findings