Security is a core requirement for DRAM.

• Context isolation and sandboxed renderer execution
• Explicit IPC surface between renderer and main process
• Local secure storage patterns for credentials
• Local-first defaults for data flow and runtime behavior

• Avoid exposing external network surfaces by default
• Keep sensitive values out of renderer scope
• Prefer scoped handlers and audited IPC routes

• Run security-related test suites:
  • npm run test
  • npm run check:ipc

• Roadmap for security hardening backlog
• OpenClaw runtime and gateway behavior