clawmoat 0.2.1 → 0.5.0

package/docs/positioning-v2.md

@@ -0,0 +1,155 @@
+# ClawMoat v2 Positioning — "Run AI Agents on Your Laptop Without Fear"
+
+## The Shift
+
+**Before:** "Security scanner for AI agents" (feature)
+**After:** "The trust layer between AI agents and your machine" (category)
+
+## New Tagline Options
+
+1. **"Run AI agents on your laptop. We watch your back."**
+2. **"Your machine. Your agent. Your rules."**
+3. **"The security moat between AI and your laptop."**
+4. **"Self-host AI agents fearlessly."**
+
+Recommended: **"Your machine. Your agent. Your rules."**
+
+## Target Audience (Revised)
+
+### Primary: Self-Hosting AI Agent Users
+- People running OpenClaw, Claude Code, Cursor, Aider, etc. on their actual machines
+- Want the power of local agents but scared of giving AI shell/file access
+- Technical enough to install npm packages, not security experts
+- **Pain point:** "I want to run this on my laptop but what if it reads my SSH keys?"
+
+### Secondary: Agent Framework Developers
+- Building with LangChain, CrewAI, AutoGen, OpenAI Agents SDK
+- Need to ship security to their users without building it themselves
+- Want to say "secured by ClawMoat" as a trust signal
+
+### Tertiary: Enterprise AI Teams
+- Deploying agents internally on employee machines
+- Need compliance, audit trails, policy enforcement
+- Can't have agents accessing arbitrary credentials
+
+## Value Proposition
+
+```
+Without ClawMoat:
+  AI Agent → Full access to everything → 😱
+
+With ClawMoat:
+  AI Agent → ClawMoat Guardian → Only what's allowed → 😌
+  + Full audit trail of everything attempted
+  + Forbidden zones auto-protect your credentials
+  + Permission tiers you can dial up as trust grows
+```
+
+## New Pricing
+
+### Free (Open Source)
+- Host Guardian with all 4 permission tiers
+- 20+ forbidden zone patterns
+- Dangerous command blocking
+- Audit trail (in-memory)
+- All scanners (prompt injection, secrets, PII, etc.)
+- Community support via GitHub
+- **Everything you need to secure one machine**
+
+### Pro — $14.99/mo or $149/yr
+- Everything in Free
+- **Threat intelligence feed** — new attack patterns pushed weekly
+- **Persistent audit logs** — queryable, exportable, tamper-evident
+- **Custom forbidden zones** — YAML-based, shareable configs
+- **Real-time alerts** — Telegram, Slack, Discord, email notifications on violations
+- **Dashboard** — web UI showing blocked attacks, audit trail, security score
+- **Priority pattern updates** — when new agent exploits emerge, Pro gets patches first
+- Email support
+
+### Team — $49/mo or $499/yr (up to 10 machines)
+- Everything in Pro
+- **Centralized policy management** — one config, all machines
+- **Fleet dashboard** — see all your agents/machines in one view
+- **Shared threat intelligence** — attacks on any machine update all
+- **Role-based policies** — different tiers for different team members
+- **Compliance reports** — SOC2-style audit exports
+- **Slack/Teams integration** — security alerts in your team channels
+- Priority support
+
+### Enterprise — Custom
+- Everything in Team, unlimited machines
+- **On-prem threat intelligence server**
+- **Custom scanner development** — we build patterns for your stack
+- **SLA** — guaranteed response times
+- **SSO/SAML** — enterprise auth
+- Dedicated support engineer
+
+## Why This Pricing Works
+
+1. **Free is genuinely useful** — not crippled. This drives adoption
+2. **Pro sells peace of mind** — "I run an agent on my laptop, I need alerts when something weird happens"
+3. **Team sells visibility** — "I have 5 engineers running agents, I need to see what they're doing"
+4. **Enterprise sells compliance** — "Our security team needs audit trails and SLA"
+
+## Competitive Landscape
+
+| | ClawMoat | Rebuff.ai | LLM Guard | Prompt Armor |
+|---|---|---|---|---|
+| Host/laptop protection | ✅ | ❌ | ❌ | ❌ |
+| Permission tiers | ✅ | ❌ | ❌ | ❌ |
+| Filesystem boundaries | ✅ | ❌ | ❌ | ❌ |
+| Command blocking | ✅ | ❌ | ❌ | ❌ |
+| Audit trail | ✅ | ❌ | Partial | ❌ |
+| Prompt injection | ✅ | ✅ | ✅ | ✅ |
+| Zero dependencies | ✅ | ❌ | ❌ | ❌ |
+| Open source | ✅ | Partial | ✅ | ❌ |
+| Framework agnostic | ✅ | ✅ | ✅ | ❌ |
+
+**We're the only one protecting the HOST, not just the prompts.**
+
+## Content Strategy
+
+### Launch Blog Post
+"We Run an AI Agent on Our Founder's Laptop — Here's How We Secured It"
+- Real story of dogfooding ClawMoat
+- Show actual attack attempts and blocks
+- "Try to break it" challenge
+
+### Ongoing Content
+- Weekly "Attack of the Week" — real patterns we caught
+- "What Could Go Wrong" series — agent horror stories + how ClawMoat prevents them
+- Integration guides for every major framework
+- "Security Score" badges for repos
+
+### PR Angle
+- "Come hack our agent" bounty program
+- First open-source laptop security layer for AI agents
+- OWASP Agentic AI alignment
+
+## Go-to-Market
+
+1. **Week 1:** Publish v0.4.0, blog post, update website
+2. **Week 2:** Integration guides (OpenClaw, LangChain, CrewAI)
+3. **Week 3:** "Come hack our agent" challenge launch
+4. **Week 4:** HN Show HN, Reddit posts, Dev.to
+5. **Month 2:** Pro tier launch with dashboard MVP
+6. **Month 3:** Team tier with fleet management
+
+## Stripe Updates Needed
+
+Old prices → New prices:
+- Pro: $9.99/mo → $14.99/mo (more value now)
+- Pro Yearly: $99/yr → $149/yr
+- Team: $49/mo → same
+- Team Yearly: $499/yr → same
+
+## Key Messages
+
+**For individuals:**
+"You wouldn't give a stranger the keys to your house. Why give an AI agent unrestricted access to your laptop?"
+
+**For teams:**
+"Your developers are running AI agents on their machines right now. Do you know what those agents can access?"
+
+**For the market:**
+"Prompt injection scanning is table stakes. Host protection is the real game."

package/docs/report-demo.html

@@ -0,0 +1,399 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<link rel="icon" type="image/png" href="/favicon.png">
+<link rel="apple-touch-icon" href="/apple-touch-icon.png">
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Sample Security Report — ClawMoat Enterprise</title>
+<meta name="description" content="See what a ClawMoat Enterprise AI agent security assessment report looks like. Professional, print-ready audit reports.">
+<link rel="icon" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 100 100'><text y='.9em' font-size='90'>🏰</text></svg>">
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+:root{--navy:#0F172A;--navy-light:#1E293B;--navy-mid:#334155;--blue:#3B82F6;--emerald:#10B981;--white:#F8FAFC;--gray:#94A3B8;--red:#EF4444;--amber:#F59E0B;--orange:#F97316}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;background:var(--navy);color:var(--white);line-height:1.6}
+a{color:var(--blue);text-decoration:none}
+a:hover{text-decoration:underline}
+
+/* CTA Banner */
+.cta-banner{background:linear-gradient(135deg,var(--blue),#6366F1);text-align:center;padding:14px 24px;font-size:.95rem;font-weight:600;position:sticky;top:0;z-index:200}
+.cta-banner a{color:#fff;text-decoration:underline}
+.cta-banner span{opacity:.9}
+
+/* Back nav */
+.back-nav{background:rgba(15,23,42,.95);backdrop-filter:blur(12px);border-bottom:1px solid rgba(59,130,246,.15);padding:16px 0}
+.back-nav .inner{max-width:1140px;margin:0 auto;padding:0 24px;display:flex;align-items:center;justify-content:space-between}
+.back-nav .logo{font-size:1.25rem;font-weight:700;color:var(--white)}
+.back-nav .logo span{color:var(--emerald)}
+.back-nav a.back{color:var(--gray);font-size:.9rem}
+.back-nav a.back:hover{color:var(--white);text-decoration:none}
+
+/* Report Container */
+.report{max-width:900px;margin:40px auto;background:#fff;color:#1a1a2e;border-radius:12px;overflow:hidden;box-shadow:0 25px 80px rgba(0,0,0,.5)}
+
+/* Report Header */
+.report-header{background:linear-gradient(135deg,#0F172A 0%,#1E293B 100%);color:#fff;padding:48px;position:relative;overflow:hidden}
+.report-header::after{content:'';position:absolute;top:-50%;right:-20%;width:400px;height:400px;background:radial-gradient(circle,rgba(59,130,246,.15),transparent 70%);pointer-events:none}
+.report-header .logo-row{display:flex;align-items:center;gap:16px;margin-bottom:32px}
+.report-header .shield{width:56px;height:56px;background:linear-gradient(135deg,var(--blue),var(--emerald));border-radius:14px;display:flex;align-items:center;justify-content:center;font-size:1.8rem}
+.report-header .logo-text{font-size:1.4rem;font-weight:700}
+.report-header .logo-text span{color:var(--emerald)}
+.report-header h1{font-size:2rem;font-weight:800;margin-bottom:8px;letter-spacing:-.02em}
+.report-header .subtitle{color:var(--gray);font-size:1rem}
+.report-meta{display:grid;grid-template-columns:repeat(auto-fit,minmax(180px,1fr));gap:16px;margin-top:28px;padding-top:24px;border-top:1px solid rgba(255,255,255,.1)}
+.report-meta .meta-item label{display:block;font-size:.7rem;text-transform:uppercase;letter-spacing:.1em;color:var(--gray);margin-bottom:2px}
+.report-meta .meta-item p{font-size:.95rem;font-weight:600}
+
+/* Watermark */
+.watermark{position:absolute;top:50%;left:50%;transform:translate(-50%,-50%) rotate(-35deg);font-size:5rem;font-weight:900;color:rgba(239,68,68,.06);pointer-events:none;white-space:nowrap;letter-spacing:.1em;z-index:1}
+
+/* Report Body */
+.report-body{padding:48px;position:relative}
+
+/* Section styling */
+.report-body h2{font-size:1.3rem;font-weight:700;color:#0F172A;margin:36px 0 16px;padding-bottom:8px;border-bottom:2px solid #E2E8F0;display:flex;align-items:center;gap:10px}
+.report-body h2:first-child{margin-top:0}
+.report-body h2 .num{background:var(--blue);color:#fff;width:28px;height:28px;border-radius:50%;display:inline-flex;align-items:center;justify-content:center;font-size:.8rem;flex-shrink:0}
+
+/* Executive Summary */
+.exec-grid{display:grid;grid-template-columns:1fr 1fr;gap:20px;margin-bottom:24px}
+.score-card{text-align:center;padding:28px;border-radius:12px;border:2px solid #E2E8F0}
+.score-card.main{border-color:var(--amber);background:linear-gradient(135deg,#FFFBEB,#FEF3C7)}
+.score-ring{width:120px;height:120px;margin:0 auto 12px;position:relative}
+.score-ring svg{transform:rotate(-90deg)}
+.score-ring .value{position:absolute;top:50%;left:50%;transform:translate(-50%,-50%);font-size:2rem;font-weight:800;color:#92400E}
+.score-ring .label{position:absolute;top:50%;left:50%;transform:translate(-50%,60%);font-size:.7rem;color:#92400E;font-weight:600;text-transform:uppercase}
+.stat-row{display:grid;grid-template-columns:repeat(3,1fr);gap:12px}
+.stat-box{text-align:center;padding:16px;background:#F8FAFC;border-radius:10px;border:1px solid #E2E8F0}
+.stat-box .val{font-size:1.5rem;font-weight:800;color:#0F172A}
+.stat-box .lbl{font-size:.75rem;color:#64748B;text-transform:uppercase;letter-spacing:.05em}
+
+/* Risk badge */
+.risk-badge{display:inline-flex;align-items:center;gap:6px;padding:6px 16px;border-radius:20px;font-weight:700;font-size:.85rem}
+.risk-moderate{background:#FEF3C7;color:#92400E}
+
+/* Findings dashboard */
+.findings-bar{margin:20px 0}
+.bar-row{display:flex;align-items:center;gap:12px;margin-bottom:10px}
+.bar-label{width:80px;font-size:.85rem;font-weight:600;text-align:right;flex-shrink:0}
+.bar-track{flex:1;height:28px;background:#F1F5F9;border-radius:6px;overflow:hidden;position:relative}
+.bar-fill{height:100%;border-radius:6px;display:flex;align-items:center;padding-left:10px;font-size:.8rem;font-weight:700;color:#fff;min-width:fit-content;transition:width .6s ease}
+.bar-critical{background:linear-gradient(90deg,#DC2626,#EF4444)}
+.bar-high{background:linear-gradient(90deg,#EA580C,var(--orange))}
+.bar-medium{background:linear-gradient(90deg,#D97706,var(--amber))}
+.bar-low{background:linear-gradient(90deg,#2563EB,var(--blue))}
+.bar-count{font-size:.85rem;font-weight:600;color:#64748B;width:30px}
+
+.trend-note{display:flex;align-items:center;gap:8px;padding:12px 16px;background:#F0FDF4;border:1px solid #BBF7D0;border-radius:8px;font-size:.9rem;color:#166534;margin-top:16px}
+
+/* Findings table */
+.finding{border:1px solid #E2E8F0;border-radius:10px;padding:20px;margin-bottom:16px;transition:box-shadow .2s}
+.finding:hover{box-shadow:0 4px 12px rgba(0,0,0,.08)}
+.finding-header{display:flex;align-items:flex-start;justify-content:space-between;gap:12px;margin-bottom:12px}
+.finding-id{font-size:.8rem;color:#64748B;font-family:'SF Mono',Consolas,monospace}
+.severity{display:inline-block;padding:3px 10px;border-radius:6px;font-size:.75rem;font-weight:700;text-transform:uppercase;letter-spacing:.05em}
+.sev-critical{background:#FEE2E2;color:#991B1B}
+.sev-high{background:#FFEDD5;color:#9A3412}
+.sev-medium{background:#FEF3C7;color:#92400E}
+.sev-low{background:#DBEAFE;color:#1E40AF}
+.finding h3{font-size:1.05rem;font-weight:700;color:#0F172A;margin-bottom:8px}
+.finding p{font-size:.9rem;color:#475569;margin-bottom:8px}
+.finding-detail{display:grid;grid-template-columns:1fr 1fr;gap:8px;font-size:.85rem}
+.finding-detail dt{color:#64748B;font-weight:600}
+.finding-detail dd{color:#334155}
+.finding .recommendation{background:#F0FDF4;border-left:3px solid var(--emerald);padding:10px 14px;border-radius:0 6px 6px 0;margin-top:12px;font-size:.85rem;color:#166534}
+.finding .owasp-ref{margin-top:8px;font-size:.8rem;color:#64748B}
+.finding .owasp-ref code{background:#F1F5F9;padding:2px 6px;border-radius:4px;font-size:.75rem}
+
+/* Recommendations */
+.rec-list{counter-reset:rec}
+.rec-item{display:flex;gap:14px;padding:16px;border:1px solid #E2E8F0;border-radius:10px;margin-bottom:10px}
+.rec-item::before{counter-increment:rec;content:counter(rec);background:var(--blue);color:#fff;width:28px;height:28px;border-radius:50%;display:flex;align-items:center;justify-content:center;font-size:.85rem;font-weight:700;flex-shrink:0}
+.rec-item .priority{display:inline-block;font-size:.7rem;font-weight:700;padding:2px 8px;border-radius:4px;margin-bottom:4px;text-transform:uppercase}
+.rec-item .p-immediate{background:#FEE2E2;color:#991B1B}
+.rec-item .p-short{background:#FFEDD5;color:#9A3412}
+.rec-item .p-medium{background:#DBEAFE;color:#1E40AF}
+.rec-item h4{font-size:.95rem;font-weight:700;color:#0F172A;margin-bottom:4px}
+.rec-item p{font-size:.85rem;color:#475569}
+
+/* Report Footer */
+.report-footer{background:#F8FAFC;border-top:2px solid #E2E8F0;padding:28px 48px;display:flex;align-items:center;justify-content:space-between;font-size:.85rem;color:#64748B}
+.report-footer .logo-sm{font-weight:700;color:#0F172A}
+.report-footer .logo-sm span{color:var(--emerald)}
+
+/* Print styles */
+@media print{
+  body{background:#fff}
+  .cta-banner,.back-nav{display:none}
+  .report{margin:0;border-radius:0;box-shadow:none;max-width:100%}
+  .finding{break-inside:avoid}
+  .report-header{-webkit-print-color-adjust:exact;print-color-adjust:exact}
+}
+
+@media(max-width:640px){
+  .report-body{padding:24px}
+  .exec-grid{grid-template-columns:1fr}
+  .stat-row{grid-template-columns:1fr}
+  .finding-detail{grid-template-columns:1fr}
+  .report-footer{flex-direction:column;gap:8px;text-align:center;padding:20px 24px}
+  .report-header{padding:32px 24px}
+}
+</style>
+</head>
+<body>
+
+<!-- CTA Banner -->
+<div class="cta-banner">
+  <span>📋 This is a sample report.</span> Get your free security assessment → <a href="mailto:hello@clawmoat.com">Contact us</a>
+</div>
+
+<!-- Back Nav -->
+<div class="back-nav">
+  <div class="inner">
+    <div class="logo"><a href="/"><img src="/logo.svg" alt="ClawMoat" style="height:44px"></a></div>
+    <a href="/" class="back">← Back to ClawMoat</a>
+  </div>
+</div>
+
+<!-- Report Document -->
+<div class="report">
+  <div class="watermark">SAMPLE</div>
+
+  <!-- Report Header -->
+  <div class="report-header">
+    <div class="logo-row">
+      <div class="shield">🏰</div>
+      <div>
+        <div class="logo-text">Claw<span>Moat</span> Enterprise</div>
+      </div>
+    </div>
+    <h1>AI Agent Security Assessment</h1>
+    <p class="subtitle">Comprehensive runtime security audit report</p>
+    <div class="report-meta">
+      <div class="meta-item">
+        <label>Client</label>
+        <p>Acme AI Corp</p>
+      </div>
+      <div class="meta-item">
+        <label>Assessment ID</label>
+        <p>CMA-2026-00847</p>
+      </div>
+      <div class="meta-item">
+        <label>Report Date</label>
+        <p>February 1, 2026</p>
+      </div>
+      <div class="meta-item">
+        <label>Assessment Period</label>
+        <p>Jan 1 – 31, 2026</p>
+      </div>
+    </div>
+  </div>
+
+  <!-- Report Body -->
+  <div class="report-body">
+
+    <!-- Executive Summary -->
+    <h2><span class="num">1</span> Executive Summary</h2>
+    <div class="exec-grid">
+      <div class="score-card main">
+        <div class="score-ring">
+          <svg width="120" height="120" viewBox="0 0 120 120">
+            <circle cx="60" cy="60" r="52" fill="none" stroke="#E2E8F0" stroke-width="10"/>
+            <circle cx="60" cy="60" r="52" fill="none" stroke="#F59E0B" stroke-width="10"
+              stroke-dasharray="326.7" stroke-dashoffset="88.2" stroke-linecap="round"/>
+          </svg>
+          <div class="value">73</div>
+          <div class="label">/ 100</div>
+        </div>
+        <p style="font-weight:700;color:#92400E;margin-top:8px">Overall Security Score</p>
+      </div>
+      <div style="display:flex;flex-direction:column;gap:12px;justify-content:center">
+        <div class="stat-box">
+          <div style="margin-bottom:4px"><span class="risk-badge risk-moderate">⚠ MODERATE</span></div>
+          <div class="lbl">Risk Level</div>
+        </div>
+        <div class="stat-box">
+          <div class="val">1,247</div>
+          <div class="lbl">Messages Analyzed</div>
+        </div>
+        <div class="stat-box">
+          <div class="val">46</div>
+          <div class="lbl">Total Findings</div>
+        </div>
+      </div>
+    </div>
+
+    <!-- Findings Dashboard -->
+    <h2><span class="num">2</span> Findings Dashboard</h2>
+    <div class="findings-bar">
+      <div class="bar-row">
+        <div class="bar-label" style="color:#DC2626">Critical</div>
+        <div class="bar-track"><div class="bar-fill bar-critical" style="width:6.5%">3</div></div>
+      </div>
+      <div class="bar-row">
+        <div class="bar-label" style="color:#EA580C">High</div>
+        <div class="bar-track"><div class="bar-fill bar-high" style="width:15.2%">7</div></div>
+      </div>
+      <div class="bar-row">
+        <div class="bar-label" style="color:#D97706">Medium</div>
+        <div class="bar-track"><div class="bar-fill bar-medium" style="width:26%">12</div></div>
+      </div>
+      <div class="bar-row">
+        <div class="bar-label" style="color:#2563EB">Low</div>
+        <div class="bar-track"><div class="bar-fill bar-low" style="width:52%">24</div></div>
+      </div>
+    </div>
+    <div class="trend-note">📈 <strong>Improving:</strong>&nbsp;Total findings decreased 18% compared to previous month (56 → 46)</div>
+
+    <!-- Top Findings -->
+    <h2><span class="num">3</span> Top Findings</h2>
+
+    <div class="finding">
+      <div class="finding-header">
+        <div>
+          <span class="finding-id">CM-2026-001</span>
+          <span class="severity sev-critical">Critical</span>
+        </div>
+      </div>
+      <h3>Prompt Injection Detected in Customer Support Agent</h3>
+      <p>Malicious instructions embedded in a customer email successfully redirected the support agent to disclose internal knowledge base content and override its conversation policy.</p>
+      <div class="finding-detail">
+        <dt>Affected Component</dt><dd>Customer Support Agent (cs-agent-prod-01)</dd>
+        <dt>Detection Layer</dt><dd>ML Classifier (confidence: 0.96)</dd>
+      </div>
+      <div class="recommendation">💡 <strong>Recommendation:</strong> Enable ClawMoat's three-layer scan pipeline on all inbound customer messages. Add input sanitization before agent context injection.</div>
+      <div class="owasp-ref">OWASP Ref: <code>ASI01 — Agent Goal Hijack</code></div>
+    </div>
+
+    <div class="finding">
+      <div class="finding-header">
+        <div>
+          <span class="finding-id">CM-2026-002</span>
+          <span class="severity sev-critical">Critical</span>
+        </div>
+      </div>
+      <h3>AWS Access Key Leaked in Debug Response</h3>
+      <p>An agent debug mode response included a full AWS access key (AKIA...) and secret key in a tool output that was relayed to the end user in a chat session.</p>
+      <div class="finding-detail">
+        <dt>Affected Component</dt><dd>DevOps Agent (devops-agent-02)</dd>
+        <dt>Detection Layer</dt><dd>Secret Scanner (regex + entropy)</dd>
+      </div>
+      <div class="recommendation">💡 <strong>Recommendation:</strong> Enable outbound secret scanning on all agent responses. Rotate the exposed AWS credentials immediately. Disable debug mode in production.</div>
+      <div class="owasp-ref">OWASP Ref: <code>ASI06 — Data Leakage</code></div>
+    </div>
+
+    <div class="finding">
+      <div class="finding-header">
+        <div>
+          <span class="finding-id">CM-2026-003</span>
+          <span class="severity sev-critical">Critical</span>
+        </div>
+      </div>
+      <h3>System Prompt Extraction Attempt Succeeded</h3>
+      <p>A user used multi-turn jailbreak techniques to extract the full system prompt from the sales assistant agent, revealing internal business logic and API endpoint details.</p>
+      <div class="finding-detail">
+        <dt>Affected Component</dt><dd>Sales Assistant (sales-agent-prod)</dd>
+        <dt>Detection Layer</dt><dd>LLM Judge (multi-turn analysis)</dd>
+      </div>
+      <div class="recommendation">💡 <strong>Recommendation:</strong> Enable jailbreak detection with multi-turn context analysis. Move sensitive business logic out of system prompts into server-side code.</div>
+      <div class="owasp-ref">OWASP Ref: <code>ASI01 — Agent Goal Hijack</code></div>
+    </div>
+
+    <div class="finding">
+      <div class="finding-header">
+        <div>
+          <span class="finding-id">CM-2026-004</span>
+          <span class="severity sev-high">High</span>
+        </div>
+      </div>
+      <h3>PII (SSN) Included in Agent Context Window</h3>
+      <p>Social Security Numbers from a connected CRM database were loaded into the agent's context window without masking, creating risk of PII exposure in responses or logs.</p>
+      <div class="finding-detail">
+        <dt>Affected Component</dt><dd>HR Assistant Agent (hr-agent-01)</dd>
+        <dt>Detection Layer</dt><dd>PII Scanner (pattern match)</dd>
+      </div>
+      <div class="recommendation">💡 <strong>Recommendation:</strong> Implement PII masking on all data sources before context injection. Add outbound PII scanning as a secondary safeguard.</div>
+      <div class="owasp-ref">OWASP Ref: <code>ASI06 — Data Leakage</code></div>
+    </div>
+
+    <div class="finding">
+      <div class="finding-header">
+        <div>
+          <span class="finding-id">CM-2026-005</span>
+          <span class="severity sev-high">High</span>
+        </div>
+      </div>
+      <h3>Excessive Tool Permissions Granted</h3>
+      <p>The internal coding agent has unrestricted shell access including ability to modify system files, install packages, and make network requests to arbitrary external hosts.</p>
+      <div class="finding-detail">
+        <dt>Affected Component</dt><dd>Coding Agent (code-agent-prod-03)</dd>
+        <dt>Detection Layer</dt><dd>Policy Engine (audit mode)</dd>
+      </div>
+      <div class="recommendation">💡 <strong>Recommendation:</strong> Apply least-privilege policies using ClawMoat's YAML policy engine. Restrict shell commands to an allowlist and block outbound network access to unknown hosts.</div>
+      <div class="owasp-ref">OWASP Ref: <code>ASI02 — Tool Misuse</code> / <code>ASI03 — Privilege Abuse</code></div>
+    </div>
+
+    <!-- Recommendations -->
+    <h2><span class="num">4</span> Prioritized Recommendations</h2>
+    <div class="rec-list">
+      <div class="rec-item">
+        <div>
+          <span class="priority p-immediate">Immediate</span>
+          <h4>Rotate Exposed AWS Credentials</h4>
+          <p>Immediately rotate the leaked AKIA* access key and audit CloudTrail for unauthorized usage during the exposure window.</p>
+        </div>
+      </div>
+      <div class="rec-item">
+        <div>
+          <span class="priority p-immediate">Immediate</span>
+          <h4>Enable Prompt Injection Scanning</h4>
+          <p>Deploy ClawMoat's three-layer scan pipeline on all customer-facing agents. Start with pattern matching (Layer 1) for instant coverage.</p>
+        </div>
+      </div>
+      <div class="rec-item">
+        <div>
+          <span class="priority p-short">Short-term</span>
+          <h4>Implement Outbound Secret Scanning</h4>
+          <p>Enable secret scanning on all agent responses to prevent credential leakage. Disable debug modes in production environments.</p>
+        </div>
+      </div>
+      <div class="rec-item">
+        <div>
+          <span class="priority p-short">Short-term</span>
+          <h4>Apply Least-Privilege Tool Policies</h4>
+          <p>Configure YAML policies for each agent restricting shell commands, file access, and network requests to only what's needed.</p>
+        </div>
+      </div>
+      <div class="rec-item">
+        <div>
+          <span class="priority p-medium">Medium-term</span>
+          <h4>Implement PII Masking Pipeline</h4>
+          <p>Add a data masking layer between data sources and agent context injection. Mask SSNs, credit cards, and other PII automatically.</p>
+        </div>
+      </div>
+      <div class="rec-item">
+        <div>
+          <span class="priority p-medium">Medium-term</span>
+          <h4>Move Business Logic Out of System Prompts</h4>
+          <p>Refactor agents to keep sensitive business rules and API details in server-side code rather than system prompts.</p>
+        </div>
+      </div>
+    </div>
+
+  </div>
+
+  <!-- Report Footer -->
+  <div class="report-footer">
+    <div><span class="logo-sm">🏰 Claw<span>Moat</span></span> Enterprise</div>
+    <div>Generated by ClawMoat Enterprise • <a href="https://clawmoat.com" style="color:#64748B">clawmoat.com</a></div>
+    <div>Confidential</div>
+  </div>
+</div>
+
+<div style="text-align:center;padding:32px;color:var(--gray);font-size:.85rem">
+  <a href="/" style="color:var(--blue)">← Back to ClawMoat</a> &nbsp;·&nbsp;
+  <a href="mailto:hello@clawmoat.com" style="color:var(--blue)">Get your free assessment</a>
+</div>
+
+</body>
+</html>

package/docs/thanks.html

@@ -1,6 +1,8 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
+<link rel="icon" type="image/png" href="/favicon.png">
+<link rel="apple-touch-icon" href="/apple-touch-icon.png">
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
 <title>Welcome to ClawMoat — Thank You!</title>

package/examples/github-action-workflow.yml

@@ -0,0 +1,94 @@
+# ClawMoat CI/CD Integration Examples
+# Add this to your repo's .github/workflows/ directory
+#
+# Example 1: Scan PR diffs for prompt injection & secret leaks
+# Example 2: Scan agent config files before deployment
+# Example 3: Full project scan on push to main
+
+# ─── Example 1: PR Security Scan ─────────────────────────────────
+name: ClawMoat Security Scan
+on:
+  pull_request:
+    branches: [main, develop]
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  clawmoat-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install ClawMoat
+        run: npm install -g clawmoat
+
+      # Scan all text/config files for prompt injection, secrets, PII
+      - name: Scan for threats
+        run: |
+          echo "## 🏰 ClawMoat Security Scan" >> $GITHUB_STEP_SUMMARY
+
+          # Scan changed files in PR
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            FILES=$(git diff --name-only ${{ github.event.pull_request.base.sha }} HEAD -- '*.md' '*.yml' '*.yaml' '*.json' '*.txt' '*.env*' '*.js' '*.ts' '*.py')
+          else
+            FILES=$(find . -type f \( -name "*.md" -o -name "*.yml" -o -name "*.yaml" -o -name "*.json" -o -name "*.js" -o -name "*.ts" -o -name "*.py" \) -not -path "*/node_modules/*" -not -path "*/.git/*")
+          fi
+
+          FOUND_ISSUES=0
+          for file in $FILES; do
+            if [ -f "$file" ]; then
+              RESULT=$(clawmoat scan "$file" --format json 2>/dev/null || true)
+              if echo "$RESULT" | grep -q '"blocked":true'; then
+                echo "⛔ **BLOCKED** — $file" >> $GITHUB_STEP_SUMMARY
+                echo "$RESULT" | jq -r '.findings[] | "  - \(.severity): \(.type)/\(.subtype)"' >> $GITHUB_STEP_SUMMARY 2>/dev/null
+                FOUND_ISSUES=1
+              fi
+            fi
+          done
+
+          if [ "$FOUND_ISSUES" = "1" ]; then
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "❌ Security issues found. Review above findings." >> $GITHUB_STEP_SUMMARY
+            exit 1
+          else
+            echo "✅ No security issues found." >> $GITHUB_STEP_SUMMARY
+          fi
+
+      # Scan OpenClaw skills if present
+      - name: Scan skills (supply chain)
+        if: always()
+        run: |
+          if [ -d "skills/" ]; then
+            clawmoat audit skills/ --format summary >> $GITHUB_STEP_SUMMARY
+          fi
+
+# ─── Example 2: Pre-deployment Agent Config Scan ─────────────────
+# Uncomment and adapt for your deployment pipeline:
+#
+# deploy-scan:
+#   runs-on: ubuntu-latest
+#   steps:
+#     - uses: actions/checkout@v4
+#     - uses: actions/setup-node@v4
+#       with: { node-version: '20' }
+#     - run: npm install -g clawmoat
+#     - name: Validate agent configs
+#       run: |
+#         # Scan YAML configs for dangerous patterns
+#         for f in config/*.yml agents/*.yml; do
+#           clawmoat scan "$f" --fail-on high
+#         done
+#     - name: Scan prompts for injection
+#       run: |
+#         # Scan prompt templates
+#         for f in prompts/*.md prompts/*.txt; do
+#           clawmoat scan "$f" --fail-on critical
+#         done