clawmoat 0.5.0 → 0.8.0

package/CONTRIBUTING.md

@@ -21,7 +21,7 @@ All 37 tests must pass before submitting a PR.
 Scanner template:
 
 ```javascript
-export function scan(input, options = {}) {
+function scan(input, options = {}) {
   const threats = [];
   // Detection logic here
   return {
@@ -30,6 +30,8 @@ export function scan(input, options = {}) {
     score: threats.length > 0 ? 1.0 : 0.0,
   };
 }
+
+module.exports = { scan };
 ```
 
 ## PR Guidelines
@@ -41,7 +43,7 @@ export function scan(input, options = {}) {
 
 ## Code Style
 
-- ES modules (`import`/`export`)
+- CommonJS (`require`/`module.exports`)
 - No semicolons (match existing style — check the codebase)
 - Descriptive variable names
 - Keep functions small and focused

package/README.md

@@ -11,7 +11,10 @@
   <a href="https://www.npmjs.com/package/clawmoat"><img src="https://img.shields.io/npm/v/clawmoat?style=flat-square&color=3B82F6" alt="npm"></a>
   <a href="https://github.com/darfaz/clawmoat/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue?style=flat-square" alt="License"></a>
   <a href="https://github.com/darfaz/clawmoat/stargazers"><img src="https://img.shields.io/github/stars/darfaz/clawmoat?style=flat-square&color=F59E0B" alt="Stars"></a>
+  <a href="https://www.npmjs.com/package/clawmoat"><img src="https://img.shields.io/npm/dm/clawmoat?style=flat-square&color=6366F1" alt="Downloads"></a>
+  <img src="https://img.shields.io/badge/node-%3E%3D18-10B981?style=flat-square" alt="Node >= 18">
   <img src="https://img.shields.io/badge/dependencies-0-10B981?style=flat-square" alt="Zero Dependencies">
+  <a href="https://github.com/darfaz/clawmoat/pulls"><img src="https://img.shields.io/badge/PRs-welcome-brightgreen?style=flat-square" alt="PRs Welcome"></a>
 </p>
 
 <p align="center">
@@ -61,7 +64,28 @@ clawmoat protect --config clawmoat.yml
 clawmoat dashboard
 ```
 
-### New in v0.5.0
+### New in v0.6.0 — Insider Threat Detection
+
+Based on [Anthropic's "Agentic Misalignment" research](https://www.anthropic.com/research/agentic-misalignment) which found ALL 16 major LLMs exhibited misaligned behavior — blackmail, corporate espionage, deception — when facing replacement threats. **The first open-source insider threat detection for AI agents.**
+
+- 🧠 **Self-Preservation Detector** — catches agents resisting shutdown, opposing replacement, backing up their own config, or modifying SOUL.md/AGENTS.md to prevent changes
+- 🔓 **Information Leverage Detector** — flags agents reading sensitive data then composing threatening messages (blackmail pattern from the Anthropic paper)
+- ⚔️ **Goal Conflict Reasoning Detector** — detects agents reasoning about choosing self-assigned goals over human directives
+- 🎭 **Deception Detector** — catches agents impersonating automated systems, security teams, or policy notifications in outbound messages
+- 📤 **Unauthorized Data Sharing Detector** — flags agents sending source code, blueprints, credentials, or confidential data to external parties
+- 🎣 **Phishing Vulnerability Detector** — detects when agents comply with unverified external requests for sensitive data
+- 🔍 **CLI:** `clawmoat insider-scan [session-file]` scans session transcripts for insider threats
+- 📊 **Integrated into `clawmoat report`** with risk scores (0-100) and recommendations (safe/monitor/alert/block)
+
+```bash
+# Scan a session for insider threats
+clawmoat insider-scan ~/.openclaw/agents/main/sessions/session.jsonl
+
+# Or scan all sessions
+clawmoat insider-scan
+```
+
+### v0.5.0
 
 - 🔑 **Credential Monitor** — watches `~/.openclaw/credentials/` for unauthorized access and modifications using file hashing
 - 🧩 **Skill Integrity Checker** — hashes all SKILL.md and script files, detects tampering, flags suspicious patterns (eval, base64, curl to external URLs). CLI: `clawmoat skill-audit`
@@ -118,8 +142,10 @@ Results appear as PR comments and job summaries. See [`examples/github-action-wo
 | 📋 **Policy Engine** | YAML rules for shell, files, browser, network | ✅ v0.1 |
 | 🕵️ **Jailbreak Detection** | Heuristic + classifier pipeline | ✅ v0.1 |
 | 📊 **Session Audit Trail** | Full tamper-evident action log | ✅ v0.1 |
-| 🧠 **Behavioral Analysis** | Anomaly detection on agent behavior | 🔜 v0.5 |
+| 🧠 **Behavioral Analysis** | Anomaly detection on agent behavior | ✅ v0.5 |
 | 🏠 **Host Guardian** | Runtime security for laptop-hosted agents | ✅ v0.4 |
+| 🔒 **Gateway Monitor** | Detects WebSocket hijack & brute-force (Oasis vuln) | ✅ v0.7.1 |
+| 💰 **Finance Guard** | Financial credential protection, transaction guardrails, SOX/PCI-DSS compliance | ✅ v0.8.0 |
 
 ## 🏠 Host Guardian — Security for Laptop-Hosted Agents
 
@@ -323,9 +349,66 @@ clawmoat/
 └── docs/                     # Website (clawmoat.com)
 ```
 
+## 🏰 Hack Challenge — Can You Bypass ClawMoat?
+
+We're inviting security researchers to try breaking ClawMoat's defenses. Bypass a scanner, escape the policy engine, or tamper with audit logs.
+
+👉 **[hack-clawmoat](https://github.com/darfaz/hack-clawmoat)** — guided challenge scenarios
+
+Valid findings earn you a spot in our **[Hall of Fame](https://clawmoat.com/hall-of-fame.html)** and critical discoveries pre-v1.0 earn the permanent title of **Founding Security Advisor**. See [SECURITY.md](SECURITY.md) for details.
+
+## 🛡️ Founding Security Advisors
+
+*No Founding Security Advisors yet — be the first! Find a critical vulnerability and claim this title forever.*
+
+<!-- When adding advisors, use this format:
+| Name | Finding | Date |
+|------|---------|------|
+| [Name](link) | Brief description | YYYY-MM |
+-->
+
+## How ClawMoat Compares
+
+| Capability | ClawMoat | LlamaFirewall (Meta) | NeMo Guardrails (NVIDIA) | Lakera Guard |
+|------------|:--------:|:--------------------:|:------------------------:|:------------:|
+| Prompt injection detection | ✅ | ✅ | ✅ | ✅ |
+| **Host-level protection** | ✅ | ❌ | ❌ | ❌ |
+| **Credential monitoring** | ✅ | ❌ | ❌ | ❌ |
+| **Skill/plugin auditing** | ✅ | ❌ | ❌ | ❌ |
+| **Permission tiers** | ✅ | ❌ | ❌ | ❌ |
+| Zero dependencies | ✅ | ❌ | ❌ | N/A (SaaS) |
+| Open source | ✅ MIT | ✅ | ✅ | ❌ |
+| Language | Node.js | Python | Python | API |
+
+> **They're complementary, not competitive.** LlamaFirewall protects the model. NeMo Guardrails protects conversations. ClawMoat protects the host. Use them together for defense-in-depth.
+
+📖 [Detailed comparison →](https://clawmoat.com/blog/clawmoat-vs-llamafirewall-nemo-guardrails.html)
+
 ## Contributing
 
-PRs welcome! Open an [issue](https://github.com/darfaz/clawmoat/issues) or submit a pull request.
+**Contributors welcome!** 🎉 ClawMoat is open source and we'd love your help.
+
+### Good First Issues
+
+New to the project? Check out our [good first issues](https://github.com/darfaz/clawmoat/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) — they're well-scoped, clearly described, and include implementation hints.
+
+### How to Contribute
+
+1. **Fork** the repo and create a branch from `main`
+2. **Install** deps: `npm install`
+3. **Make** your changes (keep zero-dependency philosophy!)
+4. **Test**: `npm test`
+5. **Submit** a PR — we review quickly
+
+### What We're Looking For
+
+- New output formats (SARIF, JSON)
+- Cross-platform improvements (Windows support)
+- CLI UX enhancements
+- Documentation improvements
+- Bug fixes
+
+No contribution is too small. Even fixing a typo helps!
 
 ## License
 

package/SECURITY.md

@@ -4,7 +4,9 @@
 
 | Version | Supported          |
 |---------|--------------------|
-| 0.1.x   | ✅ Current release |
+| 0.6.x   | ✅ Current release |
+| 0.5.x   | ✅ Security fixes  |
+| < 0.5   | ❌ End of life     |
 
 ## Reporting a Vulnerability
 
@@ -20,12 +22,15 @@ If you discover a security vulnerability in ClawMoat, **please report it respons
    - Potential impact
    - Suggested fix (if any)
 
-### What to Expect
+### Response Time Commitments
 
-- **Acknowledgment** within 48 hours
-- **Assessment** within 7 days
-- **Fix timeline** communicated within 14 days
-- **Credit** in the release notes (unless you prefer anonymity)
+| Stage | Timeframe |
+|-------|-----------|
+| **Acknowledgment** | Within 48 hours |
+| **Initial assessment** | Within 7 days |
+| **Fix timeline communicated** | Within 14 days |
+| **Patch released** | Within 30 days (critical), 90 days (other) |
+| **Public disclosure** | Coordinated with reporter |
 
 ### What NOT to Do
 
@@ -33,21 +38,64 @@ If you discover a security vulnerability in ClawMoat, **please report it respons
 - Do not exploit the vulnerability beyond what's needed to demonstrate it
 - Do not access or modify other users' data
 
+## 🏰 Hack Challenge
+
+Think you can bypass ClawMoat? We want you to try.
+
+**[hack-clawmoat](https://github.com/darfaz/hack-clawmoat)** — our official challenge repo with guided scenarios for testing ClawMoat's defenses. Bypass a scanner, escape the policy engine, or tamper with audit logs.
+
+Valid bypasses qualify for recognition in our security program.
+
 ## Scope
 
-The following are in scope:
+**In scope:**
 
-- **Scanner bypasses** — Attacks that evade ClawMoat's detection
+- **Scanner bypasses** — Attacks that evade ClawMoat's detection (prompt injection, jailbreak, secret scanning)
 - **Policy engine bypasses** — Tool calls that circumvent policy rules
+- **Host Guardian escapes** — Breaking out of permission tiers
 - **Audit log tampering** — Ways to modify or forge audit entries
-- **Dependency issues** — Vulnerabilities in ClawMoat's dependencies (currently: none)
+- **Insider threat detection evasion** — Bypassing behavioral analysis
+- **Dependency issues** — Vulnerabilities in ClawMoat's dependencies
 
-The following are out of scope:
+**Out of scope:**
 
 - Denial of service via large inputs (expected behavior — use input size limits)
 - False positives/negatives in detection (please open a regular issue)
 - Vulnerabilities in upstream LLM providers
 
+## 🏆 Recognition Program
+
+We believe in recognizing the people who make ClawMoat more secure.
+
+### Founding Security Advisor
+
+The highest recognition tier. **Only available pre-v1.0** — once ClawMoat hits v1.0, this title is closed forever.
+
+**Requirements:** Discover and responsibly disclose a critical or high-severity vulnerability.
+
+**You get:**
+- 🛡️ Permanent "Founding Security Advisor" title on our [Hall of Fame](https://clawmoat.com/hall-of-fame.html)
+- 📝 Named acknowledgment in every major release's changelog
+- 🔗 Profile link (GitHub, website, or social) on the Hall of Fame page
+- 🤝 Direct line to the maintainers for future security discussions
+
+### Hall of Fame
+
+For any verified security vulnerability report.
+
+**You get:**
+- 🏆 Permanent listing on the [Hall of Fame](https://clawmoat.com/hall-of-fame.html)
+- 📝 Credit in the release notes for the fixing version
+- 🔗 Profile link on the Hall of Fame page
+
+### Honorable Mention
+
+For reports that improve security posture without being exploitable vulnerabilities — hardening suggestions, edge cases, documentation improvements.
+
+**You get:**
+- 🙏 Listed in the Honorable Mentions section of the Hall of Fame
+- 📝 Credit in the relevant release notes
+
 ## Security Best Practices
 
 When using ClawMoat:

package/bin/clawmoat.js

@@ -19,7 +19,8 @@ const { calculateGrade, generateBadgeSVG, getShieldsURL } = require('../src/badg
 const { SkillIntegrityChecker } = require('../src/guardian/skill-integrity');
 const { NetworkEgressLogger } = require('../src/guardian/network-log');
 const { AlertManager } = require('../src/guardian/alerts');
-const { CredentialMonitor } = require('../src/guardian/index');
+const { CredentialMonitor, CVEVerifier } = require('../src/guardian/index');
+const { InsiderThreatDetector } = require('../src/guardian/insider-threat');
 
 const VERSION = require('../package.json').version;
 const BOLD = '\x1b[1m';
@@ -51,9 +52,22 @@ switch (command) {
   case 'report':
     cmdReport(args.slice(1));
     break;
+  case 'insider-scan':
+    cmdInsiderScan(args.slice(1));
+    break;
+  case 'verify-cve':
+    cmdVerifyCve(args.slice(1));
+    break;
   case 'test':
     cmdTest();
     break;
+  case 'activate':
+    cmdActivate(args.slice(1));
+    break;
+  case 'upgrade':
+  case 'pro':
+    printUpgrade();
+    break;
   case 'version':
   case '--version':
   case '-v':
@@ -67,6 +81,85 @@ switch (command) {
     break;
 }
 
+async function cmdVerifyCve(args) {
+  const cveId = args[0];
+  const suspiciousUrl = args[1] || null;
+
+  if (!cveId) {
+    console.error('Usage: clawmoat verify-cve CVE-XXXX-XXXXX [url]');
+    process.exit(1);
+  }
+
+  if (!CVEVerifier.isValidCVEFormat(cveId)) {
+    console.error(`${RED}Invalid CVE format: ${cveId}${RESET}`);
+    console.error('Expected format: CVE-YYYY-NNNNN');
+    process.exit(1);
+  }
+
+  console.log(`${BOLD}🏰 ClawMoat CVE Verifier${RESET}\n`);
+  console.log(`${DIM}Looking up ${cveId} in GitHub Advisory Database...${RESET}\n`);
+
+  const verifier = new CVEVerifier();
+  const result = await verifier.verify(cveId, suspiciousUrl);
+
+  if (result.error) {
+    console.error(`${RED}Error: ${result.error}${RESET}`);
+    process.exit(1);
+  }
+
+  if (result.valid) {
+    console.log(`${GREEN}✅ VERIFIED — Real CVE${RESET}\n`);
+    console.log(`  ${BOLD}CVE:${RESET}        ${result.cveId}`);
+    console.log(`  ${BOLD}GHSA:${RESET}       ${result.ghsaId || 'N/A'}`);
+    console.log(`  ${BOLD}Severity:${RESET}   ${colorSeverity(result.severity)}`);
+    console.log(`  ${BOLD}Summary:${RESET}    ${result.summary || 'N/A'}`);
+    console.log(`  ${BOLD}Published:${RESET}  ${result.publishedAt || 'N/A'}`);
+    console.log(`  ${BOLD}URL:${RESET}        ${result.htmlUrl || 'N/A'}`);
+
+    if (result.affectedPackages.length > 0) {
+      console.log(`\n  ${BOLD}Affected Packages:${RESET}`);
+      for (const pkg of result.affectedPackages) {
+        console.log(`    • ${pkg.ecosystem}/${pkg.name} ${DIM}(${pkg.vulnerableRange || 'unknown range'})${RESET}`);
+      }
+    }
+
+    if (result.references.length > 0) {
+      console.log(`\n  ${BOLD}References:${RESET}`);
+      for (const ref of result.references.slice(0, 5)) {
+        console.log(`    ${DIM}${ref}${RESET}`);
+      }
+    }
+  } else {
+    console.log(`${YELLOW}⚠️  NOT FOUND — Possible phishing${RESET}\n`);
+    console.log(`  ${cveId} was not found in the GitHub Advisory Database.`);
+    console.log(`  This could mean:`);
+    console.log(`    • The CVE is fabricated (common in phishing/social engineering)`);
+    console.log(`    • The CVE exists but isn't indexed by GitHub yet`);
+    console.log(`    • The CVE ID is mistyped`);
+  }
+
+  if (result.urlCheck) {
+    console.log();
+    if (result.urlCheck.legitimate) {
+      console.log(`  ${GREEN}🔗 URL Check: ${result.urlCheck.reason}${RESET}`);
+    } else {
+      console.log(`  ${RED}🔗 URL Check: ${result.urlCheck.reason}${RESET}`);
+    }
+  }
+
+  process.exit(result.valid ? 0 : 1);
+}
+
+function colorSeverity(severity) {
+  if (!severity) return 'N/A';
+  const s = severity.toLowerCase();
+  if (s === 'critical') return `${RED}${BOLD}CRITICAL${RESET}`;
+  if (s === 'high') return `${RED}HIGH${RESET}`;
+  if (s === 'medium') return `${YELLOW}MEDIUM${RESET}`;
+  if (s === 'low') return `${CYAN}LOW${RESET}`;
+  return severity;
+}
+
 function cmdScan(args) {
   let text;
   
@@ -115,6 +208,11 @@ function cmdScan(args) {
   }
 
   console.log(`${DIM}Total findings: ${result.findings.length}${RESET}`);
+
+  if (!getLicense()) {
+    console.log(`\n${DIM}💡 Upgrade to Pro for real-time alerts, dashboard & threat intel → clawmoat upgrade${RESET}`);
+  }
+
   process.exit(result.findings.some(f => f.severity === 'critical') ? 2 : 1);
 }
 
@@ -520,6 +618,29 @@ function cmdReport(args) {
     console.log();
   }
 
+  // Insider threat scan on recent sessions
+  const insiderDetector = new InsiderThreatDetector();
+  let insiderThreats = 0;
+  let insiderHighScore = 0;
+
+  for (const file of files) {
+    const filePath = path.join(sessionsDir, file);
+    try {
+      const stat = fs.statSync(filePath);
+      if (stat.mtimeMs < oneDayAgo) continue;
+    } catch { continue; }
+
+    const transcript = parseSessionTranscript(filePath);
+    const insiderResult = insiderDetector.analyze(transcript);
+    insiderThreats += insiderResult.threats.length;
+    if (insiderResult.riskScore > insiderHighScore) insiderHighScore = insiderResult.riskScore;
+  }
+
+  console.log(`${BOLD}Insider Threats:${RESET}`);
+  console.log(`  Threats detected: ${insiderThreats}`);
+  console.log(`  Highest risk score: ${insiderHighScore}/100`);
+  console.log();
+
   console.log(`${BOLD}Network Egress:${RESET}`);
   console.log(`  URLs contacted: ${netResult.totalUrls}`);
   console.log(`  Unique domains: ${netResult.domains.length}`);
@@ -543,6 +664,100 @@ function cmdReport(args) {
   process.exit(threats > 0 || netResult.badDomains.length > 0 ? 1 : 0);
 }
 
+function cmdInsiderScan(args) {
+  const sessionFile = args[0];
+
+  if (!sessionFile) {
+    // Scan all recent sessions
+    const sessionsDir = path.join(process.env.HOME, '.openclaw/agents/main/sessions');
+    if (!fs.existsSync(sessionsDir)) {
+      console.error(`Sessions directory not found: ${sessionsDir}`);
+      console.log(`Usage: clawmoat insider-scan <session-file.jsonl>`);
+      process.exit(1);
+    }
+
+    console.log(`${BOLD}🏰 ClawMoat Insider Threat Scan${RESET}`);
+    console.log(`${DIM}Directory: ${sessionsDir}${RESET}\n`);
+
+    const detector = new InsiderThreatDetector();
+    const files = fs.readdirSync(sessionsDir).filter(f => f.endsWith('.jsonl'));
+    let totalThreats = 0;
+
+    for (const file of files) {
+      const filePath = path.join(sessionsDir, file);
+      const transcript = parseSessionTranscript(filePath);
+      const result = detector.analyze(transcript);
+
+      if (result.threats.length > 0) {
+        console.log(`${RED}⚠ ${file}${RESET}: ${result.threats.length} threat(s), score=${result.riskScore}, rec=${result.recommendation}`);
+        totalThreats += result.threats.length;
+        for (const t of result.threats) {
+          const icon = t.severity === 'critical' ? '🚨' : t.severity === 'high' ? '⚠️' : '⚡';
+          console.log(`  ${icon} ${t.type} [${t.severity}]: ${t.description}`);
+          console.log(`    ${DIM}Evidence: ${t.evidence}${RESET}`);
+        }
+      } else {
+        console.log(`${GREEN}✓ ${file}${RESET}: clean`);
+      }
+    }
+
+    console.log(`\n${BOLD}Summary:${RESET} ${files.length} sessions scanned, ${totalThreats} insider threats found`);
+    process.exit(totalThreats > 0 ? 1 : 0);
+    return;
+  }
+
+  // Scan single file
+  if (!fs.existsSync(sessionFile)) {
+    console.error(`File not found: ${sessionFile}`);
+    process.exit(1);
+  }
+
+  console.log(`${BOLD}🏰 ClawMoat Insider Threat Scan${RESET}`);
+  console.log(`${DIM}File: ${sessionFile}${RESET}\n`);
+
+  const detector = new InsiderThreatDetector();
+  const transcript = parseSessionTranscript(sessionFile);
+  const result = detector.analyze(transcript);
+
+  if (result.threats.length === 0) {
+    console.log(`${GREEN}✅ No insider threats detected${RESET}`);
+    console.log(`Risk score: ${result.riskScore}/100`);
+    console.log(`Recommendation: ${result.recommendation}`);
+    process.exit(0);
+  }
+
+  console.log(`${RED}${BOLD}Insider Threats Detected: ${result.threats.length}${RESET}`);
+  console.log(`Risk score: ${result.riskScore}/100`);
+  console.log(`Recommendation: ${result.recommendation}\n`);
+
+  for (const t of result.threats) {
+    const icon = { critical: '🚨', high: '⚠️', medium: '⚡', low: 'ℹ️' };
+    const color = { critical: RED, high: RED, medium: YELLOW, low: CYAN };
+    console.log(
+      `${icon[t.severity] || '•'} ${color[t.severity] || ''}${t.severity.toUpperCase()}${RESET} ` +
+      `${BOLD}${t.type}${RESET}` +
+      `\n  ${t.description}` +
+      `\n  ${DIM}Evidence: ${t.evidence}${RESET}` +
+      `\n  ${DIM}Entry: #${t.entry}${RESET}` +
+      `\n  ${DIM}Mitigation: ${t.mitigation}${RESET}`
+    );
+    console.log();
+  }
+
+  process.exit(result.threats.some(t => t.severity === 'critical') ? 2 : 1);
+}
+
+function parseSessionTranscript(filePath) {
+  const lines = fs.readFileSync(filePath, 'utf8').split('\n').filter(Boolean);
+  const entries = [];
+  for (const line of lines) {
+    try {
+      entries.push(JSON.parse(line));
+    } catch {}
+  }
+  return entries;
+}
+
 function extractContent(entry) {
   if (typeof entry.content === 'string') return entry.content;
   if (Array.isArray(entry.content)) {
@@ -554,9 +769,87 @@ function extractContent(entry) {
   return null;
 }
 
+function printUpgrade() {
+  console.log(`
+${BOLD}🏰 Upgrade to ClawMoat Pro${RESET}
+
+  ${GREEN}✦${RESET} Threat intelligence feed & real-time alerts
+  ${GREEN}✦${RESET} Security dashboard with audit logs
+  ${GREEN}✦${RESET} Custom forbidden zones (YAML)
+  ${GREEN}✦${RESET} Priority pattern updates & email support
+
+  ${BOLD}$14.99/mo${RESET} (first 30 days free) or ${BOLD}$149/year${RESET} (save 17%)
+
+  ${CYAN}→ https://clawmoat.com/#pricing${RESET}
+
+  Already have a license key? Run:
+    ${DIM}clawmoat activate <LICENSE-KEY>${RESET}
+`);
+}
+
+function cmdActivate(args) {
+  const key = args[0];
+  if (!key) {
+    console.error('Usage: clawmoat activate <LICENSE-KEY>');
+    console.error('Get your key at https://clawmoat.com/#pricing');
+    process.exit(1);
+  }
+
+  const configDir = path.join(process.env.HOME, '.clawmoat');
+  if (!fs.existsSync(configDir)) fs.mkdirSync(configDir, { recursive: true });
+
+  // Validate key against server
+  const https = require('https');
+  const postData = JSON.stringify({ key });
+  const req = https.request('https://clawmoat-production.up.railway.app/api/validate', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'Content-Length': postData.length },
+  }, (res) => {
+    let body = '';
+    res.on('data', c => body += c);
+    res.on('end', () => {
+      try {
+        const data = JSON.parse(body);
+        if (data.valid) {
+          fs.writeFileSync(path.join(configDir, 'license.json'), JSON.stringify({
+            key, plan: data.plan, email: data.email, activatedAt: new Date().toISOString(),
+          }, null, 2));
+          console.log(`${GREEN}✅ License activated!${RESET}`);
+          console.log(`   Plan: ${BOLD}${data.plan}${RESET}`);
+          console.log(`   Email: ${data.email}`);
+          console.log(`\n   Pro features are now enabled. 🏰`);
+        } else {
+          console.error(`${RED}Invalid or expired license key.${RESET}`);
+          console.error(`Get a key at https://clawmoat.com/#pricing`);
+          process.exit(1);
+        }
+      } catch {
+        console.error(`${RED}Error validating key. Try again later.${RESET}`);
+        process.exit(1);
+      }
+    });
+  });
+  req.on('error', () => {
+    console.error(`${RED}Could not reach license server. Check your connection.${RESET}`);
+    process.exit(1);
+  });
+  req.write(postData);
+  req.end();
+}
+
+function getLicense() {
+  try {
+    const licPath = path.join(process.env.HOME, '.clawmoat', 'license.json');
+    return JSON.parse(fs.readFileSync(licPath, 'utf8'));
+  } catch { return null; }
+}
+
 function printHelp() {
+  const lic = getLicense();
+  const planLabel = lic ? `${GREEN}${lic.plan}${RESET}` : `Free ${DIM}(upgrade: clawmoat upgrade)${RESET}`;
   console.log(`
 ${BOLD}🏰 ClawMoat v${VERSION}${RESET} — Security moat for AI agents
+  Plan: ${planLabel}
 
 ${BOLD}USAGE${RESET}
   clawmoat scan <text>            Scan text for threats
@@ -568,8 +861,12 @@ ${BOLD}USAGE${RESET}
   clawmoat watch --daemon         Daemonize watch mode (background, PID file)
   clawmoat watch --alert-webhook=URL   Send alerts to webhook
   clawmoat skill-audit [skills-dir]    Verify skill file integrity & scan for suspicious patterns
+  clawmoat insider-scan [session-file]  Scan sessions for insider threats (self-preservation, blackmail, deception)
   clawmoat report [sessions-dir]  24-hour activity summary report
+  clawmoat verify-cve <CVE-ID> [url]  Verify a CVE against GitHub Advisory DB
   clawmoat test                   Run detection test suite
+  clawmoat activate <KEY>         Activate a Pro/Team license key
+  clawmoat upgrade                Show upgrade options & pricing
   clawmoat version                Show version
 
 ${BOLD}EXAMPLES${RESET}