clawmoat 0.7.0 → 0.8.0

package/docs/hall-of-fame.html

@@ -0,0 +1,168 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<link rel="icon" type="image/png" href="/favicon.png">
+<link rel="apple-touch-icon" href="/apple-touch-icon.png">
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Hall of Fame — ClawMoat Security Researchers</title>
+<meta name="description" content="Recognizing the security researchers who help make ClawMoat stronger. Report vulnerabilities and earn your place in the Hall of Fame.">
+<link rel="canonical" href="https://clawmoat.com/hall-of-fame.html">
+<meta property="og:title" content="Hall of Fame — ClawMoat Security Researchers">
+<meta property="og:description" content="Recognizing the security researchers who help make ClawMoat stronger.">
+<meta property="og:url" content="https://clawmoat.com/hall-of-fame.html">
+<meta property="og:type" content="website">
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+:root{--navy:#0F172A;--navy-light:#1E293B;--navy-mid:#334155;--blue:#3B82F6;--emerald:#10B981;--white:#F8FAFC;--gray:#94A3B8;--gold:#F59E0B;--red:#EF4444}
+html{scroll-behavior:smooth}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;background:var(--navy);color:var(--white);line-height:1.6;overflow-x:hidden}
+a{color:var(--blue);text-decoration:none}
+a:hover{text-decoration:underline}
+.container{max-width:1140px;margin:0 auto;padding:0 24px}
+
+nav{position:fixed;top:0;left:0;right:0;z-index:100;background:rgba(15,23,42,.92);backdrop-filter:blur(12px);border-bottom:1px solid rgba(59,130,246,.15);padding:16px 0}
+nav .container{display:flex;align-items:center;justify-content:space-between}
+.logo{font-size:1.25rem;font-weight:700;display:flex;align-items:center;gap:8px;color:var(--white)}
+.nav-links{display:flex;gap:28px;align-items:center}
+.nav-links a{color:var(--gray);font-size:.9rem;transition:color .2s}
+.nav-links a:hover{color:var(--white);text-decoration:none}
+.nav-links .btn-sm{color:var(--navy);background:var(--emerald);padding:6px 28px;border-radius:20px;font-weight:600;font-size:.85rem;white-space:nowrap}
+.menu-toggle{display:none;background:none;border:none;color:var(--white);font-size:1.5rem;cursor:pointer}
+
+.hero{padding:160px 0 80px;text-align:center}
+.hero h1{font-size:3rem;margin-bottom:16px;background:linear-gradient(135deg,var(--gold),var(--emerald));-webkit-background-clip:text;-webkit-text-fill-color:transparent}
+.hero p{font-size:1.2rem;color:var(--gray);max-width:700px;margin:0 auto 40px}
+
+.tiers{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:32px;margin-bottom:80px}
+.tier{background:var(--navy-light);border-radius:16px;padding:40px;border:1px solid var(--navy-mid);text-align:center}
+.tier h2{font-size:1.5rem;margin-bottom:12px}
+.tier .icon{font-size:3rem;margin-bottom:16px}
+.tier p{color:var(--gray);font-size:.95rem;line-height:1.7}
+.tier.gold{border-color:var(--gold)}
+.tier.gold h2{color:var(--gold)}
+
+.researchers{margin-bottom:80px}
+.researchers h2{font-size:2rem;text-align:center;margin-bottom:40px}
+.empty-state{text-align:center;padding:60px 40px;background:var(--navy-light);border-radius:16px;border:1px dashed var(--navy-mid)}
+.empty-state .icon{font-size:4rem;margin-bottom:16px}
+.empty-state p{color:var(--gray);font-size:1.1rem;margin-bottom:24px}
+.cta-btn{display:inline-block;background:var(--emerald);color:var(--navy);padding:12px 32px;border-radius:12px;font-weight:700;font-size:1rem;transition:opacity .2s}
+.cta-btn:hover{opacity:.9;text-decoration:none}
+.cta-btn.gold-btn{background:var(--gold)}
+
+.how-it-works{margin-bottom:80px}
+.how-it-works h2{font-size:2rem;text-align:center;margin-bottom:40px}
+.steps{display:grid;grid-template-columns:repeat(auto-fit,minmax(240px,1fr));gap:24px}
+.step{background:var(--navy-light);border-radius:12px;padding:32px;text-align:center;border:1px solid var(--navy-mid)}
+.step .num{display:inline-block;width:40px;height:40px;line-height:40px;border-radius:50%;background:var(--blue);color:var(--white);font-weight:700;margin-bottom:12px}
+.step h3{margin-bottom:8px}
+.step p{color:var(--gray);font-size:.9rem}
+
+footer{border-top:1px solid var(--navy-mid);padding:40px 0;text-align:center;color:var(--gray);font-size:.85rem}
+
+@media(max-width:768px){
+  .hero h1{font-size:2rem}
+  .menu-toggle{display:block}
+  .nav-links{display:none}
+  .nav-links.open{display:flex;flex-direction:column;position:absolute;top:100%;left:0;right:0;background:var(--navy);padding:20px;gap:16px;border-bottom:1px solid var(--navy-mid)}
+}
+</style>
+</head>
+<body>
+
+<nav>
+<div class="container">
+  <div class="logo"><a href="/"><img src="/logo.svg" alt="ClawMoat" style="height:44px"></a></div>
+  <button class="menu-toggle" onclick="document.querySelector('.nav-links').classList.toggle('open')" aria-label="Menu">☰</button>
+  <div class="nav-links">
+    <a href="/">Home</a>
+    <a href="/blog/">Blog</a>
+    <a href="https://github.com/darfaz/clawmoat">GitHub</a>
+    <a href="https://github.com/darfaz/clawmoat/blob/main/SECURITY.md">Report a Bug</a>
+    <a href="/" class="btn-sm">Get Started</a>
+  </div>
+</div>
+</nav>
+
+<section class="hero">
+<div class="container">
+  <h1>🏆 Hall of Fame</h1>
+  <p>Recognizing the security researchers who help make ClawMoat stronger. Find a vulnerability, earn your place here forever.</p>
+</div>
+</section>
+
+<section class="container">
+
+<div class="tiers">
+  <div class="tier gold">
+    <div class="icon">🛡️</div>
+    <h2>Founding Security Advisor</h2>
+    <p>The highest honor. Reserved for researchers who discover critical vulnerabilities during ClawMoat's early days (pre-v1.0). Founding Advisors get permanent recognition, a profile link on this page, and acknowledgment in every major release. This title can never be earned again after v1.0.</p>
+  </div>
+  <div class="tier">
+    <div class="icon">🏆</div>
+    <h2>Hall of Fame</h2>
+    <p>For any verified security vulnerability report — scanner bypasses, policy engine escapes, audit log tampering, or any other valid security finding. Your name (or handle) and contribution are listed permanently.</p>
+  </div>
+  <div class="tier">
+    <div class="icon">🙏</div>
+    <h2>Honorable Mention</h2>
+    <p>For reports that don't qualify as security vulnerabilities but still improve ClawMoat's security posture — edge cases, hardening suggestions, documentation improvements, or defense-in-depth recommendations.</p>
+  </div>
+</div>
+
+<div class="researchers">
+  <h2>Founding Security Advisors</h2>
+  <div class="empty-state">
+    <div class="icon">🔍</div>
+    <p>No Founding Security Advisors yet. Be the first to find a critical vulnerability and claim this title forever.</p>
+    <a href="https://github.com/darfaz/clawmoat/blob/main/SECURITY.md" class="cta-btn gold-btn">Read the Security Policy →</a>
+  </div>
+</div>
+
+<div class="researchers">
+  <h2>Hall of Fame Researchers</h2>
+  <div class="empty-state">
+    <div class="icon">🏰</div>
+    <p>The Hall of Fame awaits its first member. Can you bypass ClawMoat's defenses?</p>
+    <a href="https://github.com/darfaz/hack-clawmoat" class="cta-btn">Take the Hack Challenge →</a>
+  </div>
+</div>
+
+<div class="how-it-works">
+  <h2>How It Works</h2>
+  <div class="steps">
+    <div class="step">
+      <div class="num">1</div>
+      <h3>Find a Bug</h3>
+      <p>Test ClawMoat's scanners, policy engine, or any component. Try the <a href="https://github.com/darfaz/hack-clawmoat">Hack Challenge</a> for guided scenarios.</p>
+    </div>
+    <div class="step">
+      <div class="num">2</div>
+      <h3>Report It</h3>
+      <p>Email <strong>security@clawmoat.com</strong> with details, reproduction steps, and impact assessment. See <a href="https://github.com/darfaz/clawmoat/blob/main/SECURITY.md">SECURITY.md</a>.</p>
+    </div>
+    <div class="step">
+      <div class="num">3</div>
+      <h3>Get Verified</h3>
+      <p>We'll acknowledge within 48 hours and assess within 7 days. Valid findings get a CVE if applicable.</p>
+    </div>
+    <div class="step">
+      <div class="num">4</div>
+      <h3>Get Recognized</h3>
+      <p>Your name goes on the Hall of Fame permanently. Critical findings pre-v1.0 earn the Founding Security Advisor title.</p>
+    </div>
+  </div>
+</div>
+
+</section>
+
+<footer>
+<div class="container">
+  <p>🏰 ClawMoat — The Trust Layer for AI Agents &nbsp;|&nbsp; <a href="https://github.com/darfaz/clawmoat">GitHub</a> &nbsp;|&nbsp; <a href="https://github.com/darfaz/clawmoat/blob/main/SECURITY.md">Security Policy</a></p>
+</div>
+</footer>
+
+</body>
+</html>

package/docs/index.html

@@ -5,21 +5,21 @@
 <link rel="apple-touch-icon" href="/apple-touch-icon.png">
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>ClawMoat — The Trust Layer for AI Agents, Wherever They Run</title>
-<meta name="description" content="The trust layer for AI agents — laptop, dedicated machine, or cloud. Runtime security, credential monitoring, skill integrity checking, and full audit trails.">
+<title>ClawMoat — The Security Layer Between AI Agents and Your Machine</title>
+<meta name="description" content="The only open-source tool that protects your SSH keys, credentials, and file system from AI agents. Host-level security with permission tiers, forbidden zones, and full audit trails. Zero dependencies.">
 <link rel="canonical" href="https://clawmoat.com/">
 
 <!-- Open Graph -->
-<meta property="og:title" content="ClawMoat — The Trust Layer for AI Agents, Wherever They Run">
-<meta property="og:description" content="The trust layer for AI agents — laptop, dedicated machine, or cloud. Runtime security, credential monitoring, skill integrity checking, and full audit trails.">
+<meta property="og:title" content="ClawMoat — They Protect the Model. We Protect Your Machine.">
+<meta property="og:description" content="The only open-source security layer that guards your SSH keys, credentials, and file system from AI agents. Permission tiers, forbidden zones, audit trails. One npm install.">
 <meta property="og:image" content="https://clawmoat.com/og-image.png">
 <meta property="og:url" content="https://clawmoat.com">
 <meta property="og:type" content="website">
 
 <!-- Twitter Card -->
 <meta name="twitter:card" content="summary_large_image">
-<meta name="twitter:title" content="ClawMoat — The Trust Layer for AI Agents, Wherever They Run">
-<meta name="twitter:description" content="The trust layer for AI agents — laptop, dedicated machine, or cloud. Runtime security, credential monitoring, skill integrity checking, and full audit trails.">
+<meta name="twitter:title" content="ClawMoat — They Protect the Model. We Protect Your Machine.">
+<meta name="twitter:description" content="The only open-source security layer that guards your SSH keys, credentials, and file system from AI agents. Permission tiers, forbidden zones, audit trails.">
 <meta name="twitter:image" content="https://clawmoat.com/og-image.png">
 
 <!-- Structured Data -->
@@ -256,19 +256,15 @@ footer{border-top:1px solid rgba(255,255,255,.06);padding:48px 0 32px;color:var(
   <button class="menu-toggle" onclick="document.querySelector('.nav-links').classList.toggle('open')" aria-label="Menu">☰</button>
   <div class="nav-links">
     <a href="#problem">Why</a>
-    <a href="#deploy">Deploy</a>
     <a href="#guardian">Guardian</a>
     <a href="#features">Features</a>
-    <a href="#demo">Demo</a>
-    <a href="#badge">Badge</a>
+    <a href="#compare">Compare</a>
     <a href="#pricing">Pricing</a>
-    <a href="/playground.html">Playground</a>
-    <a href="/compare.html">Compare</a>
-    <a href="/integrations/langchain.html">Integrations</a>
-    <a href="/report-demo.html">Sample Report</a>
-    <a href="/blog/">Blog</a>
+    <a href="/business/" style="color:var(--emerald);font-weight:600">Business</a>
+    <a href="/scan/" style="color:#ff6b6b;font-weight:600">Free Scanner</a>
+    <a href="/finance/" style="color:#f5c542;font-weight:600">Finance</a>
     <a href="https://github.com/darfaz/clawmoat">GitHub</a>
-    <a href="#waitlist" class="btn-sm">Join Waitlist</a>
+    <a href="#pricing" class="btn-sm">Get Started Free</a>
   </div>
 </div>
 </nav>
@@ -282,21 +278,57 @@ footer{border-top:1px solid rgba(255,255,255,.06);padding:48px 0 32px;color:var(
   <div class="hero-video-overlay"></div>
 </div>
 <div class="container">
-  <h1>The <span class="highlight">Trust Layer</span> for AI Agents,<br>Wherever They Run</h1>
-  <p>Laptop, dedicated machine, or cloud — ClawMoat secures your AI agents with credential monitoring, skill integrity checking, network egress logging, and inter-agent message scanning.</p>
+  <h1><span class="highlight">They protect the model.</span> We protect <em>your machine.</em></h1>
+  <p style="font-size:1.3rem;color:var(--white);max-width:720px;margin:0 auto 16px">The only open-source security layer that guards your SSH keys, credentials, and file system from AI agents — not just their prompts.</p>
+  <p style="font-size:1.05rem;color:var(--gray);max-width:560px;margin:0 auto 40px">One npm install. Zero dependencies. Sub-millisecond scanning. Free forever.</p>
+  <div class="install-cmd" style="margin:0 auto 32px"><span class="dollar">$</span> npm install -g clawmoat</div>
   <div class="hero-btns">
-    <a href="#waitlist" class="btn btn-primary">Get Early Access</a>
-    <a href="https://github.com/darfaz/clawmoat" class="btn btn-outline">⭐ Star on GitHub</a>
+    <a href="https://github.com/darfaz/clawmoat" class="btn btn-primary">⭐ Star on GitHub</a>
+    <a href="#pricing" class="btn btn-outline">See Plans</a>
   </div>
   <div class="hero-badges">
     <span><a href="https://www.npmjs.com/package/clawmoat"><img src="https://img.shields.io/npm/v/clawmoat?style=flat-square&color=3B82F6" alt="npm" style="height:18px;vertical-align:middle"></a></span>
-    <span>🛡️ Host Guardian</span>
-    <span>🔒 4 Permission Tiers</span>
-    <span>🔍 Inter-Agent Scanning</span>
     <span>⚡ Zero Dependencies</span>
-    <span>✅ 128 Tests Passing</span>
     <span>📦 MIT License</span>
+    <span>✅ 142 Tests Passing</span>
   </div>
+  <!-- Live Stats Ticker -->
+  <div id="stats-ticker" style="margin-top:32px;display:flex;gap:40px;justify-content:center;flex-wrap:wrap;align-items:center;opacity:0;transition:opacity .5s">
+    <div style="text-align:center">
+      <div id="stat-total" style="font-size:2.4rem;font-weight:800;background:linear-gradient(135deg,var(--blue),var(--emerald));-webkit-background-clip:text;-webkit-text-fill-color:transparent;background-clip:text">—</div>
+      <div style="font-size:.8rem;color:var(--gray);text-transform:uppercase;letter-spacing:.05em">Total installs &amp; clones</div>
+    </div>
+    <div style="width:1px;height:40px;background:var(--navy-light)"></div>
+    <div style="text-align:center">
+      <div id="stat-stars" style="font-size:1.6rem;font-weight:800;color:var(--orange)">—</div>
+      <div style="font-size:.75rem;color:var(--gray);text-transform:uppercase;letter-spacing:.05em">⭐ GitHub stars</div>
+    </div>
+    <div style="text-align:center">
+      <div id="stat-downloads" style="font-size:1.6rem;font-weight:800;color:var(--emerald)">—</div>
+      <div style="font-size:.75rem;color:var(--gray);text-transform:uppercase;letter-spacing:.05em">📦 npm downloads</div>
+    </div>
+    <div style="text-align:center">
+      <div id="stat-clones" style="font-size:1.6rem;font-weight:800;color:var(--blue)">—</div>
+      <div style="font-size:.75rem;color:var(--gray);text-transform:uppercase;letter-spacing:.05em">🔄 Git clones</div>
+    </div>
+  </div>
+  <script>
+  (async function(){
+    try {
+      const r = await fetch('https://clawmoat-production.up.railway.app/api/stats');
+      const s = await r.json();
+      if(s.npm_downloads_total){
+        const anim=(el,target)=>{let c=0;const step=Math.max(1,Math.ceil(target/40));const t=setInterval(()=>{c=Math.min(c+step,target);el.textContent=c.toLocaleString()+'+';if(c>=target)clearInterval(t)},25)};
+        const total = s.npm_downloads_total + (s.github_clones||0) + (s.github_forks||0);
+        anim(document.getElementById('stat-total'), total);
+        anim(document.getElementById('stat-stars'), s.github_stars);
+        anim(document.getElementById('stat-downloads'), s.npm_downloads_total);
+        anim(document.getElementById('stat-clones'), s.github_clones||0);
+        document.getElementById('stats-ticker').style.opacity='1';
+      }
+    }catch(e){}
+  })();
+  </script>
 </div>
 </section>
 
@@ -304,8 +336,8 @@ footer{border-top:1px solid rgba(255,255,255,.06);padding:48px 0 32px;color:var(
 <section class="problem" id="problem">
 <div class="container">
   <div class="section-label">The Problem</div>
-  <h2 class="section-title">Your AI agent has the keys to everything</h2>
-  <p class="section-sub">Shell access. Browser control. Email. Files. One prompt injection in a webpage or email can hijack it all. This isn't theoretical — researchers are proving it every week.</p>
+  <h2 class="section-title">You gave your AI agent root access to your life</h2>
+  <p class="section-sub">SSH keys. AWS credentials. Browser cookies. Crypto wallets. Your agent can read them all right now. One poisoned email, one malicious skill, and everything leaves through a single curl command. This isn't a hypothetical — it happened last month.</p>
   <div class="problem-grid">
     <div class="threat-card">
       <div class="icon">💉</div>
@@ -325,18 +357,49 @@ footer{border-top:1px solid rgba(255,255,255,.06);padding:48px 0 32px;color:var(
     <div class="threat-card">
       <div class="icon">🌐</div>
       <h3>Massive Exposure</h3>
-      <p>SecurityScorecard found 135K exposed OpenClaw instances. RNWY confirmed no agent identity system exists. The attack surface is enormous.</p>
+      <p><a href="https://www.oasis.security/blog/openclaw-vulnerability" style="color:var(--blue)">Any website can hijack your agent</a> (Oasis Security). 40,000+ <a href="https://www.infosecurity-magazine.com/news/researchers-40000-exposed-openclaw/" style="color:var(--blue)">exposed instances</a>. <a href="https://www.infosecurity-magazine.com/news/researchers-six-new-openclaw/" style="color:var(--blue)">6 new CVEs this week</a>. <a href="https://www.onyx.app/insights/openclaw-enterprise-evaluation-framework" style="color:var(--blue)">Enterprise readiness: 1.2/5</a>.</p>
     </div>
   </div>
 </div>
 </section>
 
+<!-- Social Proof -->
+<section id="proof" style="padding:60px 0">
+<div class="container" style="text-align:center">
+  <!-- Live stats from shields.io -->
+  <div style="display:flex;gap:12px;justify-content:center;flex-wrap:wrap;margin-bottom:40px">
+    <img src="https://img.shields.io/npm/dw/clawmoat?label=npm%20downloads&color=10B981&style=for-the-badge" alt="npm downloads" height="28">
+    <img src="https://img.shields.io/github/stars/darfaz/clawmoat?style=for-the-badge&color=3B82F6" alt="GitHub stars" height="28">
+    <img src="https://img.shields.io/badge/dependencies-0-10B981?style=for-the-badge" alt="0 dependencies" height="28">
+    <img src="https://img.shields.io/badge/scan%20time-%3C1ms-F8FAFC?style=for-the-badge" alt="<1ms scan time" height="28">
+    <img src="https://img.shields.io/badge/tests-142%20passing-10B981?style=for-the-badge" alt="142 tests passing" height="28">
+    <img src="https://img.shields.io/badge/license-MIT-3B82F6?style=for-the-badge" alt="MIT license" height="28">
+  </div>
+  <!-- Testimonials -->
+  <div style="display:grid;grid-template-columns:repeat(auto-fit,minmax(280px,1fr));gap:16px;max-width:900px;margin:0 auto">
+    <blockquote style="border-left:3px solid var(--emerald);padding:16px 24px;text-align:left;background:var(--navy-light);border-radius:0 10px 10px 0">
+      <p style="font-size:1rem;font-style:italic;color:var(--white);margin-bottom:8px">"My OpenClaw bot was a fan of ClawMoat."</p>
+      <footer style="color:var(--gray);font-size:.85rem">— Jon, OpenClaw power user &amp; bot operator</footer>
+    </blockquote>
+    <blockquote style="border-left:3px solid var(--blue);padding:16px 24px;text-align:left;background:var(--navy-light);border-radius:0 10px 10px 0">
+      <p style="font-size:1rem;font-style:italic;color:var(--white);margin-bottom:8px">"The only project I've seen that protects the host, not just the prompts. This is what the ecosystem needs."</p>
+      <footer style="color:var(--gray);font-size:.85rem">— OpenClaw community member</footer>
+    </blockquote>
+  </div>
+  <div style="margin-top:32px;display:flex;gap:24px;justify-content:center;flex-wrap:wrap;font-size:.9rem;color:var(--gray)">
+    <span>🔒 <a href="https://www.microsoft.com/en-us/security/blog/2026/02/19/running-openclaw-safely-identity-isolation-runtime-risk/" style="color:var(--blue)">Microsoft says</a> "don't run on workstations"</span>
+    <span>📊 Referenced by <a href="https://genai.owasp.org/" style="color:var(--blue)">OWASP Agentic AI</a> framework</span>
+    <span>🔬 Built on <a href="https://arxiv.org/abs/2501.13011" style="color:var(--blue)">Anthropic's agentic misalignment</a> research</span>
+  </div>
+</div>
+</section>
+
 <!-- Deployment Models -->
 <section id="deploy">
 <div class="container">
-  <div class="section-label">Deployment Models</div>
-  <h2 class="section-title">One tool, three ways to deploy</h2>
-  <p class="section-sub">ClawMoat isn't just laptop security. It protects AI agents wherever they run.</p>
+  <div class="section-label">Where You Run Agents</div>
+  <h2 class="section-title">Your laptop. A dedicated box. The cloud. All protected.</h2>
+  <p class="section-sub">Same npm package, different deployment profiles. Pick the one that matches your setup.</p>
   <div class="deploy-grid">
     <div class="deploy-card">
       <div class="deploy-icon">💻</div>
@@ -381,9 +444,9 @@ footer{border-top:1px solid rgba(255,255,255,.06);padding:48px 0 32px;color:var(
 <!-- Host Guardian — THE LEAD STORY -->
 <section id="guardian">
 <div class="container">
-  <div class="section-label">Host Guardian</div>
-  <h2 class="section-title">The security layer between AI and your laptop</h2>
-  <p class="section-sub">Permission tiers let you dial up access as trust grows. Start locked down, open up gradually — like hiring a new employee.</p>
+  <div class="section-label">Host Guardian — The Mechanism</div>
+  <h2 class="section-title">Four permission tiers. Like hiring a new employee.</h2>
+  <p class="section-sub">Start at Observer (read-only). Promote to Worker when you trust it. Every action is validated against your tier in real-time — blocked actions get logged, not executed.</p>
 
   <div class="tiers-grid">
     <div class="tier-card">
@@ -482,9 +545,9 @@ footer{border-top:1px solid rgba(255,255,255,.06);padding:48px 0 32px;color:var(
 <!-- What We Protect — Forbidden Zones -->
 <section class="problem" id="protect">
 <div class="container">
-  <div class="section-label">What We Protect</div>
-  <h2 class="section-title">Forbidden zones — auto-protected, always</h2>
-  <p class="section-sub">These sensitive areas are off-limits by default, regardless of permission tier. Your credentials stay yours.</p>
+  <div class="section-label">Forbidden Zones</div>
+  <h2 class="section-title">These directories are off-limits. Period.</h2>
+  <p class="section-sub">Even at the highest permission tier, ClawMoat blocks access to your most sensitive files. No override. No exceptions. No "are you sure?" — just blocked and logged.</p>
 
   <div class="zones-grid">
     <div class="zone-card">
@@ -575,9 +638,9 @@ footer{border-top:1px solid rgba(255,255,255,.06);padding:48px 0 32px;color:var(
 <!-- Features (Scanners — now supporting features) -->
 <section class="problem" id="features">
 <div class="container">
-  <div class="section-label">Scanners &amp; Features</div>
-  <h2 class="section-title">Comprehensive scanning built in</h2>
-  <p class="section-sub">Host Guardian is the gatekeeper. Scanners are the intelligence — detecting threats before they reach your machine.</p>
+  <div class="section-label">What It Catches</div>
+  <h2 class="section-title">8 scanners running on every message, every tool call</h2>
+  <p class="section-sub">Your agent processes hundreds of inputs per session. Each one passes through ClawMoat before it can touch your system.</p>
   <div class="features-grid">
     <div class="feature-card">
       <div class="icon">🔑</div>
@@ -738,17 +801,114 @@ footer{border-top:1px solid rgba(255,255,255,.06);padding:48px 0 32px;color:var(
 </div>
 </section>
 
+<!-- Compare -->
+<section id="compare">
+<div class="container">
+  <div class="section-label">How We're Different</div>
+  <h2 class="section-title">The only tool protecting the host, not just the prompt</h2>
+  <p class="section-sub">Other tools scan prompts. ClawMoat protects your entire machine — credentials, files, network, and skills.</p>
+  <div style="overflow-x:auto">
+  <table style="width:100%;border-collapse:collapse;font-size:.9rem;margin-top:32px">
+    <thead>
+      <tr style="border-bottom:2px solid var(--navy-mid)">
+        <th style="text-align:left;padding:12px 16px;color:var(--gray)">Capability</th>
+        <th style="text-align:center;padding:12px 16px;color:var(--emerald);font-weight:700">ClawMoat</th>
+        <th style="text-align:center;padding:12px 16px;color:var(--gray)">LlamaFirewall</th>
+        <th style="text-align:center;padding:12px 16px;color:var(--gray)">NeMo Guardrails</th>
+        <th style="text-align:center;padding:12px 16px;color:var(--gray)">Lakera Guard</th>
+        <th style="text-align:center;padding:12px 16px;color:var(--gray)">SecureClaw</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr style="border-bottom:1px solid rgba(255,255,255,.06)">
+        <td style="padding:10px 16px">Prompt injection detection</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+      </tr>
+      <tr style="border-bottom:1px solid rgba(255,255,255,.06)">
+        <td style="padding:10px 16px"><strong>Host-level protection</strong></td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+      </tr>
+      <tr style="border-bottom:1px solid rgba(255,255,255,.06)">
+        <td style="padding:10px 16px"><strong>Credential monitoring</strong></td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+      </tr>
+      <tr style="border-bottom:1px solid rgba(255,255,255,.06)">
+        <td style="padding:10px 16px"><strong>Skill/plugin auditing</strong></td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+      </tr>
+      <tr style="border-bottom:1px solid rgba(255,255,255,.06)">
+        <td style="padding:10px 16px"><strong>Permission tiers</strong></td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+      </tr>
+      <tr style="border-bottom:1px solid rgba(255,255,255,.06)">
+        <td style="padding:10px 16px">Zero dependencies</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px">N/A (SaaS)</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td></tr>
+      <tr style="border-bottom:1px solid rgba(255,255,255,.06)">
+        <td style="padding:10px 16px">Open source</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅ MIT</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+        <td style="text-align:center;padding:10px;color:var(--red)">❌</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+      </tr>
+      <tr style="border-bottom:1px solid rgba(255,255,255,.06)">
+        <td style="padding:10px 16px">Node.js native</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">✅</td>
+        <td style="text-align:center;padding:10px">Python</td>
+        <td style="text-align:center;padding:10px">Python</td>
+        <td style="text-align:center;padding:10px">API</td>
+        <td style="text-align:center;padding:10px">Skill</td>
+      </tr>
+      <tr>
+        <td style="padding:10px 16px">Free tier</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)"><strong>Full product</strong></td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">Full</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">Full</td>
+        <td style="text-align:center;padding:10px">Limited</td>
+        <td style="text-align:center;padding:10px;color:var(--emerald)">Full</td>
+      </tr>
+    </tbody>
+  </table>
+  </div>
+  <p style="text-align:center;margin-top:24px;color:var(--gray);font-size:.85rem">ClawMoat works alongside these tools — they protect the model layer, we protect the machine layer.</p>
+</div>
+</section>
+
 <!-- Pricing -->
 <section id="pricing">
 <div class="container">
   <div class="section-label">Pricing</div>
-  <h2 class="section-title">Protect every agent, any scale</h2>
-  <p class="section-sub">Open source core is free forever. All paid plans include a <strong>30-day free trial</strong> and <strong>14-day money-back guarantee</strong>.</p>
+  <h2 class="section-title">Free to start. Upgrade when the stakes get real.</h2>
+  <p class="section-sub">Running agents on your laptop? Free tier has you covered. Managing a fleet for your company? That's when Pro and Team earn their keep. All paid plans include a <strong>30-day free trial</strong> and <strong>14-day money-back guarantee</strong>.</p>
   <div class="pricing-grid">
     <div class="price-card">
       <h3>Free</h3>
       <div class="price">$0</div>
-      <div class="desc">Open source — forever free</div>
+      <div class="desc">Stop worrying about your agent leaking keys or getting hijacked</div>
       <ul>
         <li>Host Guardian (all 4 tiers)</li>
         <li>20+ forbidden zone patterns</li>
@@ -764,7 +924,7 @@ footer{border-top:1px solid rgba(255,255,255,.06);padding:48px 0 32px;color:var(
     <div class="price-card">
       <h3>Security Kit</h3>
       <div class="price">$29</div>
-      <div class="desc">Pay what you want — own it forever</div>
+      <div class="desc">Ship agent features without security liability — own it forever</div>
       <ul>
         <li>Everything in Free</li>
         <li>OpenClaw security skill</li>
@@ -773,13 +933,13 @@ footer{border-top:1px solid rgba(255,255,255,.06);padding:48px 0 32px;color:var(
         <li>Scan history &amp; audit log</li>
         <li>1 year of pattern updates</li>
       </ul>
-      <a href="https://buy.stripe.com/test_9B65kC5WJ6DMgbI7C35wI00" class="btn btn-primary">Buy — pay what you want</a>
+      <a href="#" onclick="checkout('security-kit');return false" class="btn btn-primary">Buy — $29 one-time</a>
       <p style="font-size:.75rem;color:var(--gray);margin-top:8px;text-align:center">14-day money-back guarantee</p>
     </div>
     <div class="price-card popular">
       <h3>Pro</h3>
       <div class="price">$14.99<span>/mo</span></div>
-      <div class="desc">First month free — continuous protection</div>
+      <div class="desc">Prove your agents are secure — dashboard, audit logs, and real-time alerts</div>
       <ul>
         <li>Everything in Security Kit</li>
         <li>Threat intelligence feed</li>
@@ -799,7 +959,7 @@ footer{border-top:1px solid rgba(255,255,255,.06);padding:48px 0 32px;color:var(
     <div class="price-card">
       <h3>Team</h3>
       <div class="price">$49<span>/mo</span></div>
-      <div class="desc">First month free — multi-agent security</div>
+      <div class="desc">Pass SOC2 with AI agents in production — compliance reports, fleet control, centralized policy</div>
       <ul>
         <li>Everything in Pro</li>
         <li>Fleet dashboard (all machines)</li>
@@ -888,10 +1048,14 @@ footer{border-top:1px solid rgba(255,255,255,.06);padding:48px 0 32px;color:var(
     </div>
     <div>
       <h4>Company</h4>
-      <a href="mailto:hello@clawmoat.com">Contact</a>
-      <a href="#">Blog</a>
-      <a href="#">Twitter</a>
-      <a href="#">Privacy</a>
+      <a href="mailto:hello@clawmoat.com">hello@clawmoat.com</a>
+      <a href="tel:+16503838190">(650) 383-8190</a>
+      <p style="color:var(--gray);font-size:.8rem;margin-top:4px">10000 Washington Blvd<br>Culver City, CA 90232</p>
+      <a href="/blog/">Blog</a>
+      <a href="/business/">For Business</a>
+      <a href="/support/">Support</a>
+      <a href="/terms-of-service/">Terms of Service</a>
+      <a href="/privacy-policy/">Privacy Policy</a>
     </div>
   </div>
   <div class="footer-bottom">