clawmoat 0.7.0 → 1.0.0

package/docs/playground.html

@@ -129,16 +129,13 @@ nav .container{display:flex;align-items:center;justify-content:space-between}
 
 <nav>
 <div class="container">
-  <a href="/" class="logo" style="text-decoration:none">🏰 Claw<span>Moat</span></a>
+  <a href="/" class="logo">🏰 Claw<span>Moat</span></a>
   <button class="menu-toggle" onclick="document.querySelector('.nav-links').classList.toggle('open')" aria-label="Menu">☰</button>
   <div class="nav-links">
-    <a href="/#features">Features</a>
-    <a href="/#demo">Demo</a>
-    <a href="/playground.html" class="active">Playground</a>
-    <a href="/#pricing">Pricing</a>
+    <a href="/">Security</a>
+    <a href="/services/">AI Agents</a>
     <a href="/blog/">Blog</a>
-    <a href="https://github.com/darfaz/clawmoat">GitHub</a>
-    <a href="/#waitlist" class="btn-sm">Get Early Access</a>
+    <a href="https://github.com/darfaz/clawmoat">GitHub ↗</a>
   </div>
 </div>
 </nav>

package/docs/privacy-policy/index.html

@@ -0,0 +1,122 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Privacy Policy — ClawMoat</title>
+<meta name="description" content="ClawMoat Privacy Policy. How we collect, use, and protect your information.">
+<link rel="canonical" href="https://clawmoat.com/privacy-policy/">
+<link rel="icon" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 100 100'><text y='.9em' font-size='90'>🏰</text></svg>">
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+:root{--navy:#0F172A;--navy-light:#1E293B;--navy-mid:#334155;--blue:#3B82F6;--emerald:#10B981;--white:#F8FAFC;--gray:#94A3B8}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;background:var(--navy);color:var(--white);line-height:1.8}
+a{color:var(--blue)}
+.container{max-width:740px;margin:0 auto;padding:0 24px}
+nav{background:rgba(15,23,42,.95);backdrop-filter:blur(12px);border-bottom:1px solid rgba(59,130,246,.15);padding:16px 0;position:fixed;top:0;left:0;right:0;z-index:100}
+nav .container{display:flex;align-items:center;justify-content:space-between}
+.logo{font-size:1.1rem;font-weight:700;color:var(--white);text-decoration:none}
+.logo span{color:var(--emerald)}
+nav a{color:var(--gray);font-size:.85rem;text-decoration:none}
+nav a:hover{color:var(--white)}
+article{padding:120px 0 80px}
+h1{font-size:2rem;font-weight:800;margin-bottom:8px}
+.updated{color:var(--gray);font-size:.85rem;margin-bottom:40px}
+h2{font-size:1.2rem;font-weight:700;margin:36px 0 12px;color:var(--white)}
+p{color:var(--gray);margin-bottom:16px;font-size:.95rem}
+ul{color:var(--gray);margin:0 0 16px 24px;font-size:.95rem}
+li{margin-bottom:6px}
+</style>
+</head>
+<body>
+<nav><div class="container"><a href="/" class="logo">🏰 Claw<span>Moat</span></a><div style="display:flex;gap:20px"><a href="/">Home</a><a href="/terms-of-service/">Terms</a><a href="/privacy-policy/">Privacy</a></div></div></nav>
+<article><div class="container">
+<h1>Privacy Policy</h1>
+<p class="updated">Last Updated: February 26, 2026</p>
+
+<p>This Privacy Policy describes how Leopold Care, LLC dba ClawMoat ("we", "us", "our") collects, uses, and discloses information about you when you use our website (clawmoat.com), open-source software, paid services, and related tools (collectively, the "Services").</p>
+
+<p>By using our Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, please do not use the Services.</p>
+
+<h2>1. Information We Collect</h2>
+
+<p><strong>Information You Provide:</strong></p>
+<ul>
+<li><strong>Account information</strong> — name, email address, and password when you create an account or subscribe to a paid plan.</li>
+<li><strong>Payment information</strong> — credit card or billing information processed securely through Stripe. We do not store your full payment card details.</li>
+<li><strong>Contact form submissions</strong> — name, email, company, and any details you provide through our inquiry forms.</li>
+<li><strong>Communications</strong> — information you provide when contacting us via email at hello@clawmoat.com.</li>
+</ul>
+
+<p><strong>Information Collected Automatically:</strong></p>
+<ul>
+<li><strong>Usage data</strong> — pages visited, time on site, referral source, browser type, device type, and IP address.</li>
+<li><strong>Cookies</strong> — we use essential cookies for site functionality. We do not use tracking cookies or third-party advertising cookies.</li>
+</ul>
+
+<p><strong>Open-Source Software (npm package):</strong></p>
+<ul>
+<li>The ClawMoat open-source npm package does <strong>not</strong> collect any telemetry, usage data, or personal information by default.</li>
+<li>The software runs entirely on your machine. No data is sent to our servers unless you explicitly configure webhook alerts or opt into telemetry.</li>
+<li>If you opt into telemetry, only anonymized usage statistics are collected (e.g., feature usage counts). No personal data, file contents, or credentials are ever transmitted.</li>
+</ul>
+
+<h2>2. How We Use Your Information</h2>
+<ul>
+<li>To provide, maintain, and improve the Services</li>
+<li>To process payments and manage subscriptions</li>
+<li>To respond to your inquiries and provide customer support</li>
+<li>To send service-related communications (not marketing, unless you opt in)</li>
+<li>To comply with legal obligations</li>
+<li>To detect and prevent fraud or security incidents</li>
+</ul>
+
+<h2>3. How We Share Your Information</h2>
+<p>We do not sell your personal information. We may share information with:</p>
+<ul>
+<li><strong>Service providers</strong> — Stripe (payments), GitHub Pages (hosting), and email providers, solely to deliver the Services.</li>
+<li><strong>Legal requirements</strong> — if required by law, court order, or governmental authority.</li>
+<li><strong>Business transfers</strong> — in connection with a merger, acquisition, or sale of assets, with notice to you.</li>
+</ul>
+
+<h2>4. Data Security</h2>
+<p>We implement reasonable technical and organizational measures to protect your information. However, no method of transmission over the Internet is 100% secure.</p>
+
+<h2>5. Data Retention</h2>
+<p>We retain your information for as long as your account is active or as needed to provide Services. You may request deletion of your account and associated data at any time by contacting us.</p>
+
+<h2>6. Your Rights</h2>
+<p>Depending on your location, you may have the right to:</p>
+<ul>
+<li>Access, correct, or delete your personal information</li>
+<li>Object to or restrict processing of your information</li>
+<li>Data portability</li>
+<li>Withdraw consent at any time</li>
+</ul>
+<p>To exercise these rights, contact us at <a href="mailto:hello@clawmoat.com">hello@clawmoat.com</a>.</p>
+
+<h2>7. California Residents (CCPA)</h2>
+<p>If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.</p>
+
+<h2>8. Children's Privacy</h2>
+<p>Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13.</p>
+
+<h2>9. Third-Party Links</h2>
+<p>Our Services may contain links to third-party websites. We are not responsible for their privacy practices.</p>
+
+<h2>10. Changes to This Policy</h2>
+<p>We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date.</p>
+
+<h2>11. Contact Us</h2>
+<p>If you have questions about this Privacy Policy, contact us at:</p>
+<p>
+Leopold Care, LLC dba ClawMoat<br>
+10000 Washington Blvd<br>
+Culver City, CA 90232<br>
+Email: <a href="mailto:hello@clawmoat.com">hello@clawmoat.com</a><br>
+Phone: <a href="tel:+16503838190">(650) 383-8190</a>
+</p>
+
+</div></article>
+</body>
+</html>

package/docs/rfcs/defense-in-depth.md

@@ -0,0 +1,467 @@
+# RFC: Defense-in-Depth for AI Agents — ClawMoat × Agent-OS Collaboration
+
+**Status:** Draft  
+**Author(s):** ClawMoat Team, Agent-OS/AgentMesh Team  
+**Date:** March 2026  
+**Version:** 1.0  
+
+## Abstract
+
+AI agents operate with real-world tool access (shell, files, APIs, browsers) and require robust security architecture. This RFC proposes a **defense-in-depth** approach combining ClawMoat's reactive security scanning with Agent-OS's proactive governance layer. Together, they provide comprehensive protection against the OWASP Agentic Top 10 threats while maintaining agent functionality and developer experience.
+
+---
+
+## 1. Problem Statement
+
+### Current Landscape Fragmentation
+
+The AI agent security landscape is fragmented with each framework implementing their own (or no) security model:
+
+- **LangChain:** Basic output parsers, limited input validation
+- **CrewAI:** Framework-level role restrictions, no runtime scanning
+- **AutoGen:** Conversation-level safety filters, limited tool governance
+- **OpenAI Agents SDK:** Output-focused guardrails, minimal input protection
+- **Google Agent Development Kit:** Enterprise features, vendor lock-in
+- **PydanticAI:** Type safety focus, limited security scanning
+
+### Security Gaps
+
+**Single-layer approaches fail:**
+- Input-only filtering misses dynamic threats
+- Output-only scanning allows malicious tool execution
+- Framework-specific security doesn't protect cross-framework deployments
+- Policy engines without scanning miss sophisticated attacks
+
+**No single security layer is sufficient** — sophisticated threats require multiple coordinated defenses.
+
+---
+
+## 2. Defense-in-Depth Architecture
+
+### Layer 1: Perimeter (ClawMoat)
+
+**Role:** Reactive threat detection and content scanning  
+**Scope:** Input/output analysis, prompt injection detection, data exfiltration prevention
+
+**Components:**
+- **Input Scanners:** Prompt injection, jailbreak attempts, excessive agency requests
+- **Output Scanners:** PII/secrets leakage, unauthorized data sharing, policy violations  
+- **Tool Scanners:** Command validation, file access monitoring, network egress logging
+- **Behavioral Analysis:** Insider threat patterns, anomaly detection
+
+**Coverage:**
+- OWASP Agentic A01: Prompt Injection
+- OWASP Agentic A02: Insecure Output Handling  
+- OWASP Agentic A03: Training Data Poisoning (detection)
+- OWASP Agentic A06: Excessive Agency
+- OWASP Agentic A09: Misinformation (patterns)
+- OWASP Agentic A10: Unbounded Consumption
+
+### Layer 2: Governance (Agent-OS)
+
+**Role:** Proactive policy enforcement and action interception  
+**Scope:** Permission models, approval workflows, action authorization
+
+**Components:**
+- **Policy Engine:** YAML-based rules, role-based permissions, conditional access
+- **Action Interceptor:** Pre-execution validation, approval workflows, audit trails
+- **Trust System:** 5-dimension scoring, behavior-based reputation, temporal decay
+- **Audit Chain:** Tamper-evident Merkle tree, compliance reporting, forensics
+
+**Coverage:**
+- OWASP Agentic A04: Model Denial of Service (rate limiting)
+- OWASP Agentic A05: Supply Chain Vulnerabilities (tool validation)
+- OWASP Agentic A06: Excessive Agency (authorization)
+- OWASP Agentic A07: System Prompt Leakage (access control)
+- OWASP Agentic A08: Vector and Embeddings Weaknesses (data governance)
+
+### Layer 3: Runtime (Framework)
+
+**Role:** Framework-specific guardrails and tool-level access control  
+**Scope:** Native integrations, performance optimization, developer experience
+
+**Components:**
+- **LangChain:** Custom callback handlers, memory protection, chain validation
+- **CrewAI:** Role-based tool restrictions, task validation, crew permissions  
+- **OpenAI Agents SDK:** Guardrail protocol implementation, handoff security
+- **AutoGen:** Conversation filtering, agent isolation, group chat moderation
+
+### Layer 4: Audit
+
+**Role:** Comprehensive logging, alerting, and compliance reporting  
+**Scope:** Cross-layer visibility, threat intelligence, regulatory compliance
+
+**Components:**
+- **Unified Logging:** JSONL format, structured events, searchable metadata
+- **Threat Intelligence:** IOCs, attack patterns, behavioral baselines
+- **Compliance Engine:** SOX, PCI-DSS, HIPAA reporting, audit trails
+- **Alerting:** Real-time notifications, escalation workflows, incident response
+
+---
+
+## 3. Integration Points
+
+### 3.1 Pre-Execution Pipeline
+
+```
+User Input → ClawMoat Scan → Agent-OS Policy → Framework Guards → Tool Execution
+```
+
+**Flow:**
+1. **ClawMoat** scans input for prompt injection, malicious content
+2. **Agent-OS** evaluates against governance policies, role permissions  
+3. **Framework** applies native guardrails, tool restrictions
+4. **Tool** executes with monitoring and logging
+
+**Benefits:**
+- Threats caught at perimeter before reaching agent
+- Policy violations blocked before execution
+- Multiple validation layers prevent bypass
+
+### 3.2 Post-Execution Pipeline
+
+```
+Tool Output → ClawMoat Scan → Agent-OS Audit → Framework Response → User
+```
+
+**Flow:**
+1. **Tool** generates output, ClawMoat scans for PII/secrets
+2. **Agent-OS** records action outcome, updates trust score
+3. **Framework** applies output formatting, response validation
+4. **User** receives sanitized, policy-compliant response
+
+**Benefits:**
+- Data exfiltration prevented at multiple checkpoints
+- Behavioral patterns recorded for anomaly detection
+- Compliance requirements automatically enforced
+
+### 3.3 Shared Policy Format
+
+**Unified YAML schema** for cross-platform compatibility:
+
+```yaml
+# clawmoat-agentmesh-policy.yml
+metadata:
+  version: "1.0"
+  frameworks: ["langchain", "crewai", "openai-agents"]
+  
+clawmoat:
+  scanners:
+    prompt_injection: { enabled: true, threshold: 0.8 }
+    secrets: { enabled: true, redact: true }
+    pii: { enabled: true, anonymize: ["ssn", "credit_card"] }
+  
+agentmesh:
+  permissions:
+    tools:
+      - name: "web_search" 
+        allow: ["research_agent"]
+        rate_limit: { calls: 10, window: "1m" }
+      - name: "file_write"
+        allow: ["admin_agent"]
+        approval_required: true
+  trust:
+    min_score: 0.7
+    factors: ["tool_success", "policy_compliance", "user_feedback"]
+
+frameworks:
+  langchain:
+    callbacks: ["clawmoat_scanner", "agentmesh_governor"]
+    memory_protection: true
+  crewai:
+    middleware: ["security_layer"]
+    role_inheritance: false
+```
+
+### 3.4 Common Threat Taxonomy
+
+**Mapped to OWASP Agentic Top 10** for consistent threat classification:
+
+| OWASP ID | Threat | ClawMoat Detection | Agent-OS Mitigation | Framework Guard |
+|----------|--------|-------------------|-------------------|-----------------|
+| A01 | Prompt Injection | Input scanning, pattern matching | Policy validation, role checks | Conversation filtering |
+| A02 | Insecure Output | PII/secret detection, data classification | Output approval, redaction policies | Response validation |
+| A06 | Excessive Agency | Privilege escalation detection | Permission enforcement, approval | Tool restrictions |
+| A09 | Misinformation | Content validation, fact-checking | Source verification, trust scoring | Output disclaimers |
+
+---
+
+## 4. Framework Support Matrix
+
+### 4.1 LangChain Integration
+
+**ClawMoat Integration:**
+```python
+from clawmoat.integrations.langchain import ClawMoatCallback
+
+chain = LLMChain(
+    llm=OpenAI(),
+    callbacks=[ClawMoatCallback(
+        scan_input=True,
+        scan_output=True,
+        block_threats=True
+    )]
+)
+```
+
+**Agent-OS Integration:**
+```python
+from agentmesh.integrations.langchain import AgentMeshGovernor
+
+governor = AgentMeshGovernor(policy_path="policy.yml")
+chain = governor.wrap(chain)  # Adds policy enforcement
+```
+
+### 4.2 CrewAI Integration
+
+**Combined Middleware:**
+```python
+from clawmoat.integrations.crewai import ClawMoatMiddleware
+from agentmesh.integrations.crewai import AgentMeshMiddleware
+
+crew = Crew(
+    agents=[researcher, writer],
+    middleware=[
+        ClawMoatMiddleware(),      # Threat scanning
+        AgentMeshMiddleware()      # Policy enforcement
+    ]
+)
+```
+
+### 4.3 OpenAI Agents SDK Integration
+
+**Guardrail Chaining:**
+```python
+from clawmoat.integrations.openai_agents import ClawMoatGuardrail
+from agentmesh.integrations.openai_agents import AgentMeshGuardrail
+
+agent = Agent(
+    input_guardrails=[
+        ClawMoatGuardrail(),      # Scan before processing
+        AgentMeshGuardrail()      # Enforce permissions
+    ]
+)
+```
+
+---
+
+## 5. Reference Implementation
+
+### 5.1 CrewAI Security Stack
+
+**Complete defense-in-depth for CrewAI:**
+
+```python
+from crewai import Agent, Task, Crew
+from clawmoat.integrations.crewai import ClawMoatMiddleware
+from agentmesh.integrations.crewai import AgentMeshMiddleware
+
+# Layer 1: ClawMoat scanning
+security_scanner = ClawMoatMiddleware(
+    scan_input=True,
+    scan_output=True, 
+    scan_tools=True,
+    block_on_threat=True
+)
+
+# Layer 2: Agent-OS governance  
+governance = AgentMeshMiddleware(
+    policy_path="security-policy.yml",
+    approval_required=["file_write", "network_request"],
+    trust_threshold=0.7
+)
+
+# Layer 3: Framework guards
+research_agent = Agent(
+    role="Security Researcher",
+    goal="Research threats safely",
+    tools=[web_search, file_read],  # Restricted toolset
+    max_rpm=10,                     # Rate limiting
+    memory=False                    # No persistent memory
+)
+
+# Combined protection
+crew = Crew(
+    agents=[research_agent],
+    middleware=[security_scanner, governance],
+    verbose=True
+)
+
+result = crew.kickoff(task="Research AI security best practices")
+```
+
+### 5.2 Policy Configuration
+
+**Unified security policy:**
+
+```yaml
+# security-policy.yml
+metadata:
+  name: "AI Agent Security Policy"
+  version: "1.0"
+  scope: ["research", "analysis"] 
+  
+clawmoat:
+  input_scanning:
+    prompt_injection: { enabled: true, threshold: 0.8, action: "block" }
+    jailbreak: { enabled: true, action: "log_and_continue" }
+    excessive_agency: { enabled: true, threshold: 0.9, action: "block" }
+    
+  output_scanning:
+    pii: { enabled: true, types: ["ssn", "credit_card"], action: "redact" }
+    secrets: { enabled: true, action: "block" }
+    
+  tool_monitoring:
+    file_access: { log: true, forbidden_paths: ["~/.ssh", "/etc/passwd"] }
+    network: { log: true, blocked_domains: ["malware.com"] }
+    
+agentmesh:
+  roles:
+    research_agent:
+      tools: ["web_search", "file_read"]
+      rate_limits: { web_search: "10/min", file_read: "50/min" }
+      approval: { required: false, escalate_on_block: true }
+      
+    admin_agent:
+      tools: ["web_search", "file_read", "file_write", "shell_exec"]
+      rate_limits: { shell_exec: "5/hour" }
+      approval: { required: true, approvers: ["security_team"] }
+      
+  trust_system:
+    enabled: true
+    min_score: 0.6
+    factors:
+      - name: "compliance" 
+        weight: 0.4
+        decay: "7d"
+      - name: "tool_success"
+        weight: 0.3  
+        decay: "3d"
+      - name: "user_feedback"
+        weight: 0.3
+        decay: "30d"
+```
+
+---
+
+## 6. Benefits and Trade-offs
+
+### 6.1 Benefits
+
+**Security:**
+- **Comprehensive Coverage:** Multiple detection mechanisms prevent single-point failures
+- **Threat Intelligence Sharing:** Cross-layer visibility improves detection accuracy
+- **Zero-Day Protection:** Behavioral analysis catches novel attack patterns
+- **Compliance Ready:** Built-in audit trails and reporting
+
+**Developer Experience:**
+- **Framework Agnostic:** Works with any agent framework
+- **Gradual Adoption:** Can implement layers incrementally  
+- **Policy as Code:** Version-controlled, reviewable security configuration
+- **Minimal Performance Impact:** Optimized scanning and caching
+
+**Operations:**
+- **Unified Dashboards:** Single pane of glass for security monitoring
+- **Automated Response:** Policy violations trigger automatic remediation
+- **Forensics:** Complete audit trail for incident investigation
+- **Scaling:** Distributed architecture supports large agent deployments
+
+### 6.2 Trade-offs
+
+**Performance:**
+- **Latency:** Each layer adds processing overhead (~50-100ms total)
+- **Resource Usage:** Scanning and governance require CPU/memory
+- **Throughput:** Rate limiting may reduce peak agent performance
+
+**Complexity:**
+- **Configuration:** More moving parts require careful setup
+- **Debugging:** Multi-layer failures harder to diagnose
+- **Updates:** Changes require coordination across components
+
+**False Positives:**
+- **Over-blocking:** Conservative policies may impact legitimate use cases
+- **Tuning Required:** Thresholds need adjustment for specific domains
+- **Context Loss:** Cross-layer decisions may lack full context
+
+### 6.3 Mitigation Strategies
+
+**Performance:**
+- Asynchronous scanning where possible
+- Caching of policy decisions and threat signatures
+- Optional bypass modes for trusted environments
+
+**Complexity:**
+- Unified configuration format reduces mental overhead
+- Comprehensive documentation and examples
+- Automated testing across integration points
+
+**False Positives:**
+- ML-based threshold adaptation
+- Human-in-the-loop approval workflows
+- Domain-specific policy templates
+
+---
+
+## 7. Implementation Roadmap
+
+### Phase 1: Foundation (Q2 2026)
+- [ ] Define unified policy schema
+- [ ] Implement ClawMoat → Agent-OS data interchange
+- [ ] Create LangChain reference integration
+- [ ] Basic audit logging and alerting
+
+### Phase 2: Framework Coverage (Q3 2026) 
+- [ ] CrewAI middleware implementation
+- [ ] OpenAI Agents SDK guardrails
+- [ ] AutoGen conversation filtering
+- [ ] Cross-platform policy validation
+
+### Phase 3: Advanced Features (Q4 2026)
+- [ ] Behavioral anomaly detection
+- [ ] Automated threat intelligence sharing
+- [ ] ML-driven policy optimization
+- [ ] Enterprise compliance dashboards
+
+### Phase 4: Ecosystem (Q1 2027)
+- [ ] Google ADK integration
+- [ ] PydanticAI type-safe policies
+- [ ] Cloud-native deployment options
+- [ ] Open source community governance
+
+---
+
+## 8. Conclusion
+
+AI agents require **defense-in-depth security architecture** to operate safely in production environments. The combination of ClawMoat's reactive threat detection with Agent-OS's proactive governance provides comprehensive protection against the OWASP Agentic Top 10 while maintaining developer productivity.
+
+This RFC proposes a practical, standards-based approach that:
+- Works across agent frameworks
+- Provides incremental adoption path
+- Balances security with usability
+- Scales to enterprise deployments
+
+**Next Steps:**
+1. Community review and feedback on this RFC
+2. Proof-of-concept implementation with CrewAI
+3. Policy schema standardization with industry stakeholders
+4. Performance benchmarking and optimization
+
+**Contributing:**
+This RFC is open for community input. Please provide feedback on:
+- Integration complexity and developer experience
+- Policy schema completeness and flexibility
+- Performance requirements and optimization strategies
+- Additional framework support priorities
+
+---
+
+**References:**
+- [OWASP Agentic Top 10](https://owasp.org/www-project-agentic-security/)
+- [ClawMoat Documentation](https://github.com/darfaz/clawmoat)
+- [Agent-OS Architecture](https://github.com/imran-siddique/agentmesh)
+- [Oasis Security Research](https://www.oasis.security/blog/openclaw-vulnerability)
+
+**Contact:**
+- ClawMoat Team: [security@clawmoat.com]  
+- Agent-OS Team: [governance@agent-os.dev]
+- RFC Discussion: [GitHub Issues](https://github.com/darfaz/clawmoat/issues/20)