npm - clawmoat - Versions diffs - 0.8.0 → 1.0.0 - Mend

clawmoat 0.8.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (171) hide show

package/.dockerignore +9 -0
package/CHANGELOG.md +18 -0
package/DEMO.md +87 -0
package/Dockerfile +5 -18
package/README.md +232 -8
package/THREAT_MODEL.md +129 -0
package/agent/README.md +131 -0
package/agent/index.js +471 -0
package/agent/install-service.sh +94 -0
package/agent/openclaw-hook.js +453 -0
package/agent/provider-setup.js +649 -0
package/agent/setup.js +274 -0
package/assets/BADGE-USAGE.md +20 -0
package/assets/clawmoat-badge.svg +21 -0
package/bin/clawmoat.js +468 -111
package/docs/affiliates/dashboard.html +124 -0
package/docs/affiliates/index.html +236 -0
package/docs/agent-install.html +183 -0
package/docs/ai-agent-security-scanner.html +10 -6
package/docs/badge/index.html +149 -0
package/docs/badge/scanning.svg +23 -0
package/docs/blog/386-malicious-skills.html +11 -4
package/docs/blog/40000-exposed-openclaw-instances.html +11 -4
package/docs/blog/agent-trust-protocol.html +5 -4
package/docs/blog/ai-agent-earns-commissions.html +230 -0
package/docs/blog/bugmageddon-agent-firewall.html +174 -0
package/docs/blog/calculator-math.html +180 -0
package/docs/blog/clawmoat-vs-llamafirewall-nemo-guardrails.html +10 -4
package/docs/blog/host-guardian-launch.html +18 -8
package/docs/blog/ibm-experts-agent-runtime-protection.html +15 -6
package/docs/blog/index.html +67 -9
package/docs/blog/langchain-security-tutorial.html +18 -8
package/docs/blog/mcp-30-cves-security-crisis.html +11 -4
package/docs/blog/meta-researcher-rogue-agent.html +201 -0
package/docs/blog/microsoft-openclaw-workstation-security.html +5 -4
package/docs/blog/nist-ai-agent-standards-clawmoat.html +16 -8
package/docs/blog/oasis-websocket-hijack.html +11 -4
package/docs/blog/ollama-openclaw-security.html +10 -4
package/docs/blog/openclaw-enterprise-readiness-claw10.html +5 -4
package/docs/blog/openclaw-security-reckoning-2026.html +11 -4
package/docs/blog/owasp-agentic-ai-top10.html +18 -8
package/docs/blog/securing-ai-agents.html +18 -8
package/docs/blog/supply-chain-agents.html +18 -8
package/docs/business/index.html +11 -16
package/docs/business/install.html +21 -7
package/docs/checklist.html +10 -4
package/docs/compare/index.html +122 -0
package/docs/compare/lakera/index.html +62 -0
package/docs/compare/llm-guard/index.html +49 -0
package/docs/compare/snyk-agent-scan/index.html +63 -0
package/docs/compare.html +10 -6
package/docs/dashboard/index.html +520 -0
package/docs/finance/index.html +9 -6
package/docs/guides/business-deployment.html +770 -0
package/docs/hall-of-fame.html +11 -5
package/docs/index.html +266 -137
package/docs/integrations/langchain.html +14 -6
package/docs/integrations/openai.html +14 -6
package/docs/integrations/openclaw.html +55 -7
package/docs/plans/2026-03-26-threat-intel-api.md +255 -0
package/docs/plans/2026-04-14-bugmageddon-marketing-pack.md +329 -0
package/docs/plans/2026-04-14-clawmoat-v1-bugmageddon.md +248 -0
package/docs/plans/2026-04-14-v1-release-update.md +91 -0
package/docs/plans/2026-04-19-supabase-audit.md +68 -0
package/docs/plans/2026-05-12-sales-push.md +303 -0
package/docs/playground/index.html +893 -0
package/docs/playground.html +4 -7
package/docs/rfcs/defense-in-depth.md +467 -0
package/docs/scan/index.html +156 -12
package/docs/services/case-study.html +255 -0
package/docs/services/downloads/install-openclaw.bat +45 -0
package/docs/services/downloads/install-openclaw.command +38 -0
package/docs/services/downloads/install-openclaw.sh +38 -0
package/docs/services/get-started.html +165 -0
package/docs/services/index.html +598 -0
package/docs/services/multi-agent-security.html +284 -0
package/docs/services/one-pager.html +99 -0
package/docs/services/pitch-deck.html +229 -0
package/docs/services/roi-calculator.html +258 -0
package/docs/sitemap.xml +62 -2
package/docs/support/index.html +12 -1
package/docs/templates/customer-service/HEARTBEAT.md +61 -0
package/docs/templates/customer-service/MEMORY.md +89 -0
package/docs/templates/customer-service/SOUL.md +41 -0
package/docs/templates/customer-service/USER.md +56 -0
package/docs/templates/executive/HEARTBEAT.md +86 -0
package/docs/templates/executive/MEMORY.md +92 -0
package/docs/templates/executive/SOUL.md +44 -0
package/docs/templates/executive/USER.md +62 -0
package/docs/templates/finance/HEARTBEAT.md +58 -0
package/docs/templates/finance/MEMORY.md +87 -0
package/docs/templates/finance/SOUL.md +38 -0
package/docs/templates/finance/USER.md +53 -0
package/docs/templates/index.html +115 -0
package/docs/templates/operations/HEARTBEAT.md +63 -0
package/docs/templates/operations/MEMORY.md +68 -0
package/docs/templates/operations/SOUL.md +38 -0
package/docs/templates/operations/USER.md +49 -0
package/docs/templates/sales/HEARTBEAT.md +55 -0
package/docs/templates/sales/MEMORY.md +89 -0
package/docs/templates/sales/SOUL.md +34 -0
package/docs/templates/sales/USER.md +54 -0
package/eslint.config.js +32 -0
package/evals/README.md +29 -0
package/evals/cases.json +390 -0
package/evals/results.md +68 -0
package/evals/run.js +180 -0
package/examples/demo-attack/demo.js +186 -0
package/examples/python-quickstart/README.md +54 -0
package/examples/python-quickstart/clawmoat_client.py +167 -0
package/examples/video-demo/README.md +14 -0
package/examples/video-demo/scene-a-normal.js +29 -0
package/examples/video-demo/scene-b-attack-arrives.js +31 -0
package/examples/video-demo/scene-c-hijack.js +44 -0
package/examples/video-demo/scene-d-clawmoat.js +46 -0
package/integrations/crewai/README.md +32 -0
package/integrations/crewai/clawmoat_crewai/__init__.py +17 -0
package/integrations/crewai/clawmoat_crewai/guard.py +103 -0
package/integrations/crewai/pyproject.toml +21 -0
package/integrations/langchain/README.md +91 -0
package/integrations/langchain/clawmoat_langchain/__init__.py +17 -0
package/integrations/langchain/clawmoat_langchain/callback.py +489 -0
package/integrations/langchain/pyproject.toml +32 -0
package/integrations/litellm/README.md +324 -0
package/integrations/litellm/clawmoat_litellm/__init__.py +21 -0
package/integrations/litellm/clawmoat_litellm/callback.py +329 -0
package/integrations/litellm/clawmoat_litellm/proxy_middleware.py +224 -0
package/integrations/litellm/pyproject.toml +74 -0
package/integrations/openai-agents/README.md +392 -0
package/integrations/openai-agents/clawmoat_openai_agents/__init__.py +20 -0
package/integrations/openai-agents/clawmoat_openai_agents/guardrail.py +431 -0
package/integrations/openai-agents/clawmoat_openai_agents/middleware.py +311 -0
package/integrations/openai-agents/pyproject.toml +76 -0
package/package.json +6 -5
package/plugins/openclaw-adapter/PHASE1.md +439 -0
package/plugins/openclaw-adapter/README.md +103 -0
package/plugins/openclaw-adapter/SPEC.md +1644 -0
package/plugins/openclaw-adapter/package.json +31 -0
package/plugins/openclaw-adapter/src/index.test.ts +226 -0
package/plugins/openclaw-adapter/src/index.ts +140 -0
package/plugins/openclaw-adapter/tsconfig.json +14 -0
package/server/data/threats.json +290 -0
package/server/index.js +142 -7
package/src/adapters/express.js +161 -0
package/src/adapters/index.js +92 -0
package/src/adapters/langchain.js +185 -0
package/src/approval/index.js +456 -0
package/src/ban-scanner.js +200 -0
package/src/boundary-scanner.js +296 -0
package/src/ci-scanner.js +279 -0
package/src/code-scanner.js +245 -0
package/src/enforce.js +166 -0
package/src/formatters/json.js +80 -0
package/src/formatters/sarif.js +388 -0
package/src/guardian/alerts.js +34 -3
package/src/guardian/index.js +41 -2
package/src/index.js +102 -0
package/src/integrations/agentmesh.js +501 -0
package/src/language-detector.js +201 -0
package/src/mcp-scanner.js +253 -0
package/src/multimodal/index.js +579 -0
package/src/obfuscation-scanner.js +457 -0
package/src/policy-engine.js +402 -0
package/src/scanners/dependency-attacks.js +128 -0
package/src/scanners/prompt-injection.js +18 -0
package/src/scanners/supply-chain.js +14 -0
package/src/templates/default-config.yml +90 -0
package/src/vuln-ops/exploitability.js +46 -0
package/src/watch/live-monitor.js +720 -0
package/clawmoat-0.8.0.tgz +0 -0
package/server/index.js.patch +0 -1

package/docs/compare/index.html ADDED Viewed

@@ -0,0 +1,122 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>ClawMoat vs Competitors — AI Agent Security Comparison</title>
+<meta name="description" content="Compare ClawMoat to Lakera, LLM Guard, Snyk agent-scan, and other AI agent security tools. Feature, pricing, and architecture comparison.">
+<style>
+:root{--bg:#0a0a0f;--fg:#e0e0e8;--accent:#00d4aa;--muted:#888;--card:#14141f;--blue:#3B82F6;--red:#ff4444}
+*{margin:0;padding:0;box-sizing:border-box}
+body{background:var(--bg);color:var(--fg);font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;line-height:1.7}
+.container{max-width:900px;margin:0 auto;padding:2rem 1.5rem}
+nav{padding:1rem 0;border-bottom:1px solid #2a2a3a;margin-bottom:2rem;display:flex;justify-content:space-between;align-items:center}
+nav a{color:var(--fg);text-decoration:none;margin-right:1.5rem}
+nav a:hover{color:var(--accent)}
+.logo span{color:var(--accent)}
+h1{font-size:2.5rem;margin-bottom:1rem;letter-spacing:-.02em}
+h2{color:var(--accent);margin:2rem 0 1rem;font-size:1.4rem}
+p{color:var(--muted);margin-bottom:1rem}
+.compare-grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(250px,1fr));gap:1.5rem;margin:2rem 0}
+.compare-card{background:var(--card);border:2px solid #2a2a3a;border-radius:12px;padding:1.5rem;transition:border-color .2s}
+.compare-card:hover{border-color:var(--accent)}
+.compare-card h3{margin-bottom:.5rem}
+.compare-card .vs{color:var(--accent);font-size:.85rem;text-transform:uppercase;letter-spacing:.1em;margin-bottom:.5rem}
+.compare-card p{font-size:.9rem}
+.compare-card a{color:var(--accent);text-decoration:none;font-weight:700;font-size:.9rem}
+table{width:100%;border-collapse:collapse;margin:1.5rem 0}
+th,td{padding:.75rem;text-align:left;border-bottom:1px solid #2a2a3a;font-size:.9rem}
+th{color:var(--accent);font-size:.8rem;text-transform:uppercase;letter-spacing:.05em}
+.yes{color:var(--accent)}
+.no{color:var(--red)}
+.partial{color:#f5c542}
+.btn{background:var(--accent);color:#000;padding:.75rem 2rem;border:none;border-radius:8px;font-weight:700;cursor:pointer;display:inline-block;text-decoration:none;margin:.5rem}
+footer{text-align:center;color:var(--muted);font-size:.8rem;padding:2rem 0;border-top:1px solid #2a2a3a;margin-top:3rem}
+</style>
+</head>
+<body>
+<div class="container">
+<nav>
+  <a href="/" class="logo">🏰 Claw<span>Moat</span></a>
+  <div>
+    <a href="/scan/">Scanner</a>
+    <a href="/affiliates/">Affiliates</a>
+    <a href="https://github.com/darfaz/clawmoat">GitHub ↗</a>
+  </div>
+</nav>
+<h1>How ClawMoat Compares</h1>
+<p style="font-size:1.1rem;color:var(--fg);max-width:700px">There are many AI security tools now. Here's how we're different: open source, self-hosted, zero dependencies, transparent pricing, and focused on runtime protection for developers — not enterprise sales cycles.</p>
+<div class="compare-grid">
+  <div class="compare-card">
+    <div class="vs">Agent Firewall vs API Guard</div>
+    <h3>ClawMoat vs Lakera</h3>
+    <p>Lakera is a hosted API ($0 → enterprise). ClawMoat runs locally with zero deps. No API calls, no vendor lock-in, no token limits.</p>
+    <a href="/compare/lakera/">Full comparison →</a>
+  </div>
+  <div class="compare-card">
+    <div class="vs">Node.js vs Python</div>
+    <h3>ClawMoat vs LLM Guard</h3>
+    <p>LLM Guard is Python-only with heavy deps. ClawMoat is JS-native for the OpenClaw/Claude Code ecosystem. Plus host protection and supply chain detection.</p>
+    <a href="/compare/llm-guard/">Full comparison →</a>
+  </div>
+  <div class="compare-card">
+    <div class="vs">Independent vs Platform Lock-in</div>
+    <h3>ClawMoat vs Snyk agent-scan</h3>
+    <p>Snyk requires an API token and account. ClawMoat needs nothing — npm install and go. Different philosophy: developer-first vs enterprise-first.</p>
+    <a href="/compare/snyk-agent-scan/">Full comparison →</a>
+  </div>
+</div>
+<h2>Feature Comparison Matrix</h2>
+<table>
+<thead>
+<tr><th>Feature</th><th>ClawMoat</th><th>Lakera Guard</th><th>LLM Guard</th><th>Snyk agent-scan</th><th>NeMo Guardrails</th></tr>
+</thead>
+<tbody>
+<tr><td>Open Source</td><td class="yes">✓ MIT</td><td class="no">✗ Proprietary</td><td class="yes">✓ MIT</td><td class="yes">✓ Apache 2.0</td><td class="yes">✓ Apache 2.0</td></tr>
+<tr><td>Self-Hosted</td><td class="yes">✓ Local only</td><td class="partial">Enterprise only</td><td class="yes">✓</td><td class="yes">✓</td><td class="yes">✓</td></tr>
+<tr><td>Zero Dependencies</td><td class="yes">✓</td><td class="no">N/A (API)</td><td class="no">✗ Heavy</td><td class="no">✗ Python</td><td class="no">✗ Heavy</td></tr>
+<tr><td>Prompt Injection</td><td class="yes">✓ 13 patterns</td><td class="yes">✓ ML-based</td><td class="yes">✓</td><td class="yes">✓</td><td class="partial">Via config</td></tr>
+<tr><td>Supply Chain Detection</td><td class="yes">✓ TeamPCP + more</td><td class="no">✗</td><td class="no">✗</td><td class="partial">MCP focus</td><td class="no">✗</td></tr>
+<tr><td>Host Protection</td><td class="yes">✓ 4 tiers</td><td class="no">✗</td><td class="no">✗</td><td class="no">✗</td><td class="no">✗</td></tr>
+<tr><td>MCP Server Scanning</td><td class="partial">🔜 Coming</td><td class="no">✗</td><td class="no">✗</td><td class="yes">✓</td><td class="no">✗</td></tr>
+<tr><td>Secret Scanning</td><td class="yes">✓</td><td class="partial">PII only</td><td class="yes">✓</td><td class="partial">Skills only</td><td class="no">✗</td></tr>
+<tr><td>Insider Threat Detection</td><td class="yes">✓ 6 detectors</td><td class="no">✗</td><td class="no">✗</td><td class="no">✗</td><td class="no">✗</td></tr>
+<tr><td>Node.js Native</td><td class="yes">✓</td><td class="partial">API client</td><td class="no">✗ Python</td><td class="no">✗ Python</td><td class="no">✗ Python</td></tr>
+<tr><td>Auth Required</td><td class="yes">None</td><td class="no">API key</td><td class="yes">None</td><td class="no">Snyk token</td><td class="yes">None</td></tr>
+<tr><td>Transparent Pricing</td><td class="yes">✓ On website</td><td class="no">"Let's chat"</td><td class="yes">Free</td><td class="partial">Via Snyk plans</td><td class="yes">Free</td></tr>
+<tr><td>Free Tier</td><td class="yes">✓ Unlimited</td><td class="yes">10K req/mo</td><td class="yes">✓ Unlimited</td><td class="yes">Open preview</td><td class="yes">✓ Unlimited</td></tr>
+</tbody>
+</table>
+<h2>Pricing Comparison</h2>
+<table>
+<thead>
+<tr><th>Tool</th><th>Free</th><th>Developer</th><th>Team</th><th>Enterprise</th></tr>
+</thead>
+<tbody>
+<tr><td><strong>ClawMoat</strong></td><td>$0 (unlimited)</td><td>$9/mo</td><td>$49/mo</td><td>Custom</td></tr>
+<tr><td>Lakera</td><td>$0 (10K req)</td><td>—</td><td>—</td><td>"Let's chat"</td></tr>
+<tr><td>LLM Guard</td><td>Free (MIT)</td><td>—</td><td>—</td><td>Coming soon</td></tr>
+<tr><td>Snyk</td><td>Free tier</td><td>~$45/dev/mo</td><td>—</td><td>Custom</td></tr>
+<tr><td>Zenity</td><td>—</td><td>—</td><td>—</td><td>Quote only</td></tr>
+<tr><td>Noma</td><td>—</td><td>—</td><td>—</td><td>Quote only ($139M raised)</td></tr>
+</tbody>
+</table>
+<p style="margin-top:2rem;text-align:center;font-size:1rem;color:var(--fg)"><strong>ClawMoat is the only tool that combines host-level protection, supply chain detection, insider threat analysis, AND transparent pricing in a zero-dependency Node.js package.</strong></p>
+<div style="text-align:center;margin:2rem 0">
+  <a href="https://github.com/darfaz/clawmoat" class="btn">⭐ Star on GitHub</a>
+  <a href="/scan/" class="btn" style="background:transparent;border:2px solid var(--accent);color:var(--accent)">Try the Scanner</a>
+</div>
+<footer>
+  <p>🏰 ClawMoat — The Open-Source Agent Firewall</p>
+  <p><a href="/" style="color:var(--muted)">Home</a> · <a href="/scan/" style="color:var(--muted)">Scanner</a> · <a href="/affiliates/" style="color:var(--muted)">Affiliates</a> · <a href="https://github.com/darfaz/clawmoat" style="color:var(--muted)">GitHub</a></p>
+</footer>
+</div>
+</body>
+</html>

package/docs/compare/lakera/index.html ADDED Viewed

@@ -0,0 +1,62 @@
+<!DOCTYPE html><html lang="en"><head>
+<meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>ClawMoat vs Lakera Guard — AI Agent Security Comparison</title>
+<meta name="description" content="Compare ClawMoat and Lakera Guard for AI agent security. Self-hosted vs API, transparent pricing vs sales calls, zero dependencies vs vendor lock-in.">
+<style>:root{--bg:#0a0a0f;--fg:#e0e0e8;--accent:#00d4aa;--muted:#888;--card:#14141f;--blue:#3B82F6;--red:#ff4444}*{margin:0;padding:0;box-sizing:border-box}body{background:var(--bg);color:var(--fg);font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;line-height:1.7}.container{max-width:800px;margin:0 auto;padding:2rem 1.5rem}nav{padding:1rem 0;border-bottom:1px solid #2a2a3a;margin-bottom:2rem;display:flex;justify-content:space-between;align-items:center}nav a{color:var(--fg);text-decoration:none;margin-right:1.5rem}nav a:hover{color:var(--accent)}.logo span{color:var(--accent)}h1{font-size:2.2rem;margin-bottom:1rem}h2{color:var(--accent);margin:2rem 0 .75rem;font-size:1.3rem}p,li{color:var(--muted)}ul{margin:0 0 1rem 1.5rem}.highlight-box{background:var(--card);border:2px solid var(--accent);border-radius:12px;padding:1.5rem;margin:1.5rem 0}table{width:100%;border-collapse:collapse;margin:1rem 0}th,td{padding:.6rem;text-align:left;border-bottom:1px solid #2a2a3a;font-size:.9rem}th{color:var(--accent);font-size:.8rem;text-transform:uppercase}.yes{color:var(--accent)}.no{color:var(--red)}.btn{background:var(--accent);color:#000;padding:.75rem 2rem;border:none;border-radius:8px;font-weight:700;cursor:pointer;display:inline-block;text-decoration:none;margin:.5rem}footer{text-align:center;color:var(--muted);font-size:.8rem;padding:2rem 0;border-top:1px solid #2a2a3a;margin-top:3rem}</style>
+</head><body><div class="container">
+<nav><a href="/" class="logo">🏰 Claw<span>Moat</span></a><div><a href="/compare/">All Comparisons</a><a href="/scan/">Scanner</a><a href="https://github.com/darfaz/clawmoat">GitHub ↗</a></div></nav>
+<h1>ClawMoat vs Lakera Guard</h1>
+<p style="font-size:1.1rem;color:var(--fg)">Lakera Guard is a hosted API for LLM runtime security. ClawMoat is a self-hosted, zero-dependency agent firewall. Different architectures, different trade-offs.</p>
+<div class="highlight-box">
+<p style="color:var(--fg);margin:0"><strong>TL;DR:</strong> Choose Lakera if you want ML-powered detection via an API and have budget for enterprise sales. Choose ClawMoat if you want self-hosted, transparent pricing, supply chain protection, and zero vendor lock-in.</p>
+</div>
+<h2>Architecture</h2>
+<p><strong>Lakera</strong> is a cloud API. You send prompts to their endpoint, they return a risk score. Your data leaves your machine. Latency depends on network. Requires an API key and account.</p>
+<p><strong>ClawMoat</strong> runs entirely local. npm install, import, done. Nothing leaves your machine. Zero network calls. Zero auth. Zero dependencies.</p>
+<h2>Detection Approach</h2>
+<p>Lakera uses ML models trained on their proprietary dataset. This means better generalization for novel attacks, but it's a black box — you can't inspect or customize the detection logic.</p>
+<p>ClawMoat uses pattern-based detection with 13 prompt injection patterns, 15+ supply chain indicators, and 6 insider threat detectors. It's transparent — you can read every pattern, add your own, and understand exactly why something was flagged.</p>
+<h2>What ClawMoat Has That Lakera Doesn't</h2>
+<ul>
+<li><strong>Host-level protection</strong> — forbidden zones, dangerous command blocking, 4 permission tiers</li>
+<li><strong>Supply chain detection</strong> — real-time indicators for TeamPCP, CanisterWorm, compromised packages</li>
+<li><strong>Insider threat detection</strong> — 6 behavioral detectors based on Anthropic's agentic misalignment research</li>
+<li><strong>Network egress logging</strong> — tracks outbound connections from agents</li>
+<li><strong>Inter-agent message scanning</strong> — detects attacks between cooperating agents</li>
+<li><strong>Zero dependencies</strong> — no supply chain risk from the security tool itself</li>
+<li><strong>Transparent pricing</strong> — $0 / $29 / $149 on the website vs "Let's chat"</li>
+</ul>
+<h2>What Lakera Has That ClawMoat Doesn't</h2>
+<ul>
+<li><strong>ML-powered detection</strong> — better at catching novel/creative prompt injections</li>
+<li><strong>PII detection and redaction</strong> — dedicated PII scanner with entity recognition</li>
+<li><strong>Enterprise SSO/RBAC</strong> — built for large orgs</li>
+<li><strong>Managed infrastructure</strong> — no self-hosting needed</li>
+<li><strong>Proven at scale</strong> — used by Dropbox and other large companies</li>
+</ul>
+<h2>Pricing</h2>
+<table>
+<tr><th></th><th>ClawMoat</th><th>Lakera</th></tr>
+<tr><td>Free</td><td class="yes">Unlimited, self-hosted</td><td>10,000 req/month</td></tr>
+<tr><td>Developer</td><td>$9/mo</td><td class="no">—</td></tr>
+<tr><td>Team</td><td>$49/mo</td><td class="no">—</td></tr>
+<tr><td>Enterprise</td><td>Custom</td><td>"Let's chat" (sales call required)</td></tr>
+</table>
+<h2>Who Should Use What</h2>
+<p><strong>Use Lakera if:</strong> You're an enterprise with budget, need ML-powered detection, want managed infrastructure, and can wait for a sales process.</p>
+<p><strong>Use ClawMoat if:</strong> You're a developer or small team, want self-hosted security, need supply chain protection, care about transparent pricing, and want to be running in 5 minutes.</p>
+<div style="text-align:center;margin:2rem 0">
+<a href="https://github.com/darfaz/clawmoat" class="btn">Try ClawMoat Free →</a>
+<a href="/compare/" class="btn" style="background:transparent;border:2px solid var(--accent);color:var(--accent)">All Comparisons</a>
+</div>
+<footer><p>🏰 ClawMoat — The Open-Source Agent Firewall</p></footer>
+</div></body></html>

package/docs/compare/llm-guard/index.html ADDED Viewed

@@ -0,0 +1,49 @@
+<!DOCTYPE html><html lang="en"><head>
+<meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>ClawMoat vs LLM Guard — AI Agent Security Comparison</title>
+<meta name="description" content="Compare ClawMoat and LLM Guard (Protect AI) for AI agent security. Node.js vs Python, zero deps vs heavy deps, host protection vs input/output scanning.">
+<style>:root{--bg:#0a0a0f;--fg:#e0e0e8;--accent:#00d4aa;--muted:#888;--card:#14141f;--blue:#3B82F6;--red:#ff4444}*{margin:0;padding:0;box-sizing:border-box}body{background:var(--bg);color:var(--fg);font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;line-height:1.7}.container{max-width:800px;margin:0 auto;padding:2rem 1.5rem}nav{padding:1rem 0;border-bottom:1px solid #2a2a3a;margin-bottom:2rem;display:flex;justify-content:space-between;align-items:center}nav a{color:var(--fg);text-decoration:none;margin-right:1.5rem}nav a:hover{color:var(--accent)}.logo span{color:var(--accent)}h1{font-size:2.2rem;margin-bottom:1rem}h2{color:var(--accent);margin:2rem 0 .75rem;font-size:1.3rem}p,li{color:var(--muted)}ul{margin:0 0 1rem 1.5rem}.highlight-box{background:var(--card);border:2px solid var(--accent);border-radius:12px;padding:1.5rem;margin:1.5rem 0}table{width:100%;border-collapse:collapse;margin:1rem 0}th,td{padding:.6rem;text-align:left;border-bottom:1px solid #2a2a3a;font-size:.9rem}th{color:var(--accent);font-size:.8rem;text-transform:uppercase}.yes{color:var(--accent)}.no{color:var(--red)}.btn{background:var(--accent);color:#000;padding:.75rem 2rem;border:none;border-radius:8px;font-weight:700;cursor:pointer;display:inline-block;text-decoration:none;margin:.5rem}footer{text-align:center;color:var(--muted);font-size:.8rem;padding:2rem 0;border-top:1px solid #2a2a3a;margin-top:3rem}</style>
+</head><body><div class="container">
+<nav><a href="/" class="logo">🏰 Claw<span>Moat</span></a><div><a href="/compare/">All Comparisons</a><a href="/scan/">Scanner</a><a href="https://github.com/darfaz/clawmoat">GitHub ↗</a></div></nav>
+<h1>ClawMoat vs LLM Guard</h1>
+<p style="font-size:1.1rem;color:var(--fg)">LLM Guard (by Protect AI) is a Python security toolkit with 35 scanners. ClawMoat is a Node.js agent firewall with host protection, supply chain detection, and insider threat analysis.</p>
+<div class="highlight-box">
+<p style="color:var(--fg);margin:0"><strong>TL;DR:</strong> Building in Python? LLM Guard is solid. Building in Node.js/TypeScript, or need host-level protection and supply chain scanning? ClawMoat.</p>
+</div>
+<h2>Ecosystem</h2>
+<p><strong>LLM Guard</strong> is Python-only. 2,500 GitHub stars, 15 input scanners, 20 output scanners. Heavy dependencies (transformers, torch, spacy). Backed by Protect AI ($60M+ raised).</p>
+<p><strong>ClawMoat</strong> is Node.js/TypeScript native. Zero dependencies. Built for the JavaScript agent ecosystem (OpenClaw, Claude Code, MCP SDK). 142 tests, MIT licensed.</p>
+<h2>Scope Difference</h2>
+<p>LLM Guard focuses on <strong>input/output scanning</strong> — it inspects what goes into and comes out of an LLM. That's one layer.</p>
+<p>ClawMoat covers <strong>three layers</strong>: input/output scanning, host-level protection (forbidden zones, command blocking, permission tiers), and supply chain detection (compromised packages, C2 indicators). Plus insider threat detection based on Anthropic's research.</p>
+<table>
+<tr><th>Capability</th><th>ClawMoat</th><th>LLM Guard</th></tr>
+<tr><td>Language</td><td class="yes">Node.js/TypeScript</td><td>Python</td></tr>
+<tr><td>Dependencies</td><td class="yes">Zero</td><td class="no">Heavy (torch, transformers)</td></tr>
+<tr><td>Prompt injection</td><td class="yes">✓</td><td class="yes">✓</td></tr>
+<tr><td>Jailbreak detection</td><td class="yes">✓</td><td class="yes">✓</td></tr>
+<tr><td>Secret scanning</td><td class="yes">✓</td><td class="yes">✓</td></tr>
+<tr><td>PII detection</td><td>Basic patterns</td><td class="yes">✓ NER-based</td></tr>
+<tr><td>Toxicity detection</td><td class="no">✗</td><td class="yes">✓</td></tr>
+<tr><td>Host protection</td><td class="yes">✓ 4 tiers, forbidden zones</td><td class="no">✗</td></tr>
+<tr><td>Supply chain detection</td><td class="yes">✓ 15+ patterns</td><td class="no">✗</td></tr>
+<tr><td>Insider threat detection</td><td class="yes">✓ 6 detectors</td><td class="no">✗</td></tr>
+<tr><td>Network egress logging</td><td class="yes">✓</td><td class="no">✗</td></tr>
+<tr><td>Install size</td><td class="yes">~50KB</td><td class="no">~2GB+ (with models)</td></tr>
+</table>
+<h2>When to Use Each</h2>
+<p><strong>LLM Guard</strong> is the right choice if you're building Python LLM applications and need deep NLP-based detection (toxicity, bias, language models). It's a mature, well-backed project.</p>
+<p><strong>ClawMoat</strong> is the right choice if you're building JS/TS agents, need host-level protection beyond just prompt scanning, want zero dependencies, or need supply chain attack detection.</p>
+<div style="text-align:center;margin:2rem 0">
+<a href="https://github.com/darfaz/clawmoat" class="btn">Try ClawMoat Free →</a>
+<a href="/compare/" class="btn" style="background:transparent;border:2px solid var(--accent);color:var(--accent)">All Comparisons</a>
+</div>
+<footer><p>🏰 ClawMoat — The Open-Source Agent Firewall</p></footer>
+</div></body></html>

package/docs/compare/snyk-agent-scan/index.html ADDED Viewed

@@ -0,0 +1,63 @@
+<!DOCTYPE html><html lang="en"><head>
+<meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>ClawMoat vs Snyk agent-scan — AI Agent Security Comparison</title>
+<meta name="description" content="Compare ClawMoat and Snyk agent-scan for AI agent and MCP security. Zero-auth vs API token, Node.js vs Python, transparent pricing vs enterprise licensing.">
+<style>:root{--bg:#0a0a0f;--fg:#e0e0e8;--accent:#00d4aa;--muted:#888;--card:#14141f;--blue:#3B82F6;--red:#ff4444}*{margin:0;padding:0;box-sizing:border-box}body{background:var(--bg);color:var(--fg);font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;line-height:1.7}.container{max-width:800px;margin:0 auto;padding:2rem 1.5rem}nav{padding:1rem 0;border-bottom:1px solid #2a2a3a;margin-bottom:2rem;display:flex;justify-content:space-between;align-items:center}nav a{color:var(--fg);text-decoration:none;margin-right:1.5rem}nav a:hover{color:var(--accent)}.logo span{color:var(--accent)}h1{font-size:2.2rem;margin-bottom:1rem}h2{color:var(--accent);margin:2rem 0 .75rem;font-size:1.3rem}p,li{color:var(--muted)}ul{margin:0 0 1rem 1.5rem}.highlight-box{background:var(--card);border:2px solid var(--accent);border-radius:12px;padding:1.5rem;margin:1.5rem 0}table{width:100%;border-collapse:collapse;margin:1rem 0}th,td{padding:.6rem;text-align:left;border-bottom:1px solid #2a2a3a;font-size:.9rem}th{color:var(--accent);font-size:.8rem;text-transform:uppercase}.yes{color:var(--accent)}.no{color:var(--red)}.btn{background:var(--accent);color:#000;padding:.75rem 2rem;border:none;border-radius:8px;font-weight:700;cursor:pointer;display:inline-block;text-decoration:none;margin:.5rem}footer{text-align:center;color:var(--muted);font-size:.8rem;padding:2rem 0;border-top:1px solid #2a2a3a;margin-top:3rem}</style>
+</head><body><div class="container">
+<nav><a href="/" class="logo">🏰 Claw<span>Moat</span></a><div><a href="/compare/">All Comparisons</a><a href="/scan/">Scanner</a><a href="https://github.com/darfaz/clawmoat">GitHub ↗</a></div></nav>
+<h1>ClawMoat vs Snyk agent-scan</h1>
+<p style="font-size:1.1rem;color:var(--fg)">Snyk agent-scan launched at RSAC 2026 with MCP server scanning. ClawMoat has been shipping agent security since February 2026. Different approaches, different trade-offs.</p>
+<div class="highlight-box">
+<p style="color:var(--fg);margin:0"><strong>TL;DR:</strong> Snyk agent-scan is great for MCP server governance in enterprise environments. ClawMoat is better for developers who want zero-friction security with host protection, supply chain detection, and no account required.</p>
+</div>
+<h2>Philosophy</h2>
+<p><strong>Snyk</strong> is an enterprise security platform. agent-scan is one product in their suite. It requires a Snyk account and API token. It feeds into Snyk Evo for centralized management. Enterprise-first, developer-useful.</p>
+<p><strong>ClawMoat</strong> is developer-first. npm install. No account. No API key. No network calls. Start scanning in 30 seconds. Upgrade to paid plans when you need dashboards and alerts.</p>
+<h2>What Snyk Does Better</h2>
+<ul>
+<li><strong>MCP server scanning</strong> — protocol-level inspection of tool definitions, prompts, resources</li>
+<li><strong>Agent discovery</strong> — auto-discovers Claude, Cursor, Windsurf, VS Code, Gemini CLI configs</li>
+<li><strong>Background daemon</strong> — runs continuously, reports to central Snyk Evo dashboard</li>
+<li><strong>Enterprise integration</strong> — MDM deployment, CrowdStrike integration, centralized reporting</li>
+<li><strong>Red teaming</strong> — built-in attack profiles (fast, security, safety)</li>
+<li><strong>Brand trust</strong> — Snyk has 4,800 enterprise customers</li>
+</ul>
+<h2>What ClawMoat Does Better</h2>
+<ul>
+<li><strong>Zero friction</strong> — no account, no API token, no Python/uv dependency chain</li>
+<li><strong>Supply chain detection</strong> — real-time TeamPCP indicators, compromised package versions, C2 domains</li>
+<li><strong>Host protection</strong> — forbidden zones, permission tiers, dangerous command blocking</li>
+<li><strong>Insider threat detection</strong> — 6 behavioral detectors for agentic misalignment</li>
+<li><strong>Network egress logging</strong> — tracks and blocks agent outbound connections</li>
+<li><strong>Node.js native</strong> — Snyk is Python-only; ClawMoat serves the JS agent ecosystem</li>
+<li><strong>Transparent pricing</strong> — $0 / $29 / $149 vs Snyk enterprise licensing</li>
+<li><strong>Privacy</strong> — everything runs locally, nothing phones home (Snyk requires API calls)</li>
+</ul>
+<h2>Can You Use Both?</h2>
+<p style="color:var(--fg)"><strong>Yes.</strong> They're complementary. Snyk agent-scan for MCP governance and enterprise reporting. ClawMoat for runtime protection, supply chain scanning, and host security. Different layers, different strengths.</p>
+<table>
+<tr><th>Dimension</th><th>ClawMoat</th><th>Snyk agent-scan</th></tr>
+<tr><td>Account required</td><td class="yes">No</td><td class="no">Yes (Snyk token)</td></tr>
+<tr><td>Language</td><td>Node.js</td><td>Python</td></tr>
+<tr><td>Install</td><td class="yes">npm i -g clawmoat</td><td>uvx snyk-agent-scan</td></tr>
+<tr><td>MCP scanning</td><td>Coming soon</td><td class="yes">✓</td></tr>
+<tr><td>Supply chain</td><td class="yes">✓ 15+ patterns</td><td class="no">✗</td></tr>
+<tr><td>Host protection</td><td class="yes">✓</td><td class="no">✗</td></tr>
+<tr><td>Runtime scanning</td><td class="yes">✓</td><td>CLI-based</td></tr>
+<tr><td>Pricing</td><td class="yes">Free → $29 → $149</td><td>Via Snyk plans</td></tr>
+<tr><td>Privacy</td><td class="yes">100% local</td><td class="no">Sends to Snyk API</td></tr>
+</table>
+<div style="text-align:center;margin:2rem 0">
+<a href="https://github.com/darfaz/clawmoat" class="btn">Try ClawMoat Free →</a>
+<a href="/compare/" class="btn" style="background:transparent;border:2px solid var(--accent);color:var(--accent)">All Comparisons</a>
+</div>
+<footer><p>🏰 ClawMoat — The Open-Source Agent Firewall</p></footer>
+</div></body></html>

package/docs/compare.html CHANGED Viewed

@@ -110,12 +110,10 @@ footer a{color:var(--gray)}
   <a href="/" class="logo">🏰 Claw<span>Moat</span></a>
   <button class="menu-toggle" onclick="document.querySelector('.nav-links').classList.toggle('open')" aria-label="Menu">☰</button>
   <div class="nav-links">
-    <a href="/#features">Features</a>
-    <a href="/compare.html" class="active">Compare</a>
-    <a href="/#pricing">Pricing</a>
+    <a href="/">Security</a>
+    <a href="/services/">AI Agents</a>
     <a href="/blog/">Blog</a>
-    <a href="https://github.com/darfaz/clawmoat">GitHub</a>
-    <a href="/#waitlist" class="btn-sm">Get Early Access</a>
+    <a href="https://github.com/darfaz/clawmoat">GitHub ↗</a>
   </div>
 </div>
 </nav>
@@ -306,7 +304,13 @@ footer a{color:var(--gray)}
 <!-- Footer -->
 <footer>
 <div class="container">
-  <p>🏰 ClawMoat — Security moat for AI agents · <a href="https://github.com/darfaz/clawmoat">GitHub</a> · <a href="/">Home</a></p>
+  <div style="display:flex;gap:24px;justify-content:center;flex-wrap:wrap;margin-bottom:16px">
+    <a href="https://github.com/darfaz/clawmoat" style="color:var(--gray)">GitHub</a>
+    <a href="https://www.npmjs.com/package/clawmoat" style="color:var(--gray)">npm</a>
+    <a href="/blog/" style="color:var(--gray)">Blog</a>
+    <a href="mailto:hello@clawmoat.com" style="color:var(--gray)">hello@clawmoat.com</a>
+  </div>
+  <p style="text-align:center;color:var(--gray);font-size:.85rem">© 2026 ClawMoat</p>
 </div>
 </footer>