clawmoat 0.8.0 → 1.0.0

package/docs/integrations/langchain.html

@@ -66,14 +66,14 @@ footer{border-top:1px solid var(--navy-mid);padding:40px 0;text-align:center;col
 <body>
 
 <nav>
-<div class="container" style="max-width:1140px">
+<div class="container">
   <a href="/" class="logo">🏰 Claw<span>Moat</span></a>
+  <button class="menu-toggle" onclick="document.querySelector('.nav-links').classList.toggle('open')" aria-label="Menu">☰</button>
   <div class="nav-links">
-    <a href="/">Home</a>
-    <a href="/integrations/langchain.html" style="color:var(--white)">Integrations</a>
+    <a href="/">Security</a>
+    <a href="/services/">AI Agents</a>
     <a href="/blog/">Blog</a>
-    <a href="https://github.com/darfaz/clawmoat">GitHub</a>
-    <a href="/#waitlist" class="btn-sm">Get Early Access</a>
+    <a href="https://github.com/darfaz/clawmoat">GitHub ↗</a>
   </div>
 </div>
 </nav>
@@ -276,7 +276,15 @@ audit:
 </article>
 
 <footer>
-  <p>🏰 ClawMoat — Security moat for AI agents</p>
+<div class="container">
+  <div style="display:flex;gap:24px;justify-content:center;flex-wrap:wrap;margin-bottom:16px">
+    <a href="https://github.com/darfaz/clawmoat" style="color:var(--gray)">GitHub</a>
+    <a href="https://www.npmjs.com/package/clawmoat" style="color:var(--gray)">npm</a>
+    <a href="/blog/" style="color:var(--gray)">Blog</a>
+    <a href="mailto:hello@clawmoat.com" style="color:var(--gray)">hello@clawmoat.com</a>
+  </div>
+  <p style="text-align:center;color:var(--gray);font-size:.85rem">© 2026 ClawMoat</p>
+</div>
 </footer>
 
 </body>

package/docs/integrations/openai.html

@@ -66,14 +66,14 @@ footer{border-top:1px solid var(--navy-mid);padding:40px 0;text-align:center;col
 <body>
 
 <nav>
-<div class="container" style="max-width:1140px">
+<div class="container">
   <a href="/" class="logo">🏰 Claw<span>Moat</span></a>
+  <button class="menu-toggle" onclick="document.querySelector('.nav-links').classList.toggle('open')" aria-label="Menu">☰</button>
   <div class="nav-links">
-    <a href="/">Home</a>
-    <a href="/integrations/openai.html" style="color:var(--white)">Integrations</a>
+    <a href="/">Security</a>
+    <a href="/services/">AI Agents</a>
     <a href="/blog/">Blog</a>
-    <a href="https://github.com/darfaz/clawmoat">GitHub</a>
-    <a href="/#waitlist" class="btn-sm">Get Early Access</a>
+    <a href="https://github.com/darfaz/clawmoat">GitHub ↗</a>
   </div>
 </div>
 </nav>
@@ -297,7 +297,15 @@ tools:
 </article>
 
 <footer>
-  <p>🏰 ClawMoat — Security moat for AI agents</p>
+<div class="container">
+  <div style="display:flex;gap:24px;justify-content:center;flex-wrap:wrap;margin-bottom:16px">
+    <a href="https://github.com/darfaz/clawmoat" style="color:var(--gray)">GitHub</a>
+    <a href="https://www.npmjs.com/package/clawmoat" style="color:var(--gray)">npm</a>
+    <a href="/blog/" style="color:var(--gray)">Blog</a>
+    <a href="mailto:hello@clawmoat.com" style="color:var(--gray)">hello@clawmoat.com</a>
+  </div>
+  <p style="text-align:center;color:var(--gray);font-size:.85rem">© 2026 ClawMoat</p>
+</div>
 </footer>
 
 </body>

package/docs/integrations/openclaw.html

@@ -66,14 +66,14 @@ footer{border-top:1px solid var(--navy-mid);padding:40px 0;text-align:center;col
 <body>
 
 <nav>
-<div class="container" style="max-width:1140px">
+<div class="container">
   <a href="/" class="logo">🏰 Claw<span>Moat</span></a>
+  <button class="menu-toggle" onclick="document.querySelector('.nav-links').classList.toggle('open')" aria-label="Menu">☰</button>
   <div class="nav-links">
-    <a href="/">Home</a>
-    <a href="/integrations/openclaw.html" style="color:var(--white)">Integrations</a>
+    <a href="/">Security</a>
+    <a href="/services/">AI Agents</a>
     <a href="/blog/">Blog</a>
-    <a href="https://github.com/darfaz/clawmoat">GitHub</a>
-    <a href="/#waitlist" class="btn-sm">Get Early Access</a>
+    <a href="https://github.com/darfaz/clawmoat">GitHub ↗</a>
   </div>
 </div>
 </nav>
@@ -293,19 +293,67 @@ done</code></pre>
   </div>
 </div>
 
+<h2>Official Sanitizer Plugin</h2>
+
+<div class="callout">
+  <strong>🔌 NEW:</strong> ClawMoat is now the <strong>reference implementation</strong> for OpenClaw's pluggable sanitizer pipeline. Every piece of content — transcripts, MCP tool results, agent messages — can pass through ClawMoat before reaching the AI agent.
+</div>
+
+<pre><code><span class="lang-label">Shell</span>npm install @openclaw/plugin-clawmoat</code></pre>
+
+<pre><code><span class="lang-label">JSON</span>// openclaw.json
+{
+  "sanitizers": [{
+    "module": "@openclaw/plugin-clawmoat",
+    "threshold": "medium",
+    "scanSecrets": true
+  }]
+}</code></pre>
+
+<p>The plugin provides:</p>
+<ul>
+  <li><strong>Configurable block thresholds</strong> — low, medium, high, critical</li>
+  <li><strong>Clean threat mapping</strong> — ClawMoat threat types → OpenClaw ruleIds</li>
+  <li><strong>Full audit logging</strong> — every scan result recorded</li>
+  <li><strong>10 test cases</strong> covering injection, credentials, thresholds, and edge cases</li>
+</ul>
+
+<p>See the <a href="https://github.com/darfaz/clawmoat/tree/main/plugins/openclaw-adapter">full spec and implementation guide</a> on GitHub.</p>
+
+<h2>ClawMoat Dashboard</h2>
+
+<p>Pro subscribers get access to the <a href="https://app.clawmoat.com"><strong>ClawMoat Dashboard</strong></a> — a hosted security console where you can:</p>
+
+<ul>
+  <li><strong>Scan text in your browser</strong> — paste any content and get instant threat analysis</li>
+  <li><strong>Generate API keys</strong> — integrate ClawMoat scanning into your own tools via REST API</li>
+  <li><strong>View scan history</strong> — full audit trail of every scan with threat level badges</li>
+  <li><strong>Monitor stats</strong> — total scans, threats detected, last scan time</li>
+</ul>
+
+<p>No terminal required. Log in with your email and start scanning.</p>
+
 <h2>Next Steps</h2>
 <ul>
+  <li><a href="https://app.clawmoat.com">ClawMoat Dashboard</a> — scan, monitor, and manage API keys</li>
   <li><a href="/integrations/langchain.html">LangChain Integration</a> — use ClawMoat with LangChain agents</li>
   <li><a href="/integrations/openai.html">OpenAI Integration</a> — secure function calling</li>
   <li><a href="https://github.com/darfaz/clawmoat">GitHub</a> — contribute, report issues, star the repo</li>
-  <li><a href="/#waitlist">Join the waitlist</a> — get early access to ClawMoat Pro with cloud dashboards</li>
 </ul>
 
 </div>
 </article>
 
 <footer>
-  <p>🏰 ClawMoat — Security moat for AI agents</p>
+<div class="container">
+  <div style="display:flex;gap:24px;justify-content:center;flex-wrap:wrap;margin-bottom:16px">
+    <a href="https://github.com/darfaz/clawmoat" style="color:var(--gray)">GitHub</a>
+    <a href="https://www.npmjs.com/package/clawmoat" style="color:var(--gray)">npm</a>
+    <a href="/blog/" style="color:var(--gray)">Blog</a>
+    <a href="mailto:hello@clawmoat.com" style="color:var(--gray)">hello@clawmoat.com</a>
+  </div>
+  <p style="text-align:center;color:var(--gray);font-size:.85rem">© 2026 ClawMoat</p>
+</div>
 </footer>
 
 </body>

package/docs/plans/2026-03-26-threat-intel-api.md

@@ -0,0 +1,255 @@
+# ClawMoat Threat Intel API — Implementation Plan
+
+> **For implementation:** Use the executing-plans skill to implement this plan task-by-task.
+
+**Goal:** Ship an MVP API endpoint that serves structured AI agent security threat intelligence, with Stripe metered billing.
+
+**Architecture:** Express.js server (extends existing ~/clawmoat/server/), backed by a JSON threat database that Leo populates from daily security news scans. Endpoints serve filtered threat data. Stripe usage-based billing tracks API calls per key. Deployed on Railway.
+
+**Tech Stack:** Express.js, Stripe metered billing, JSON flat-file storage (MVP), API key auth, Railway deploy
+
+---
+
+## Task 1: Threat Database Schema & Seed Data
+
+**Files:**
+- Create: `server/data/threats.json`
+- Create: `server/data/schema.md`
+
+**Step 1: Define the threat schema**
+
+```json
+{
+  "id": "CLAWMOAT-2026-0001",
+  "title": "LiteLLM .pth File Injection",
+  "published": "2026-03-24T00:00:00Z",
+  "updated": "2026-03-26T00:00:00Z",
+  "severity": "critical",
+  "category": "supply-chain",
+  "tags": ["python", "pypi", "credential-theft", "pth-injection"],
+  "summary": "LiteLLM versions 1.82.7-1.82.8 contain credential-stealing .pth payload",
+  "affected": {
+    "packages": ["litellm==1.82.7", "litellm==1.82.8"],
+    "ecosystems": ["pypi"]
+  },
+  "ioc": {
+    "domains": ["models.litellm.cloud"],
+    "files": ["litellm_init.pth"],
+    "hashes": [],
+    "patterns": ["exec(base64.b64decode(", ".pth import subprocess"]
+  },
+  "detection": {
+    "clawmoat_module": "scanners/supply-chain",
+    "clawmoat_function": "scanSkillContent",
+    "rules_triggered": ["obfuscated_exec_b64", "pth_file_injection", "exfil_litellm_lookalike"]
+  },
+  "references": [
+    "https://github.com/BerriAI/litellm/issues/24512",
+    "https://news.ycombinator.com/item?id=47501426",
+    "https://awesomeagents.ai/news/litellm-supply-chain-compromise-credential-theft/"
+  ],
+  "mitigation": "Rotate all credentials on affected systems. Check: pip show litellm | grep Version. Search: find / -name litellm_init.pth"
+}
+```
+
+**Step 2: Seed with this week's 5 threats**
+
+Populate threats.json with:
+1. LiteLLM .pth injection (CLAWMOAT-2026-0001)
+2. Meta AI agent data leak (CLAWMOAT-2026-0002)
+3. API key exposure on 10K websites (CLAWMOAT-2026-0003)
+4. LeakBase credential marketplace (CLAWMOAT-2026-0004)
+5. Gemini API key theft — $82K bill (CLAWMOAT-2026-0005)
+
+**Step 3: Commit**
+
+```
+git commit -m "feat: threat intel database schema + seed data (5 threats)"
+```
+
+---
+
+## Task 2: API Endpoint — GET /api/v1/threats
+
+**Files:**
+- Create: `server/routes/threats.js`
+- Modify: `server/index.js` (mount route)
+- Create: `server/middleware/api-key-auth.js`
+- Test: `server/tests/threats.test.js`
+
+**Step 1: Write failing test**
+
+```javascript
+const request = require('supertest');
+const app = require('../index');
+
+describe('GET /api/v1/threats', () => {
+  it('returns 401 without API key', async () => {
+    const res = await request(app).get('/api/v1/threats');
+    expect(res.status).toBe(401);
+  });
+
+  it('returns threats with valid API key', async () => {
+    const res = await request(app)
+      .get('/api/v1/threats')
+      .set('X-API-Key', 'test-key-123');
+    expect(res.status).toBe(200);
+    expect(res.body.threats).toBeInstanceOf(Array);
+    expect(res.body.threats.length).toBeGreaterThan(0);
+  });
+
+  it('filters by category', async () => {
+    const res = await request(app)
+      .get('/api/v1/threats?category=supply-chain')
+      .set('X-API-Key', 'test-key-123');
+    expect(res.body.threats.every(t => t.category === 'supply-chain')).toBe(true);
+  });
+
+  it('filters by severity', async () => {
+    const res = await request(app)
+      .get('/api/v1/threats?severity=critical')
+      .set('X-API-Key', 'test-key-123');
+    expect(res.body.threats.every(t => t.severity === 'critical')).toBe(true);
+  });
+
+  it('filters by date range', async () => {
+    const res = await request(app)
+      .get('/api/v1/threats?since=2026-03-24')
+      .set('X-API-Key', 'test-key-123');
+    expect(res.body.threats.length).toBeGreaterThan(0);
+  });
+});
+```
+
+**Step 2: Run test, confirm failure**
+
+**Step 3: Implement API key middleware**
+
+```javascript
+// server/middleware/api-key-auth.js
+const validKeys = new Map(); // loaded from server/data/api-keys.json
+
+function apiKeyAuth(req, res, next) {
+  const key = req.headers['x-api-key'];
+  if (!key) return res.status(401).json({ error: 'API key required' });
+  const record = validKeys.get(key);
+  if (!record) return res.status(403).json({ error: 'Invalid API key' });
+  req.apiUser = record;
+  next();
+}
+```
+
+**Step 4: Implement threats route**
+
+Query params: `category`, `severity`, `since`, `tags`, `limit` (default 20, max 100)
+
+Response format:
+```json
+{
+  "threats": [...],
+  "count": 5,
+  "total": 5,
+  "updated": "2026-03-26T15:00:00Z"
+}
+```
+
+**Step 5: Run tests, confirm pass**
+
+**Step 6: Commit**
+
+```
+git commit -m "feat: GET /api/v1/threats endpoint with filtering + API key auth"
+```
+
+---
+
+## Task 3: GET /api/v1/threats/:id — Single Threat Detail
+
+**Files:**
+- Modify: `server/routes/threats.js`
+- Modify: `server/tests/threats.test.js`
+
+Returns full threat object including IOCs, detection rules, mitigation steps.
+
+---
+
+## Task 4: GET /api/v1/ioc — Indicators of Compromise Feed
+
+**Files:**
+- Create: `server/routes/ioc.js`
+- Test: `server/tests/ioc.test.js`
+
+Aggregates all IOCs across threats into a flat feed. Useful for agents to bulk-update their blocklists.
+
+```json
+{
+  "domains": ["models.litellm.cloud", ...],
+  "files": ["litellm_init.pth", ...],
+  "patterns": ["exec(base64.b64decode(", ...],
+  "updated": "2026-03-26T15:00:00Z"
+}
+```
+
+---
+
+## Task 5: Stripe Metered Billing
+
+**Files:**
+- Create: `server/middleware/usage-tracker.js`
+- Create: `server/billing/stripe.js`
+- Modify: `server/middleware/api-key-auth.js` (link to Stripe customer)
+
+**Pricing:**
+- Free tier: 100 calls/month (no card required)
+- Pro: $4.99/mo flat + $0.001/call over 5,000
+- Unlimited: $19.99/mo
+
+**Implementation:**
+1. On each API call, increment usage counter in api-keys.json
+2. Stripe webhook on subscription create → generate API key → email to user
+3. Daily cron: report usage to Stripe metered billing
+4. Free tier: check call count, return 429 when exceeded
+
+---
+
+## Task 6: API Key Self-Service
+
+**Files:**
+- Create: `server/routes/keys.js`
+- Test: `server/tests/keys.test.js`
+
+POST /api/v1/keys — generate a free-tier API key (email required)
+GET /api/v1/keys/:key/usage — check your usage
+
+---
+
+## Task 7: Railway Deploy
+
+**Files:**
+- Modify: `server/package.json` (start script)
+- Create: `server/Procfile`
+- Create: `server/.env.example`
+
+Environment vars: STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, API_MASTER_KEY
+
+Deploy to Railway on clawmoat.com subdomain: `api.clawmoat.com`
+
+---
+
+## Task 8: Documentation
+
+**Files:**
+- Create: `docs/api/README.md`
+- Create: `docs/api/openapi.yaml`
+- Modify: `README.md` (add Threat Intel API section)
+
+OpenAPI spec for the full API. Add to clawmoat.com as /docs/api page.
+
+---
+
+## MVP Scope (Tonight)
+
+Tasks 1-3 + 7 = working API with seed data, deployed on Railway.
+Tasks 4-6 + 8 = fast follow (this week).
+
+**Total estimated time: 4-5 hours for MVP, 2-3 more for billing + docs.**