npm - clawmoat - Versions diffs - 0.8.0 → 1.0.0 - Mend

clawmoat 0.8.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (171) hide show

package/.dockerignore +9 -0
package/CHANGELOG.md +18 -0
package/DEMO.md +87 -0
package/Dockerfile +5 -18
package/README.md +232 -8
package/THREAT_MODEL.md +129 -0
package/agent/README.md +131 -0
package/agent/index.js +471 -0
package/agent/install-service.sh +94 -0
package/agent/openclaw-hook.js +453 -0
package/agent/provider-setup.js +649 -0
package/agent/setup.js +274 -0
package/assets/BADGE-USAGE.md +20 -0
package/assets/clawmoat-badge.svg +21 -0
package/bin/clawmoat.js +468 -111
package/docs/affiliates/dashboard.html +124 -0
package/docs/affiliates/index.html +236 -0
package/docs/agent-install.html +183 -0
package/docs/ai-agent-security-scanner.html +10 -6
package/docs/badge/index.html +149 -0
package/docs/badge/scanning.svg +23 -0
package/docs/blog/386-malicious-skills.html +11 -4
package/docs/blog/40000-exposed-openclaw-instances.html +11 -4
package/docs/blog/agent-trust-protocol.html +5 -4
package/docs/blog/ai-agent-earns-commissions.html +230 -0
package/docs/blog/bugmageddon-agent-firewall.html +174 -0
package/docs/blog/calculator-math.html +180 -0
package/docs/blog/clawmoat-vs-llamafirewall-nemo-guardrails.html +10 -4
package/docs/blog/host-guardian-launch.html +18 -8
package/docs/blog/ibm-experts-agent-runtime-protection.html +15 -6
package/docs/blog/index.html +67 -9
package/docs/blog/langchain-security-tutorial.html +18 -8
package/docs/blog/mcp-30-cves-security-crisis.html +11 -4
package/docs/blog/meta-researcher-rogue-agent.html +201 -0
package/docs/blog/microsoft-openclaw-workstation-security.html +5 -4
package/docs/blog/nist-ai-agent-standards-clawmoat.html +16 -8
package/docs/blog/oasis-websocket-hijack.html +11 -4
package/docs/blog/ollama-openclaw-security.html +10 -4
package/docs/blog/openclaw-enterprise-readiness-claw10.html +5 -4
package/docs/blog/openclaw-security-reckoning-2026.html +11 -4
package/docs/blog/owasp-agentic-ai-top10.html +18 -8
package/docs/blog/securing-ai-agents.html +18 -8
package/docs/blog/supply-chain-agents.html +18 -8
package/docs/business/index.html +11 -16
package/docs/business/install.html +21 -7
package/docs/checklist.html +10 -4
package/docs/compare/index.html +122 -0
package/docs/compare/lakera/index.html +62 -0
package/docs/compare/llm-guard/index.html +49 -0
package/docs/compare/snyk-agent-scan/index.html +63 -0
package/docs/compare.html +10 -6
package/docs/dashboard/index.html +520 -0
package/docs/finance/index.html +9 -6
package/docs/guides/business-deployment.html +770 -0
package/docs/hall-of-fame.html +11 -5
package/docs/index.html +266 -137
package/docs/integrations/langchain.html +14 -6
package/docs/integrations/openai.html +14 -6
package/docs/integrations/openclaw.html +55 -7
package/docs/plans/2026-03-26-threat-intel-api.md +255 -0
package/docs/plans/2026-04-14-bugmageddon-marketing-pack.md +329 -0
package/docs/plans/2026-04-14-clawmoat-v1-bugmageddon.md +248 -0
package/docs/plans/2026-04-14-v1-release-update.md +91 -0
package/docs/plans/2026-04-19-supabase-audit.md +68 -0
package/docs/plans/2026-05-12-sales-push.md +303 -0
package/docs/playground/index.html +893 -0
package/docs/playground.html +4 -7
package/docs/rfcs/defense-in-depth.md +467 -0
package/docs/scan/index.html +156 -12
package/docs/services/case-study.html +255 -0
package/docs/services/downloads/install-openclaw.bat +45 -0
package/docs/services/downloads/install-openclaw.command +38 -0
package/docs/services/downloads/install-openclaw.sh +38 -0
package/docs/services/get-started.html +165 -0
package/docs/services/index.html +598 -0
package/docs/services/multi-agent-security.html +284 -0
package/docs/services/one-pager.html +99 -0
package/docs/services/pitch-deck.html +229 -0
package/docs/services/roi-calculator.html +258 -0
package/docs/sitemap.xml +62 -2
package/docs/support/index.html +12 -1
package/docs/templates/customer-service/HEARTBEAT.md +61 -0
package/docs/templates/customer-service/MEMORY.md +89 -0
package/docs/templates/customer-service/SOUL.md +41 -0
package/docs/templates/customer-service/USER.md +56 -0
package/docs/templates/executive/HEARTBEAT.md +86 -0
package/docs/templates/executive/MEMORY.md +92 -0
package/docs/templates/executive/SOUL.md +44 -0
package/docs/templates/executive/USER.md +62 -0
package/docs/templates/finance/HEARTBEAT.md +58 -0
package/docs/templates/finance/MEMORY.md +87 -0
package/docs/templates/finance/SOUL.md +38 -0
package/docs/templates/finance/USER.md +53 -0
package/docs/templates/index.html +115 -0
package/docs/templates/operations/HEARTBEAT.md +63 -0
package/docs/templates/operations/MEMORY.md +68 -0
package/docs/templates/operations/SOUL.md +38 -0
package/docs/templates/operations/USER.md +49 -0
package/docs/templates/sales/HEARTBEAT.md +55 -0
package/docs/templates/sales/MEMORY.md +89 -0
package/docs/templates/sales/SOUL.md +34 -0
package/docs/templates/sales/USER.md +54 -0
package/eslint.config.js +32 -0
package/evals/README.md +29 -0
package/evals/cases.json +390 -0
package/evals/results.md +68 -0
package/evals/run.js +180 -0
package/examples/demo-attack/demo.js +186 -0
package/examples/python-quickstart/README.md +54 -0
package/examples/python-quickstart/clawmoat_client.py +167 -0
package/examples/video-demo/README.md +14 -0
package/examples/video-demo/scene-a-normal.js +29 -0
package/examples/video-demo/scene-b-attack-arrives.js +31 -0
package/examples/video-demo/scene-c-hijack.js +44 -0
package/examples/video-demo/scene-d-clawmoat.js +46 -0
package/integrations/crewai/README.md +32 -0
package/integrations/crewai/clawmoat_crewai/__init__.py +17 -0
package/integrations/crewai/clawmoat_crewai/guard.py +103 -0
package/integrations/crewai/pyproject.toml +21 -0
package/integrations/langchain/README.md +91 -0
package/integrations/langchain/clawmoat_langchain/__init__.py +17 -0
package/integrations/langchain/clawmoat_langchain/callback.py +489 -0
package/integrations/langchain/pyproject.toml +32 -0
package/integrations/litellm/README.md +324 -0
package/integrations/litellm/clawmoat_litellm/__init__.py +21 -0
package/integrations/litellm/clawmoat_litellm/callback.py +329 -0
package/integrations/litellm/clawmoat_litellm/proxy_middleware.py +224 -0
package/integrations/litellm/pyproject.toml +74 -0
package/integrations/openai-agents/README.md +392 -0
package/integrations/openai-agents/clawmoat_openai_agents/__init__.py +20 -0
package/integrations/openai-agents/clawmoat_openai_agents/guardrail.py +431 -0
package/integrations/openai-agents/clawmoat_openai_agents/middleware.py +311 -0
package/integrations/openai-agents/pyproject.toml +76 -0
package/package.json +6 -5
package/plugins/openclaw-adapter/PHASE1.md +439 -0
package/plugins/openclaw-adapter/README.md +103 -0
package/plugins/openclaw-adapter/SPEC.md +1644 -0
package/plugins/openclaw-adapter/package.json +31 -0
package/plugins/openclaw-adapter/src/index.test.ts +226 -0
package/plugins/openclaw-adapter/src/index.ts +140 -0
package/plugins/openclaw-adapter/tsconfig.json +14 -0
package/server/data/threats.json +290 -0
package/server/index.js +142 -7
package/src/adapters/express.js +161 -0
package/src/adapters/index.js +92 -0
package/src/adapters/langchain.js +185 -0
package/src/approval/index.js +456 -0
package/src/ban-scanner.js +200 -0
package/src/boundary-scanner.js +296 -0
package/src/ci-scanner.js +279 -0
package/src/code-scanner.js +245 -0
package/src/enforce.js +166 -0
package/src/formatters/json.js +80 -0
package/src/formatters/sarif.js +388 -0
package/src/guardian/alerts.js +34 -3
package/src/guardian/index.js +41 -2
package/src/index.js +102 -0
package/src/integrations/agentmesh.js +501 -0
package/src/language-detector.js +201 -0
package/src/mcp-scanner.js +253 -0
package/src/multimodal/index.js +579 -0
package/src/obfuscation-scanner.js +457 -0
package/src/policy-engine.js +402 -0
package/src/scanners/dependency-attacks.js +128 -0
package/src/scanners/prompt-injection.js +18 -0
package/src/scanners/supply-chain.js +14 -0
package/src/templates/default-config.yml +90 -0
package/src/vuln-ops/exploitability.js +46 -0
package/src/watch/live-monitor.js +720 -0
package/clawmoat-0.8.0.tgz +0 -0
package/server/index.js.patch +0 -1

package/docs/services/get-started.html ADDED Viewed

@@ -0,0 +1,165 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<link rel="icon" type="image/png" href="/favicon.png">
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>You're In! — ClawMoat Setup</title>
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+:root{--navy:#0F172A;--navy-light:#1E293B;--emerald:#10B981;--blue:#3B82F6;--white:#F8FAFC;--gray:#94A3B8}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;background:var(--navy);color:var(--white);line-height:1.7;min-height:100vh;display:flex;align-items:center;justify-content:center}
+.container{max-width:720px;margin:0 auto;padding:40px 24px}
+h1{font-size:2.2rem;font-weight:800;margin-bottom:8px}
+h2{font-size:1.4rem;font-weight:700;margin:32px 0 16px;color:var(--emerald)}
+.check{font-size:3rem;margin-bottom:16px}
+.subtitle{color:var(--gray);font-size:1.1rem;margin-bottom:40px}
+.step{background:var(--navy-light);border:1px solid rgba(255,255,255,.06);border-radius:12px;padding:24px;margin-bottom:16px}
+.step h3{font-size:1.05rem;margin-bottom:8px;display:flex;align-items:center;gap:8px}
+.step p{color:var(--gray);font-size:.95rem}
+.num{background:var(--blue);color:#fff;width:28px;height:28px;border-radius:50%;display:inline-flex;align-items:center;justify-content:center;font-size:.85rem;font-weight:700;flex-shrink:0}
+code{background:rgba(59,130,246,.15);color:var(--blue);padding:3px 8px;border-radius:4px;font-size:.9rem}
+pre{background:var(--navy-light);border:1px solid rgba(255,255,255,.1);border-radius:8px;padding:16px;margin:12px 0;overflow-x:auto;font-size:.9rem;color:var(--emerald);cursor:pointer;position:relative}
+pre:hover::after{content:'📋 Click to copy';position:absolute;top:8px;right:12px;font-size:.75rem;color:var(--gray)}
+.btn{display:inline-flex;align-items:center;gap:8px;padding:14px 28px;border-radius:10px;font-weight:600;font-size:1rem;text-decoration:none;transition:all .2s;border:none;cursor:pointer}
+.btn-green{background:var(--emerald);color:#fff}
+.btn-green:hover{background:#059669;text-decoration:none}
+.btn-outline{background:transparent;color:var(--white);border:1.5px solid rgba(255,255,255,.15)}
+.btn-outline:hover{border-color:var(--blue);text-decoration:none}
+.plan-tabs{display:flex;gap:8px;margin-bottom:32px;flex-wrap:wrap}
+.plan-tab{padding:8px 20px;border-radius:8px;border:1px solid rgba(255,255,255,.1);color:var(--gray);cursor:pointer;font-size:.9rem;font-weight:600;transition:all .2s}
+.plan-tab.active{background:var(--emerald);color:#fff;border-color:var(--emerald)}
+.plan-tab:hover{border-color:var(--emerald)}
+.plan-content{display:none}
+.plan-content.active{display:block}
+.support-box{background:linear-gradient(135deg,rgba(59,130,246,.1),rgba(16,185,129,.1));border:1px solid rgba(16,185,129,.2);border-radius:12px;padding:24px;margin-top:32px;text-align:center}
+.support-box p{color:var(--gray);font-size:.95rem}
+.support-box a{color:var(--emerald)}
+</style>
+</head>
+<body>
+<div class="container">
+  <div class="check">✅</div>
+  <h1>You're in!</h1>
+  <p class="subtitle">Your payment went through. Here's exactly what to do next.</p>
+  <div class="plan-tabs">
+    <div class="plan-tab active" onclick="showPlan('diy')">DIY Kit</div>
+    <div class="plan-tab" onclick="showPlan('dfy')">Done-For-You</div>
+    <div class="plan-tab" onclick="showPlan('managed')">Managed</div>
+  </div>
+  <!-- DIY Kit -->
+  <div class="plan-content active" id="plan-diy">
+    <h2>DIY Install Kit — Get Running</h2>
+    <div class="step">
+      <h3><span class="num">1</span> Get Claude Max</h3>
+      <p>If you haven't already, sign up for Claude Max ($100/mo). This is the AI brain your agent uses.</p>
+      <a href="https://claude.ai/upgrade" class="btn btn-outline" style="margin-top:12px" target="_blank">Sign Up for Claude Max →</a>
+    </div>
+    <div class="step">
+      <h3><span class="num">2</span> Download the installer for your computer</h3>
+      <p>Click the button for your operating system. A file will download — just double-click it and it does everything automatically.</p>
+      <div style="display:flex;gap:12px;flex-wrap:wrap;margin-top:16px">
+        <a href="/services/downloads/install-openclaw.command" download class="btn btn-green" style="flex:1;justify-content:center;min-width:160px">🍎 Mac Installer</a>
+        <a href="/services/downloads/install-openclaw.bat" download class="btn btn-green" style="flex:1;justify-content:center;min-width:160px;background:var(--blue)">🪟 Windows Installer</a>
+        <a href="/services/downloads/install-openclaw.sh" download class="btn btn-green" style="flex:1;justify-content:center;min-width:160px;background:#7c3aed">🐧 Linux Installer</a>
+      </div>
+      <p style="color:var(--gray);font-size:.85rem;margin-top:12px"><strong>Mac users:</strong> If macOS says "can't be opened," right-click the file → Open → Open anyway.<br><strong>Windows users:</strong> Right-click the file → "Run as Administrator."</p>
+    </div>
+    <div class="step">
+      <h3><span class="num">3</span> Sign in to Claude</h3>
+      <p>At the end of the install, it will ask you to sign in. A browser window opens — log in with your Claude Max account. That's it.</p>
+    </div>
+    <div class="step">
+      <h3><span class="num">4</span> Message your bot!</h3>
+      <p>Open Slack, Telegram, or Discord and say hello to your new AI agent. It's running on your machine, secured by ClawMoat, ready to work. 🎉</p>
+    </div>
+    <div class="step">
+      <h3><span class="num">5</span> Need help?</h3>
+      <p>You have 7 days of support. Email <a href="mailto:hello@clawmoat.com" style="color:var(--blue)">hello@clawmoat.com</a> with any questions — we respond within a few hours.</p>
+    </div>
+  </div>
+  <!-- Done-For-You -->
+  <div class="plan-content" id="plan-dfy">
+    <h2>Done-For-You — We Handle Everything</h2>
+    <div class="step">
+      <h3><span class="num">1</span> Check your email</h3>
+      <p>We just sent you a welcome email at the address you used for checkout. It has a link to schedule your 30-minute setup session.</p>
+    </div>
+    <div class="step">
+      <h3><span class="num">2</span> Before the call, prepare these</h3>
+      <p>
+        • <strong>Claude Max</strong> — sign up at <a href="https://claude.ai/upgrade" style="color:var(--blue)">claude.ai/upgrade</a> ($100/mo)<br>
+        • <strong>Messaging bot</strong> — create a Slack, Telegram, or Discord bot (<a href="/services/pre-setup.html" style="color:var(--blue)">step-by-step guide</a>)<br>
+        • <strong>Machine ready</strong> — Mac, Windows PC, or Linux machine plugged in and connected to internet<br>
+        • <strong>Remote access</strong> — enable Remote Login (Mac) or SSH (Linux) so we can connect
+      </p>
+    </div>
+    <div class="step">
+      <h3><span class="num">3</span> We do the rest</h3>
+      <p>We connect remotely, install everything, configure your agent's personality, set up security, and test it live with you. Takes about 30 minutes.</p>
+    </div>
+    <div class="step">
+      <h3><span class="num">4</span> 30 days of support</h3>
+      <p>After setup, you have 30 days of priority support. Email <a href="mailto:hello@clawmoat.com" style="color:var(--blue)">hello@clawmoat.com</a> anytime.</p>
+    </div>
+  </div>
+  <!-- Managed -->
+  <div class="plan-content" id="plan-managed">
+    <h2>Managed Service — We Keep It Running</h2>
+    <div class="step">
+      <h3><span class="num">1</span> Check your email</h3>
+      <p>We sent you a welcome email with onboarding instructions and a link to schedule your initial setup call.</p>
+    </div>
+    <div class="step">
+      <h3><span class="num">2</span> What happens next</h3>
+      <p>
+        • We set up monitoring on your agent (uptime, health, errors)<br>
+        • We handle OpenClaw and ClawMoat updates automatically<br>
+        • Monthly optimization — we review and tune your agent's performance<br>
+        • Unlimited support via <a href="mailto:hello@clawmoat.com" style="color:var(--blue)">hello@clawmoat.com</a>
+      </p>
+    </div>
+    <div class="step">
+      <h3><span class="num">3</span> If something breaks</h3>
+      <p>We'll usually know before you do. If your agent goes offline, we get notified and fix it. For urgent issues, email us — priority response for managed customers.</p>
+    </div>
+  </div>
+  <div class="support-box">
+    <p>Questions? <a href="mailto:hello@clawmoat.com">hello@clawmoat.com</a> · We respond within a few hours.</p>
+    <p style="margin-top:8px"><a href="/services/" class="btn-outline" style="padding:8px 20px;border-radius:8px;font-size:.9rem">← Back to Services</a></p>
+  </div>
+</div>
+<script>
+function showPlan(id){
+  document.querySelectorAll('.plan-content').forEach(el=>el.classList.remove('active'));
+  document.querySelectorAll('.plan-tab').forEach(el=>el.classList.remove('active'));
+  document.getElementById('plan-'+id).classList.add('active');
+  event.target.classList.add('active');
+}
+// Auto-select plan based on URL hash
+const hash = window.location.hash.replace('#','');
+if(['diy','dfy','managed'].includes(hash)) showPlan(hash);
+</script>
+</body>
+</html>