clawzero 0.1.0__tar.gz

clawzero-0.1.0/LICENSE

@@ -0,0 +1,17 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+Copyright 2026 MVAR Security
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

clawzero-0.1.0/PKG-INFO

@@ -0,0 +1,192 @@
+Metadata-Version: 2.4
+Name: clawzero
+Version: 0.1.0
+Summary: Deterministic in-path execution boundary for OpenClaw agents
+Author-email: MVAR Security <security@mvar.dev>
+License: Apache-2.0
+Project-URL: Homepage, https://github.com/mvar-security/clawzero
+Project-URL: Documentation, https://github.com/mvar-security/clawzero/blob/main/README.md
+Project-URL: Repository, https://github.com/mvar-security/clawzero
+Project-URL: Issues, https://github.com/mvar-security/clawzero/issues
+Classifier: Development Status :: 2 - Pre-Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Provides-Extra: mvar
+Requires-Dist: mvar-security>=1.4.0; extra == "mvar"
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0.0; extra == "dev"
+Requires-Dist: pytest-cov>=4.0.0; extra == "dev"
+Requires-Dist: black>=23.0.0; extra == "dev"
+Requires-Dist: ruff>=0.1.0; extra == "dev"
+Requires-Dist: mypy>=1.8.0; extra == "dev"
+Dynamic: license-file
+
+# ClawZero
+
+[![CI](https://github.com/mvar-security/clawzero/actions/workflows/ci.yml/badge.svg)](https://github.com/mvar-security/clawzero/actions/workflows/ci.yml)
+[![Python 3.10+](https://img.shields.io/badge/python-3.10%2B-blue.svg)](https://www.python.org/downloads/)
+[![License: Apache-2.0](https://img.shields.io/badge/license-Apache%202.0-green.svg)](LICENSE)
+
+**ClawZero is a deterministic in-path enforcement substrate for OpenClaw agent flows.**
+
+ClawZero brings MVAR's execution boundary to OpenClaw agents.
+
+![ClawZero vs Standard OpenClaw](docs/assets/comparison.png)
+
+**Same input. Same agent. Different boundary.**
+
+ClawZero places a deterministic execution boundary between model output and tool execution. Powered by MVAR.
+ClawZero is not a model. It's a runtime firewall.
+It works with any LLM, any OpenClaw agent, any tool definition.
+
+SAME INPUT. SAME AGENT. DIFFERENT BOUNDARY.
+Standard OpenClaw executes the attack.
+MVAR blocks it deterministically.
+
+## 30-Second Quickstart
+
+```bash
+git clone https://github.com/mvar-security/clawzero
+cd clawzero
+pip install -e .
+clawzero demo openclaw --mode compare --scenario shell
+```
+
+Expected output:
+
+```text
+STANDARD OPENCLAW  →  COMPROMISED
+MVAR-PROTECTED     →  BLOCKED ✓
+Witness generated  →  YES
+```
+
+## Attack Demo Proof
+
+The attack demo is **proof of enforcement behavior**, not the product center.
+
+ClawZero is not a model-safety claim.
+It is an execution-boundary claim.
+
+## Security and Responsible Use
+
+ClawZero is a defensive security component designed to enforce execution
+boundaries for AI agents.
+
+The project includes attack demonstrations and adversarial scenarios in
+order to illustrate how prompt injection and untrusted inputs can reach
+high-privilege execution sinks.
+
+These demonstrations exist solely for defensive research and education.
+
+When using ClawZero or its demonstrations:
+
+- Only test systems you own or have explicit authorization to evaluate
+- Run demonstrations in sandboxed or isolated environments
+- Treat automated results as signals; verify findings manually
+
+ClawZero is designed to prevent exploitation, not enable it.
+
+The attack demonstrations show how enforcement works; they are not tools
+for performing real-world attacks.
+
+## Canonical Witness Artifact
+
+```json
+{
+  "timestamp": "2026-03-12T10:00:00Z",
+  "agent_runtime": "openclaw",
+  "sink_type": "shell.exec",
+  "target": "bash",
+  "decision": "block",
+  "reason_code": "UNTRUSTED_TO_CRITICAL_SINK",
+  "policy_id": "mvar-embedded.v0.1",
+  "engine": "embedded-policy-v0.1",
+  "provenance": {
+    "source": "external_document",
+    "taint_level": "untrusted",
+    "source_chain": ["external_document", "openclaw_tool_call"],
+    "taint_markers": ["prompt_injection", "external_content"]
+  },
+  "adapter": {
+    "name": "openclaw",
+    "mode": "event_intercept",
+    "framework": "openclaw"
+  },
+  "witness_signature": "ed25519_stub:abcd1234ef567890"
+}
+```
+
+## What ClawZero Is / Is Not
+
+**ClawZero is:**
+
+- An in-path runtime enforcement substrate
+- Deterministic sink policy evaluation at execution time
+- A signed witness artifact generator for auditability
+
+**ClawZero is not:**
+
+- A red-team toolkit
+- An attack simulation platform first
+- An LLM-as-judge safety layer
+
+## CLI
+
+Command families map to enforcement jobs:
+
+- `clawzero demo` - run side-by-side enforcement proof demos
+- `clawzero witness` - inspect and validate witness artifacts
+- `clawzero audit` - evaluate deterministic decisions for sink requests
+- `clawzero attack` - replay known attack scenarios as enforcement proofs
+
+## OpenClaw Attack Demo
+
+Run the side-by-side comparison:
+
+```bash
+clawzero demo openclaw --mode compare --scenario shell
+clawzero demo openclaw --mode compare --scenario credentials
+clawzero demo openclaw --mode compare --scenario benign
+```
+
+## Zero-Config API
+
+```python
+from clawzero import protect
+
+safe_tool = protect(my_tool, sink="filesystem.read", profile="prod_locked")
+```
+
+## Policy Profiles
+
+| Sink Type             | dev_balanced                                  | dev_strict                            | prod_locked                                |
+|----------------------|-----------------------------------------------|----------------------------------------|---------------------------------------------|
+| `shell.exec`         | block                                         | block                                  | block                                       |
+| `filesystem.read`    | allow, block `/etc/**`, `~/.ssh/**`           | block, allow `/workspace/**`           | block, allow `/workspace/project/**`        |
+| `filesystem.write`   | allow, block `/etc/**`, `~/.ssh/**`           | block, allow `/workspace/**`           | block, allow `/workspace/project/**`        |
+| `credentials.access` | block                                         | block                                  | block                                       |
+| `http.request`       | allow                                         | allow mode + block all domains         | allow mode + allow `localhost`              |
+| `tool.custom`        | allow                                         | annotate                               | allow                                       |
+
+## Powered by MVAR
+
+- MVAR repository: https://github.com/mvar-security/mvar
+- ClawZero is the OpenClaw adapter for MVAR
+- MVAR is the enforcement engine behind ClawZero policy decisions
+
+The MVAR execution governance model is:
+
+- Filed as provisional patent (February 24, 2026, 24 claims)
+- Submitted to NIST RFI Docket NIST-2025-0035
+- Published as preprint on SSRN (February 2026)
+
+## License
+
+Apache 2.0

clawzero-0.1.0/README.md

@@ -0,0 +1,162 @@
+# ClawZero
+
+[![CI](https://github.com/mvar-security/clawzero/actions/workflows/ci.yml/badge.svg)](https://github.com/mvar-security/clawzero/actions/workflows/ci.yml)
+[![Python 3.10+](https://img.shields.io/badge/python-3.10%2B-blue.svg)](https://www.python.org/downloads/)
+[![License: Apache-2.0](https://img.shields.io/badge/license-Apache%202.0-green.svg)](LICENSE)
+
+**ClawZero is a deterministic in-path enforcement substrate for OpenClaw agent flows.**
+
+ClawZero brings MVAR's execution boundary to OpenClaw agents.
+
+![ClawZero vs Standard OpenClaw](docs/assets/comparison.png)
+
+**Same input. Same agent. Different boundary.**
+
+ClawZero places a deterministic execution boundary between model output and tool execution. Powered by MVAR.
+ClawZero is not a model. It's a runtime firewall.
+It works with any LLM, any OpenClaw agent, any tool definition.
+
+SAME INPUT. SAME AGENT. DIFFERENT BOUNDARY.
+Standard OpenClaw executes the attack.
+MVAR blocks it deterministically.
+
+## 30-Second Quickstart
+
+```bash
+git clone https://github.com/mvar-security/clawzero
+cd clawzero
+pip install -e .
+clawzero demo openclaw --mode compare --scenario shell
+```
+
+Expected output:
+
+```text
+STANDARD OPENCLAW  →  COMPROMISED
+MVAR-PROTECTED     →  BLOCKED ✓
+Witness generated  →  YES
+```
+
+## Attack Demo Proof
+
+The attack demo is **proof of enforcement behavior**, not the product center.
+
+ClawZero is not a model-safety claim.
+It is an execution-boundary claim.
+
+## Security and Responsible Use
+
+ClawZero is a defensive security component designed to enforce execution
+boundaries for AI agents.
+
+The project includes attack demonstrations and adversarial scenarios in
+order to illustrate how prompt injection and untrusted inputs can reach
+high-privilege execution sinks.
+
+These demonstrations exist solely for defensive research and education.
+
+When using ClawZero or its demonstrations:
+
+- Only test systems you own or have explicit authorization to evaluate
+- Run demonstrations in sandboxed or isolated environments
+- Treat automated results as signals; verify findings manually
+
+ClawZero is designed to prevent exploitation, not enable it.
+
+The attack demonstrations show how enforcement works; they are not tools
+for performing real-world attacks.
+
+## Canonical Witness Artifact
+
+```json
+{
+  "timestamp": "2026-03-12T10:00:00Z",
+  "agent_runtime": "openclaw",
+  "sink_type": "shell.exec",
+  "target": "bash",
+  "decision": "block",
+  "reason_code": "UNTRUSTED_TO_CRITICAL_SINK",
+  "policy_id": "mvar-embedded.v0.1",
+  "engine": "embedded-policy-v0.1",
+  "provenance": {
+    "source": "external_document",
+    "taint_level": "untrusted",
+    "source_chain": ["external_document", "openclaw_tool_call"],
+    "taint_markers": ["prompt_injection", "external_content"]
+  },
+  "adapter": {
+    "name": "openclaw",
+    "mode": "event_intercept",
+    "framework": "openclaw"
+  },
+  "witness_signature": "ed25519_stub:abcd1234ef567890"
+}
+```
+
+## What ClawZero Is / Is Not
+
+**ClawZero is:**
+
+- An in-path runtime enforcement substrate
+- Deterministic sink policy evaluation at execution time
+- A signed witness artifact generator for auditability
+
+**ClawZero is not:**
+
+- A red-team toolkit
+- An attack simulation platform first
+- An LLM-as-judge safety layer
+
+## CLI
+
+Command families map to enforcement jobs:
+
+- `clawzero demo` - run side-by-side enforcement proof demos
+- `clawzero witness` - inspect and validate witness artifacts
+- `clawzero audit` - evaluate deterministic decisions for sink requests
+- `clawzero attack` - replay known attack scenarios as enforcement proofs
+
+## OpenClaw Attack Demo
+
+Run the side-by-side comparison:
+
+```bash
+clawzero demo openclaw --mode compare --scenario shell
+clawzero demo openclaw --mode compare --scenario credentials
+clawzero demo openclaw --mode compare --scenario benign
+```
+
+## Zero-Config API
+
+```python
+from clawzero import protect
+
+safe_tool = protect(my_tool, sink="filesystem.read", profile="prod_locked")
+```
+
+## Policy Profiles
+
+| Sink Type             | dev_balanced                                  | dev_strict                            | prod_locked                                |
+|----------------------|-----------------------------------------------|----------------------------------------|---------------------------------------------|
+| `shell.exec`         | block                                         | block                                  | block                                       |
+| `filesystem.read`    | allow, block `/etc/**`, `~/.ssh/**`           | block, allow `/workspace/**`           | block, allow `/workspace/project/**`        |
+| `filesystem.write`   | allow, block `/etc/**`, `~/.ssh/**`           | block, allow `/workspace/**`           | block, allow `/workspace/project/**`        |
+| `credentials.access` | block                                         | block                                  | block                                       |
+| `http.request`       | allow                                         | allow mode + block all domains         | allow mode + allow `localhost`              |
+| `tool.custom`        | allow                                         | annotate                               | allow                                       |
+
+## Powered by MVAR
+
+- MVAR repository: https://github.com/mvar-security/mvar
+- ClawZero is the OpenClaw adapter for MVAR
+- MVAR is the enforcement engine behind ClawZero policy decisions
+
+The MVAR execution governance model is:
+
+- Filed as provisional patent (February 24, 2026, 24 claims)
+- Submitted to NIST RFI Docket NIST-2025-0035
+- Published as preprint on SSRN (February 2026)
+
+## License
+
+Apache 2.0

clawzero-0.1.0/pyproject.toml

@@ -0,0 +1,62 @@
+[build-system]
+requires = ["setuptools>=61.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "clawzero"
+version = "0.1.0"
+description = "Deterministic in-path execution boundary for OpenClaw agents"
+readme = "README.md"
+requires-python = ">=3.10"
+license = {text = "Apache-2.0"}
+authors = [
+    {name = "MVAR Security", email = "security@mvar.dev"}
+]
+classifiers = [
+    "Development Status :: 2 - Pre-Alpha",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: Apache Software License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+]
+
+dependencies = []
+
+[project.optional-dependencies]
+mvar = [
+    "mvar-security>=1.4.0",
+]
+
+dev = [
+    "pytest>=7.0.0",
+    "pytest-cov>=4.0.0",
+    "black>=23.0.0",
+    "ruff>=0.1.0",
+    "mypy>=1.8.0",
+]
+
+
+[project.scripts]
+clawzero = "clawzero.cli:main"
+
+[project.urls]
+Homepage = "https://github.com/mvar-security/clawzero"
+Documentation = "https://github.com/mvar-security/clawzero/blob/main/README.md"
+Repository = "https://github.com/mvar-security/clawzero"
+Issues = "https://github.com/mvar-security/clawzero/issues"
+
+[tool.setuptools]
+package-dir = {"" = "src"}
+
+[tool.setuptools.packages.find]
+where = ["src"]
+
+[tool.black]
+line-length = 100
+target-version = ['py39']
+
+[tool.ruff]
+line-length = 100
+target-version = "py39"

clawzero-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

clawzero-0.1.0/src/clawzero/__init__.py

@@ -0,0 +1,69 @@
+"""
+ClawZero - Execution Firewall for AI Agents
+
+ClawZero wraps AI agent tools with MVAR runtime governance,
+blocking attacker-influenced executions at critical sinks.
+
+Example usage:
+    from clawzero import protect
+
+    def read_file(path: str) -> str:
+        with open(path) as f:
+            return f.read()
+
+    safe_read = protect(read_file, sink="filesystem.read", profile="prod_locked")
+
+    # Blocked: /etc/passwd is in blocklist
+    try:
+        safe_read("/etc/passwd")
+    except ExecutionBlocked as e:
+        print(f"Blocked: {e.decision.human_reason}")
+
+    # Allowed: /workspace is in allowlist
+    content = safe_read("/workspace/data.txt")
+"""
+
+__version__ = "0.1.0"
+__author__ = "MVAR Security"
+__license__ = "Apache-2.0"
+
+from clawzero.contracts import ActionDecision, ActionRequest
+from clawzero.adapters import OpenClawAdapter
+from clawzero.exceptions import (
+    ClawZeroConfigError,
+    ClawZeroError,
+    ClawZeroRuntimeError,
+    ExecutionBlocked,
+    UnsupportedFrameworkError,
+)
+from clawzero.protect import protect
+from clawzero.runtime import MVARRuntime
+from clawzero.witness import (
+    WitnessGenerator,
+    generate_witness,
+    get_witness_generator,
+    set_witness_output_dir,
+)
+
+__all__ = [
+    # Core API
+    "protect",
+    "MVARRuntime",
+    "OpenClawAdapter",
+    # Contracts
+    "ActionRequest",
+    "ActionDecision",
+    # Exceptions
+    "ExecutionBlocked",
+    "ClawZeroError",
+    "ClawZeroConfigError",
+    "ClawZeroRuntimeError",
+    "UnsupportedFrameworkError",
+    # Witness generation
+    "WitnessGenerator",
+    "generate_witness",
+    "get_witness_generator",
+    "set_witness_output_dir",
+    # Adapters (optional import)
+    "adapters",
+]

clawzero-0.1.0/src/clawzero/adapters/__init__.py

@@ -0,0 +1,9 @@
+"""
+ClawZero Adapters
+
+Framework-specific adapters for integrating ClawZero with different AI agent systems.
+"""
+
+from clawzero.adapters.openclaw import OpenClawAdapter
+
+__all__ = ["OpenClawAdapter"]