Metadata-Version: 2.4
Name: boxclaw
Version: 0.1.0
Summary: Lean-verified multi-agent sandboxing for OpenClaw and NemoClaw
Author-email: Certior Team <team@certior.io>
Project-URL: Homepage, https://github.com/certior/boxclaw
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Requires-Python: >=3.9
Description-Content-Type: text/markdown
Requires-Dist: PyJWT>=2.0

# BoxClaw SDK
**Provable Defense in Depth for Autonomous Agents**

The `boxclaw` SDK acts as the execution-environment boundary for LLMs operating inside NemoClaw scripts. By wrapping standard Python operations in our native OS-Hooks (`sys.addaudithook`), any AI acting through the functions decorated with our `@nemoclaw_guardrail` must provide a mathematical proof that its intended behavior adheres to local security invariants.

### Usage
```python
from boxclaw import nemoclaw_guardrail

# Bind directly between your Agent framework and Certior Platform
@nemoclaw_guardrail(agent_id="bot-01", required_capabilities=["network_send"])
def fetch_from_web():
    # If the network boundary token is approved, this works
    ...

@nemoclaw_guardrail(agent_id="bot-02", required_capabilities=["network_send"])
def bad_agent_action():
    # Because bot-02 lacked "write_fs" capabilities, the following OS call is blocked deterministically.
    with open("hacked.txt", "w") as f:
         f.write("...")
```
