Metadata-Version: 2.4
Name: getclaw
Version: 0.1.0
Summary: Clawrence — AI agent security framework. Any model, full audit trail, fail-closed by default.
Project-URL: Homepage, https://proclaw.dev
Project-URL: Repository, https://github.com/proclaw/proclaw
Project-URL: Documentation, https://proclaw.dev/docs
Project-URL: Changelog, https://github.com/proclaw/proclaw/blob/main/CHANGELOG.md
Project-URL: Bug Tracker, https://github.com/proclaw/proclaw/issues
Author: ProClaw Team
License: Proprietary
License-File: LICENSE
Keywords: agent,ai,audit,dlp,llm,openclaw,policy,security
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: Other/Proprietary License
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
Classifier: Typing :: Typed
Requires-Python: >=3.11
Requires-Dist: aiohttp>=3.9.0
Requires-Dist: aiosqlite>=0.19.0
Requires-Dist: click>=8.1.0
Requires-Dist: cryptography>=41.0.0
Requires-Dist: duckduckgo-search>=6.0.0
Requires-Dist: fastapi>=0.104.0
Requires-Dist: grpcio-tools>=1.60.0
Requires-Dist: grpcio>=1.60.0
Requires-Dist: httpx>=0.25.0
Requires-Dist: litellm>=1.30.0
Requires-Dist: pydantic-settings>=2.0.0
Requires-Dist: pydantic>=2.0.0
Requires-Dist: python-jose[cryptography]>=3.3.0
Requires-Dist: pyyaml>=6.0.0
Requires-Dist: redis>=5.0.0
Requires-Dist: rich>=13.0.0
Requires-Dist: structlog>=23.2.0
Requires-Dist: uvicorn[standard]>=0.24.0
Provides-Extra: all
Requires-Dist: proclaw[audit,dlp,enterprise,identity,interceptor,memory,network,policy,sandbox,tokenizer]; extra == 'all'
Provides-Extra: audit
Requires-Dist: alembic>=1.13.0; extra == 'audit'
Requires-Dist: asyncpg>=0.29.0; extra == 'audit'
Requires-Dist: sqlalchemy[asyncio]>=2.0.0; extra == 'audit'
Provides-Extra: dev
Requires-Dist: httpx>=0.25.0; extra == 'dev'
Requires-Dist: mypy>=1.7.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
Requires-Dist: pytest-cov>=4.1.0; extra == 'dev'
Requires-Dist: pytest-timeout>=2.2.0; extra == 'dev'
Requires-Dist: pytest>=7.4.0; extra == 'dev'
Requires-Dist: ruff>=0.1.0; extra == 'dev'
Provides-Extra: dlp
Requires-Dist: presidio-analyzer>=2.2.0; extra == 'dlp'
Requires-Dist: presidio-anonymizer>=2.2.0; extra == 'dlp'
Requires-Dist: spacy>=3.7.0; extra == 'dlp'
Provides-Extra: enterprise
Requires-Dist: python-jose[cryptography]>=3.3.0; extra == 'enterprise'
Requires-Dist: python-saml>=1.16.0; extra == 'enterprise'
Provides-Extra: identity
Requires-Dist: bcrypt<5.0.0,>=4.0.0; extra == 'identity'
Requires-Dist: passlib[bcrypt]>=1.7.4; extra == 'identity'
Requires-Dist: python-jose[cryptography]>=3.3.0; extra == 'identity'
Provides-Extra: interceptor
Requires-Dist: grpcio>=1.60.0; extra == 'interceptor'
Provides-Extra: memory
Requires-Dist: lancedb>=0.4.0; extra == 'memory'
Requires-Dist: pyarrow>=14.0.0; extra == 'memory'
Requires-Dist: sentence-transformers>=2.3.0; extra == 'memory'
Provides-Extra: network
Requires-Dist: jinja2>=3.1.0; extra == 'network'
Requires-Dist: pyyaml>=6.0.0; extra == 'network'
Provides-Extra: policy
Requires-Dist: jsonschema>=4.20.0; extra == 'policy'
Requires-Dist: pyyaml>=6.0.0; extra == 'policy'
Provides-Extra: sandbox
Requires-Dist: docker>=7.0.0; extra == 'sandbox'
Requires-Dist: psutil>=5.9.0; extra == 'sandbox'
Provides-Extra: tokenizer
Requires-Dist: tiktoken>=0.7.0; extra == 'tokenizer'
Description-Content-Type: text/markdown

# ProClaw

![CI](https://img.shields.io/github/actions/workflow/status/proclaw/proclaw/ci.yml?branch=main&label=CI) ![PyPI](https://img.shields.io/pypi/v/proclaw) ![License](https://img.shields.io/badge/license-proprietary-lightgrey) ![Python](https://img.shields.io/pypi/pyversions/proclaw)

**Secure runtime for OpenClaw agents. Any model, full audit trail, fail-closed by default.**

ProClaw is a security wrapper around [OpenClaw](https://github.com/openclaw) that intercepts every tool call your agent makes and enforces policy before execution. It supports 10 model providers -- so if you're blocked by Anthropic or want cheaper inference, you can switch to DeepSeek, MiniMax, Together AI, Mistral, Gemini, Qwen, Llama, Ollama, OpenAI, or Azure OpenAI with one command.

## Features

### Security Stack (SteelClaw 8-Layer)
- **5-Level Security Mode** — Safe → Strict → Guarded → Balanced → Autonomous
- **Policy Engine** — tool allowlists, filesystem permissions, network domain control, rate limits, time policies
- **HITL Approval** — human-in-the-loop for risky tool calls (CLI interactive, dashboard, mobile push)
- **DLP Engine** — Presidio + spaCy NER, regex patterns, credential detection, content redaction
- **Audit Ledger** — hash-chained tamper-evident event log with SQLite persistence
- **Intent-Based Security** — zero-trust middleware scoring agent intent (Launch 2)
- **Shell Scanner** — 7-threat classification for shell commands
- **Sub-Agent Security** — permission intersection (child ⊆ parent)

### Agent Runtime
- **Response Streaming** — token-by-token output in CLI and SSE for dashboard/channels
- **Typing Indicators** — progress events at every stage (thinking, tool execution, completion)
- **Tool Execution Progress** — real-time SSE events: tool.started, tool.completed, tool.denied
- **Context Management** — sliding window + priority strategies with visible trimming notifications
- **Tool Caching** — TTL-based caching for repeated tool calls
- **Retry with Escalation** — exponential backoff with HITL escalation on repeated failures
- **Credential Scrubbing** — 8 regex patterns + exact match redaction on all tool output
- **Prompt Injection Defense** — input/output scanning for injection attempts

### Sessions & Memory
- **Conversation Sessions** — SQLite-persisted multi-turn conversations across runs
- **Semantic Memory** — LanceDB embeddings with automatic fact extraction and retrieval
- **Session Management** — list, switch, delete, compact sessions from CLI

### CLI
- **Interactive Chat** — `proclaw chat` REPL with streaming, sessions, history
- **Model Management** — `proclaw models list`, `proclaw models recommend`, `proclaw models info`
- **Diagnostics** — `proclaw doctor` checks Python, deps, config, providers, disk, DB
- **Skill Management** — `proclaw skill install|list|info|remove|enable|disable|scan|verify`
- **Memory Management** — `proclaw memory list|search|add|forget|clear|stats`
- **Agent Control** — `proclaw kill` for graceful stop during runs
- **Channel Management** — `proclaw channels setup|start|stop|status|login`

### Messaging Channels
- **Telegram** — grammY adapter with inline buttons, streaming via message edits, silent messages, push debounce
- **WhatsApp** — Baileys adapter with read receipts, QR pairing, text-based approval
- **Discord** — discord.js adapter with button components, thread-per-run
- **Channel Bridge** — Node.js sidecar on port 9200, typing indicators, ack reactions, response pacing, welcome tour

### Dashboard
- **Real-Time Monitoring** — live activity feed, approval queue, threat detection (wired to SQLite)
- **Execution Replay** — timeline view with play/pause, hash chain verification
- **PWA Support** — installable, service worker caching, push notifications, offline indicator
- **Preview Badges** — Launch 2 features clearly labeled with amber "Preview" banners

### Model Support
- 10 providers: DeepSeek, Together, Anthropic, OpenAI, Google, Mistral, Ollama, MiniMax, Qwen, Azure
- Model aliases: `opus`, `sonnet`, `deepseek`, `minimax`, etc.
- Cost/quality comparison: `proclaw models recommend`

## Install

```bash
pip install proclaw
proclaw setup
```

The setup wizard prompts you to pick a model provider and enter your API key. Then you're ready to run agents:

```bash
proclaw run agent.yaml -p "Read README.md and summarize it"
```

See the [Quickstart Guide](docs/quickstart.md) for the full walkthrough.

## Why ProClaw?

OpenClaw gives agents powerful tools: file access, shell execution, browser control, API calls. Those tools are useful -- and dangerous. A misconfigured agent can exfiltrate data, delete files, or rack up unbounded API costs.

ProClaw sits between the agent and those tools. It reads a YAML manifest that declares what the agent is permitted to do, and denies everything else. The policy engine is fail-closed: if it can't reach a verdict, the answer is deny.

Every decision is recorded in an immutable, hash-chained audit log. You can verify the integrity of the chain at any time, and export it for compliance.

And because ProClaw is model-agnostic, you're never locked into a single provider. If Anthropic blocks your use case, switch to any of 10 supported providers in one command and keep running.

## Documentation

| Document | Description |
|----------|-------------|
| [Quickstart](docs/quickstart.md) | 3-minute setup guide |
| [Model Comparison](docs/model-comparison.md) | Provider comparison table -- cost, speed, tool-calling quality |
| [Agent Manifest Reference](docs/agent-manifest-reference.md) | Every field in `agent.yaml` explained |

## Architecture: SteelClaw 8-Layer Stack

```
L7  Operator Control Plane    --> dashboard/
L6  DLP Engine                --> dlp/
L5  Audit Ledger              --> audit/
L4  Network Enforcement       --> network/
L3  Zero-Trust Policy         --> policy_engine/, identity/
L2  Secure Runtime            --> interceptor/
L1  Model Isolation           --> sandbox/
L0  Deployment                --> deploy/
```

Every agent action passes through these layers. The Interceptor (L2) captures every OpenClaw tool call and routes it through the policy engine (L3) before allowing execution.

## CLI Commands

```bash
proclaw setup                          # Interactive provider + API key wizard
proclaw config show                    # View current configuration
proclaw config set model <provider>    # Switch model provider
proclaw config set security-mode <lvl> # Set default security level
proclaw health                         # Check provider connectivity
proclaw doctor                         # Full diagnostic check
proclaw models list                    # Provider compatibility matrix
proclaw models recommend               # Best model recommendation
proclaw models info <provider>         # Detailed provider info
proclaw run agent.yaml -p "prompt"     # Run agent with manifest
proclaw run agent.yaml -p "prompt" --security-mode guarded --stream
proclaw chat agent.yaml -s my-session  # Interactive chat mode
proclaw sessions list                  # List conversation sessions
proclaw sessions delete <name>         # Delete a session
proclaw sessions compact <name>        # Remove old messages
proclaw kill                           # Stop running agent
proclaw skill list                     # List installed skills
proclaw skill install <path>           # Install from directory
proclaw skill scan <path>              # Security scan without install
proclaw memory list                    # List stored memories
proclaw memory search "query"          # Semantic search
proclaw memory add "fact"              # Remember a fact
proclaw channels setup                 # Configure messaging channels
proclaw channels start                 # Start channel bridge
```

## Project Structure

```
ProClaw/
├── contracts/         Frozen integration interfaces (7 Protocols + 35 types)
├── interceptor/       OpenClaw tool call interception
├── sandbox/           Firecracker/gVisor/WASM isolation
├── network/           Envoy sidecar + DNS filtering
├── identity/          SPIFFE/SPIRE + Vault
├── policy_engine/     OPA + manifest + rate limits
├── dlp/               Presidio PII + spaCy NER
├── audit/             Hash-chained immutable ledger
├── dashboard/         Next.js operator UI
├── deploy/            Helm + Terraform + air-gap
├── enterprise/        SSO + RBAC + workspaces
├── lib/               Reference modules (zero_trust, streaming, etc.)
└── docs/              Documentation
```

## Development

```bash
# Python environment
python -m venv .venv
source .venv/bin/activate  # or .venv\Scripts\activate on Windows
pip install -e ".[dev]"

# Run tests
pytest tests/ -v

# Dashboard
cd dashboard && npm install && npm run dev

# Full stack (Docker)
docker-compose up -d
```

## License

Proprietary. All rights reserved.
