Skip to content

ChainProofAI/chainproof-audit-openclaw

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
__tests__
__tests__
 
 
HOOK.md
HOOK.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.ts
index.ts
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

⬡ chainproof-audit  ×  🦞 OpenClaw

An OpenClaw hook that gives every AI session a tamper-evident provenance record on ChainProof.

Every message received, tool called, and response sent is appended to a SHA-256 hash-chained ledger. Session close triggers a blockchain anchor via OpenTimestamps. If any logged entry is edited after the fact, the chain head changes — detectable by anyone who recorded it at write time.

No changes to your existing OpenClaw setup. No new dependencies in your skills.

What gets logged

OpenClaw event ChainProof entry
command:new Opens a new chain (POST /v1/chains)
message:received human_event — type input, content hash
after_tool_call action — tool name, input hash, output hash
message:sent decision — rationale agent_response, response hash
command:stop Completes the chain (status: completed)
command:reset Completes the chain (status: cancelled)

Content hashes are SHA-256 of the message or tool payload. The actual content is never sent to ChainProof unless you opt in — see Privacy below.

Prerequisites

  • OpenClaw installed and running
  • A ChainProof account (free tier covers 500 sessions/month)
  • A cp_live_… API key from your ChainProof dashboard → Settings → API Keys
  • Node.js ≥ 22

Installation

git clone https://github.com/ChainProofAI/chainproof-audit-openclaw \
  ~/.openclaw/hooks/chainproof-audit

The hook is picked up automatically by the OpenClaw gateway on next start. It applies to all workspaces and agents — no per-skill configuration needed, and skills cannot opt out.

Configuration

Set these in your shell environment or OpenClaw gateway config:

Variable Required Description
CHAINPROOF_API_KEY Yes Your cp_live_… API key
CHAINPROOF_STORE_CONTENT No Set to true to store full message and tool result bodies as artifacts in ChainProof R2. Without this, only hashes are sent — message content stays on-device. 
# Minimum required
export CHAINPROOF_API_KEY=cp_live_...

# Optional — opt in to full content storage
export CHAINPROOF_STORE_CONTENT=true

Privacy

By default, message bodies and tool results never leave your machine. ChainProof receives:

  • Tool names and call status
  • SHA-256 hashes of messages and tool payloads
  • Timestamps and session metadata

The audit skeleton — a tamper-evident record of what happened — is complete without content. You can independently verify that the log hasn't changed without ever sending message text to ChainProof.

Set CHAINPROOF_STORE_CONTENT=true only if your organization's data policy permits storing conversation content in a third-party cloud. When enabled, full bodies are stored in ChainProof R2, content-addressed by SHA-256 — the ledger references them by hash, not a mutable pointer.

What ChainProof proves

ChainProof records what this hook reports. It does not independently verify that your agent told the truth.

It proves:

  • Logged entries have not been altered since they were written
  • The sequence of events has not been reordered or deleted (hash chain breaks if it is)
  • A specific message or tool payload existed at a given time (via content hash)

It does not prove:

  • That your agent behaved correctly at its real-world goal
  • That every event was captured — a skill that bypasses the hook would not appear in the ledger
  • That ChainProof itself hasn't altered records (only the Bitcoin anchor closes that gap)

How it works

The hook is a standard OpenClaw hook — a TypeScript module with a default async function that receives OpenClawEvent objects. It maintains a sessions map (sessionKey → chain_id) for the lifetime of the gateway process and fires API calls to https://api.chainproof.ai/v1 via the @chainproof/sdk client.

The hook is designed to never block or throw into OpenClaw. All errors are caught and logged to stderr. after_tool_call and message:received/message:sent entries are fire-and-forget — a ChainProof outage does not interrupt your AI session.

Verifying a session

After a session ends, find the chain in your ChainProof dashboard or via the API:

curl -s https://api.chainproof.ai/v1/chains/{chain_id}/verify \
  -H "Authorization: Bearer $CHAINPROOF_API_KEY"
# → { "valid": true, "entry_count": 12, "chain_head": "a3f9..." }

A Bitcoin-anchored proof is available once the chain is confirmed (typically within an hour):

curl -s https://api.chainproof.ai/v1/chains/{chain_id}/anchor
curl -s https://api.chainproof.ai/v1/chains/{chain_id}/anchor/proof \
  --output proof.ots

Full setup guide

chainproof.ai/docs#openclaw

License

MIT — see LICENSE

About

ChainProof audit hook for OpenClaw — tamper-evident provenance for every AI session

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages