ClawSeal v1.1.5 — Hotfix: Dashboard Import Error

Fixed

• Critical: Fixed ModuleNotFoundError: No module named 'clawseal_core' in dashboard when installed from PyPI
  • Dashboard app.py was importing from source directory name (clawseal_core) instead of installed package name (clawseal)
  • Changed import to: from clawseal.memory.scroll_memory_store import ScrollMemoryStore
  • Dashboard now works correctly in both dev and PyPI-installed environments
  • Bug affected all users installing from PyPI who ran clawseal-quickstart

Notes

• Hotfix release — No new features, only fixes packaging bug introduced in 1.1.4
• If you installed 1.1.4 and experienced the import error, upgrade to 1.1.5: pip install --upgrade clawseal

---

Install: pip install --upgrade --no-cache-dir clawseal
Test: clawseal-quickstart

ClawSeal v1.1.4 — Interactive Dashboard + Health Check CLI

Added

CLI Commands

• clawseal-quickstart — One-command interactive demo with live visualization

  • Starts Flask dashboard server on port 8080
  • Auto-opens browser to dashboard interface
  • Runs Layer 1/2/3 demos with real-time WebSocket updates
  • Auto-generates QSEAL_SECRET in demo mode (with production warning)
  • Zero configuration required for first-time users

• clawseal-doctor — Health check diagnostics following Microsoft AGT pattern

  • 8 diagnostic checks: Python version, ClawSeal core, PyYAML, Flask, Flask-Sock, QSEAL mode, OpenSSL, dashboard server
  • Color-coded status indicators: ✅ passed, ⚠️ warnings, ❌ failed
  • Production-ready environment validation
  • Exit codes for CI/CD integration

Dashboard System

• Live Flask + WebSocket Dashboard — Real-time demo visualization

  • Dark terminal aesthetic optimized for 1080p screen recording
  • Three-panel layout: Layer 1 (drift), Layer 2 (scrolls), Layer 3 (verification)
  • WebSocket streaming for real-time updates (no polling)
  • Layer 1: Drift animates from 100% (red "NO PROTECTION") → 0% (green "PROTECTED") over 3 seconds
  • Layer 2: Scroll creation feed with QSEAL signatures appearing one-by-one
  • Layer 3: Chain verification status with circular progress indicator
  • Health check endpoint: GET /health

• Dashboard UI Components

  • Neon green "CLAWSEAL" header with pulsing "VERIFIED" badge
  • Color scheme: #0a0e14 background, #ff6b6b → #39ff14 drift gradient, #4ecdc4 scroll accent
  • Real-time connection status: "CONNECTING" → "LIVE"
  • Auto-generated demo scrolls at runtime (no hardcoded data)

Dependencies

• Added Flask >= 3.0 — Web framework for dashboard server
• Added flask-sock >= 0.7.0 — WebSocket support for real-time updates

Changed

• Dashboard demo data now generated at runtime instead of hardcoded fixtures
• QSEAL_SECRET auto-generation includes production security warning
• Package size optimized to 33KB wheel (lean distribution)

Documentation

• Added inline documentation for dashboard WebSocket protocol
• CLI commands include built-in help text and usage examples

Notes

• No breaking changes from 1.1.3
• Backward compatible with existing ScrollMemoryStore API
• Demo mode is non-persistent (generates fresh data on each run)
• Production mode requires explicit QSEAL_SECRET environment variable

---

Install: pip install clawseal==1.1.4
Try it: clawseal-quickstart

ClawSeal v1.0.0 — Cryptographic Memory for AI Agents

ClawSeal v1.0.0

Stateless LLMs become stateful agents with tamper-evident memory, zero database dependencies.

---

What's New

Initial public release of ClawSeal — Scroll-Native Memory Architecture (SIP-0006) for AI agents.

Key Features

• Scroll-native YAML storage — Human-readable memory files with QSEAL signatures
• HMAC-SHA256 tamper-evidence — Every memory cryptographically signed and chain-linked
• Text-based semantic search — Keyword matching with weighted scoring (no embeddings required)
• Zero database dependencies — No ChromaDB, no vector databases, just PyYAML
• Fail-closed security — Missing QSEAL_SECRET = hard error (no silent fallbacks)

Proven Claims

All claims verified with timestamped ground truth artifacts (April 14, 2026):

Claim	Status
AI agents without ClawSeal drift 100% (complete amnesia)	✅ Proven
ClawSeal maintains 0% drift (perfect memory continuity)	✅ Proven
QSEAL signatures provide cryptographic proof	✅ Proven

See demo/expected_outputs/ for all proof artifacts.

---

Installation

# Clone repository
git clone https://github.com/mvar-security/ClawSeal.git
cd ClawSeal

# Run setup script (auto-generates QSEAL_SECRET)
./setup.sh

# Run three-layer demo
./run_full_demo.sh

Total dependencies: PyYAML (that's it)

---

Security Fixes (Pre-Release)

Three critical security fixes applied before v1.0.0 release:

1. Chain Verification Bug — Added qseal_prev_signature to excluded_fields in verify_signature()
2. Silent Dev Secret Fallback — Removed weak default, fail-closed error enforced
3. Legacy Insecure Signing Path — Deprecated sha256(payload+secret), HMAC-SHA256 only

All fixes documented in CHANGELOG.md.

---

Documentation

• README.md — Complete installation and usage guide
• SIP_0006_SCROLL_NATIVE_MEMORY.md — Full specification
• CLAIMS_REGISTRY.md — 28 verifiable claims with proof artifacts
• SECURITY.md — Responsible disclosure process, QSEAL_SECRET handling
• THREAT_MODEL.md — Attack surface analysis
• CLAWHUB.md — ClawHub submission guide

---

What This Is NOT

• ❌ Not claiming sentience or consciousness
• ❌ Not a vector database replacement for semantic similarity
• ❌ Not a distributed system (local-first, single agent)

What It Actually Does

• ✅ Persistent state across sessions
• ✅ Identity continuity (measurable drift metrics)
• ✅ Cryptographic tamper-evidence
• ✅ Human-readable, Git-friendly storage

---

License

Apache 2.0 — Open source, permissive, commercial use allowed.

Copyright 2026 Shawn Cohen

---

Support

• Issues: https://github.com/mvar-security/ClawSeal/issues
• Security: security@mvar.io
• Author: Shawn Cohen (shawn@universalmediaus.com)

---

This isn't theory. This is running code. Dated today.

Run the demo. Verify the signatures. See for yourself.