Skip to content

ClawSeal v1.0.0 — Cryptographic Memory for AI Agents

Choose a tag to compare

View all tags
@Sdvegas21 Sdvegas21 released this 14 Apr 23:17
· 24 commits to main since this release
v1.0.0
8f87f2d

ClawSeal v1.0.0

Stateless LLMs become stateful agents with tamper-evident memory, zero database dependencies.

What's New

Initial public release of ClawSeal — Scroll-Native Memory Architecture (SIP-0006) for AI agents.

Key Features

  • Scroll-native YAML storage — Human-readable memory files with QSEAL signatures
  • HMAC-SHA256 tamper-evidence — Every memory cryptographically signed and chain-linked
  • Text-based semantic search — Keyword matching with weighted scoring (no embeddings required)
  • Zero database dependencies — No ChromaDB, no vector databases, just PyYAML
  • Fail-closed security — Missing QSEAL_SECRET = hard error (no silent fallbacks)

Proven Claims

All claims verified with timestamped ground truth artifacts (April 14, 2026):

Claim Status
AI agents without ClawSeal drift 100% (complete amnesia) ✅ Proven
ClawSeal maintains 0% drift (perfect memory continuity) ✅ Proven
QSEAL signatures provide cryptographic proof ✅ Proven

See demo/expected_outputs/ for all proof artifacts.

Installation

# Clone repository
git clone https://github.com/mvar-security/ClawSeal.git
cd ClawSeal

# Run setup script (auto-generates QSEAL_SECRET)
./setup.sh

# Run three-layer demo
./run_full_demo.sh

Total dependencies: PyYAML (that's it)

Security Fixes (Pre-Release)

Three critical security fixes applied before v1.0.0 release:

  1. Chain Verification Bug — Added qseal_prev_signature to excluded_fields in verify_signature()
  2. Silent Dev Secret Fallback — Removed weak default, fail-closed error enforced
  3. Legacy Insecure Signing Path — Deprecated sha256(payload+secret), HMAC-SHA256 only

All fixes documented in CHANGELOG.md.

Documentation

  • README.md — Complete installation and usage guide
  • SIP_0006_SCROLL_NATIVE_MEMORY.md — Full specification
  • CLAIMS_REGISTRY.md — 28 verifiable claims with proof artifacts
  • SECURITY.md — Responsible disclosure process, QSEAL_SECRET handling
  • THREAT_MODEL.md — Attack surface analysis
  • CLAWHUB.md — ClawHub submission guide

What This Is NOT

  • ❌ Not claiming sentience or consciousness
  • ❌ Not a vector database replacement for semantic similarity
  • ❌ Not a distributed system (local-first, single agent)

What It Actually Does

  • ✅ Persistent state across sessions
  • ✅ Identity continuity (measurable drift metrics)
  • ✅ Cryptographic tamper-evidence
  • ✅ Human-readable, Git-friendly storage

License

Apache 2.0 — Open source, permissive, commercial use allowed.

Copyright 2026 Shawn Cohen

Support

This isn't theory. This is running code. Dated today.

Run the demo. Verify the signatures. See for yourself.

Assets 2
Loading