Skip to content

v0.1.5 – Full Security Primitive Stack

Choose a tag to compare

@Sdvegas21 Sdvegas21 released this 20 Mar 21:49

What's Shipped

Phase A: WebSocket + control-plane enforcement

  • trusted_websocket_origins validation
  • network_mode: localhost_only / allowlist_only
  • UNTRUSTED_WEBSOCKET_ORIGIN reason code
  • clawzero doctor: Exposure........ OK

Phase B: Package trust validation

  • UNSIGNED_MARKETPLACE_PACKAGE blocking
  • prod_locked blocks unsigned ClawHub skills
  • clawzero audit decision --package-source ...

Phase C: Temporal taint tracking

  • delayed activation detection
  • taint_age_hours threshold enforcement path
  • DELAYED_TAINT_TRIGGER reason code

Phase D: Budget + abuse controls

  • budget_max_cost_usd enforcement
  • budget_max_calls_per_window
  • budget_max_calls_per_sink
  • BUDGET_LIMIT_EXCEEDED reason code

Proof

pip install clawzero==0.1.5
clawzero doctor openclaw
Runtime......... OK (mvar-security 1.4.3)
Witness......... OK (chain valid)
Demo............ OK (attack blocked)
Exposure........ OK (control-plane guards active)
Witness signer:  Ed25519 (QSEAL) ✓
Status: SECURE

CI

Green across ubuntu+macos × 3.10/3.11/3.12/3.13
Release gate: PASS
Download smoke: PASS

See docs/RELEASE_PROOF_0_1_5.md for full proof commands.