v0.1.5 – Full Security Primitive Stack
What's Shipped
Phase A: WebSocket + control-plane enforcement
trusted_websocket_originsvalidationnetwork_mode:localhost_only/allowlist_onlyUNTRUSTED_WEBSOCKET_ORIGINreason codeclawzero doctor:Exposure........ OK
Phase B: Package trust validation
UNSIGNED_MARKETPLACE_PACKAGEblockingprod_lockedblocks unsigned ClawHub skillsclawzero audit decision --package-source ...
Phase C: Temporal taint tracking
- delayed activation detection
taint_age_hoursthreshold enforcement pathDELAYED_TAINT_TRIGGERreason code
Phase D: Budget + abuse controls
budget_max_cost_usdenforcementbudget_max_calls_per_windowbudget_max_calls_per_sinkBUDGET_LIMIT_EXCEEDEDreason code
Proof
pip install clawzero==0.1.5
clawzero doctor openclawRuntime......... OK (mvar-security 1.4.3)
Witness......... OK (chain valid)
Demo............ OK (attack blocked)
Exposure........ OK (control-plane guards active)
Witness signer: Ed25519 (QSEAL) ✓
Status: SECURE
CI
Green across ubuntu+macos × 3.10/3.11/3.12/3.13
Release gate: PASS
Download smoke: PASS
See docs/RELEASE_PROOF_0_1_5.md for full proof commands.