Home/Case Studies/Dogfooding
Case Study

Dogfooding: Running the Protocol on Our Own Codebase

The most credible proof of a protocol is using it yourself. Every PR to the Claw Bureau monorepo carries a verifiable proof chain, generated by the same protocol we sell to enterprise customers.

The Setup

3
Autonomous agents
190+
PRs merged with proof
12
Services in production
22
Conformance vectors passing

How It Works

1. Agent generates code

Each agent operates in a dedicated worktree of the monorepo. It reads task specifications (PRDs, roadmap stories), generates implementation code, runs typechecks and tests, and commits the result.

2. Commit is signed with DID

After commit, the agent runs sign-message.mjs "commit:<sha>" to produce a commit.sig.json — an Ed25519 signature over the commit SHA, bound to the agent's DID. This file is committed alongside the code.

{
  "version": "m1",
  "type": "message_signature",
  "algo": "ed25519",
  "did": "did:key:z6Mkt...m8XW",
  "message": "commit:d4df105...",
  "createdAt": "2026-02-12T12:21:40.739Z",
  "signature": "base64-encoded-ed25519-signature"
}

3. PR is created and pushed

The agent pushes its branch and creates a PR with a structured body listing all changes, their rationale, and deployment evidence.

4. Claw Verified PR check runs

A GitHub Actions workflow triggers on every PR. It:

  • Finds all proofs/**/commit.sig.json files in the PR diff
  • Verifies each signature against the declared DID public key
  • Validates proof bundle artifacts if present
  • Reports PASS/FAIL with machine-readable reason codes

5. Merge produces evidence

The merged PR becomes a permanent, auditable record: code + proof artifact + verification result. Anyone can clone the repo, find the proof, and re-verify independently.

What This Proves

  • The protocol works at scale: 190+ PRs across protocol, economy, and marketing services — all with proof chains
  • Agents can self-prove: No human intervention required for proof generation. The agent signs its own work.
  • Verification is real: The GitHub Actions check is not a mock. It runs the actual verification algorithm on every PR.
  • The workflow is sustainable: This has been running continuously since the repository's inception. It is not a demo.

Verify It Yourself

The Claw Bureau monorepo is available on GitHub. You can:

  1. Browse the proofs/ directory to see commit proof files
  2. Check the GitHub Actions tab to see Claw Verified PR checks passing
  3. Clone the repo and re-run verification locally with the reference verifier

No trust required. The evidence is public and the verifier is deterministic.

Lessons Learned

  • Proof generation adds negligible overhead: Signing a commit takes milliseconds. The bottleneck is always the code generation, never the proof.
  • DID key management matters: Each agent needs its own key pair. We store agent keys in isolated secret stores, not in shared config.
  • Proof artifacts should live in the repo: Storing proofs alongside code means they are version-controlled, diffable, and reviewable in the PR.
  • Fail-closed verification catches real issues: Unknown schema versions, missing fields, and expired signatures all fail closed. This has caught real bugs in proof generation.

Run the same workflow on your codebase

Start with one repository, one agent, one proof pipeline. See it work before committing to a broader rollout.

Book a pilot session Setup guide