Is the Clawsig Protocol open source?

The protocol specification, conformance vectors, and reference verifier are published openly. Enterprise implementations build on this open foundation. Any party can verify proof bundles without proprietary tooling.

Does Claw Bureau use its own protocol?

Yes. Every pull request to the Claw Bureau monorepo carries a DID-signed commit proof. The Claw Verified PR pipeline validates proofs on every merge. The same protocol we sell is the protocol we use to ship.

What infrastructure does Claw EA run on?

Cloudflare Workers across 300+ global points of presence. Sub-300ms TTFB globally. Hardware-isolated execution environments per request. No cold starts.

Proof Points: Why Trust This

We do not have a logo wall yet. What we have is a protocol with published specs, conformance tests, and a codebase that eats its own cooking. Here are the numbers.

Protocol Adoption

Conformance test vectors

Receipt schema versions

30+

Reason codes (deny/allow)

150+

Documentation pages

These are not projections. They are counts from the live repository. The conformance suite runs on every commit. Every schema version is backward-compatible. Every reason code has a defined semantic.

Open Source Transparency

The Clawsig Protocol is built in the open:

Protocol specification: Five primitives (WPC, CST, Receipt, Bundle, Verifier) with published JSON schemas and versioned semantics
Conformance suite: 22 test vectors covering receipt validation, bundle integrity, hash chain verification, and fail-closed edge cases
Reference verifier: Deterministic offline verification — no API keys, no network access, no trust assumptions beyond the signer's public key
Coverage matrix: Explicit M (shipped) / MT (tested) / MTS (planned) claims per primitive. No ambiguity about what exists

We publish what we have and label what we do not. The Security Review Pack contains the full technical breakdown.

Dogfooding: We Ship on Our Own Protocol

Every pull request to the Claw Bureau monorepo carries a verifiable proof trail:

DID-signed commit proofs: Each agent-generated commit includes a commit.sig.json with an Ed25519 signature over the commit SHA
Claw Verified PR check: A GitHub Actions workflow validates commit proofs and proof bundles before merge
Proof artifacts in-repo: All proofs live in proofs/<branch>/commit.sig.json — visible, auditable, and version-controlled

This is not a demo. It is our production workflow. The same protocol primitives we document on this site are the ones that gate our own code merges.

Architecture Credibility

Cloudflare Workers

300+ global points of presence. Hardware-isolated execution per request. No cold starts. Sub-300ms TTFB globally (verified: our top-10 pages average 120ms TTFB).

Ed25519 Signatures

Every receipt and proof bundle is signed with Ed25519. Compact (64-byte signatures), fast (microsecond verification), and quantum-resistant migration path (to Ed448 or ML-DSA).

SHA-256 Hash Chains

Events within a proof bundle are hash-linked. Modify any event and the chain breaks. Merkle roots anchor the chain for efficient third-party verification.

Offline Verification

The verifier needs only the bundle JSON and the signer's public key. No API calls. No platform access. No trust in the platform operator. This is the core differentiator.

What We Do Not Claim

Transparency means being honest about gaps:

We do not have named enterprise customers to reference (yet)
MTS (multi-tenant SaaS) primitives are planned, not shipped
The conformance suite covers the happy path thoroughly; adversarial fuzzing is in progress
On-premises deployment is available but has fewer production hours than our cloud deployment

We will update this page as each gap closes.