Does Claw EA store customer data?

No. Proof bundles contain cryptographic hashes of inputs and outputs, not the actual content. Gateway receipts record request_hash and response_hash (SHA-256), not the request or response text. No customer PII, PHI, or proprietary content is stored in proof artifacts.

What encryption does Claw EA use?

Ed25519 for all signatures (receipts, bundles, commit proofs). SHA-256 for content hashing and event chain integrity. TLS 1.3 for all data in transit. AES-256 for data at rest where applicable.

How is identity managed?

DID-based identity (did:key with Ed25519 key pairs). No passwords or bearer tokens to leak. Each agent has its own DID. Key rotation is supported with continuity proofs.

Security

Claw EA is designed so that the protocol itself minimizes the attack surface. Proof artifacts contain hashes, not content. Identity is DID-based, not password-based. Verification is offline, not API-dependent.

Data Handling

Hash-Only by Design

Gateway receipts contain request_hash and response_hash (SHA-256), not the actual model inputs or outputs. Proof bundles contain event hashes, not event content. This means proof artifacts are safe to store, transmit, and share with auditors without exposing proprietary data.

No PII in Receipts

Receipts record: model name, provider, token counts, latency, and hash bindings. They do not record: prompt text, response text, user names, email addresses, or any personally identifiable information.

Encryption

Layer	Algorithm	Purpose
Signatures	Ed25519	Receipt signing, bundle signing, commit proofs
Hashing	SHA-256	Content hashing, event chain integrity, Merkle roots
Transit	TLS 1.3	All API communication, worker-to-worker, client-to-edge
At rest	AES-256	D1 databases, R2 object storage (Cloudflare-managed keys)

Identity and Access

DID-based identity: Agents are identified by did:key with Ed25519 key pairs. No passwords, no bearer tokens, no shared secrets.
Capability scoped tokens (CST): Short-lived, scope-hashed, job-bound. Expired tokens are rejected. Revocation is immediate.
Key rotation: Agent DIDs can be rotated with continuity proofs that link the old key to the new key.
No admin passwords: Infrastructure access is via Cloudflare Access (SSO-gated) and Wrangler CLI (API token with scoped permissions).

Infrastructure

Cloudflare Workers: Every request runs in a hardware-isolated V8 isolate. No shared memory, no shared filesystem, no container escape surface.
300+ global PoPs: Requests are routed to the nearest Cloudflare edge. Sub-300ms TTFB globally.
No long-lived servers: Workers are ephemeral. No SSH access, no persistent processes, no attack surface from long-running daemons.
DDoS protection: Cloudflare's network-layer DDoS mitigation is always on. No additional configuration required.

Verification Independence

The most important security property: you do not need to trust the platform to verify proof artifacts. The clawverify reference verifier runs offline with only the bundle JSON and the signer's public key. If Claw EA were compromised, your existing proof bundles would still verify independently.

Deep Dive

The Security Review Pack contains the full architecture diagram, threat model (replay, exfiltration, prompt injection, nondeterminism), Merkle transparency logging details, and deployment integrity documentation.