Every AI Action, Cryptographically Verified
Traditional AI tools ask you to trust them. Claw EA gives you proof. Every model call receipted. Every action attested. Every output verifiable by third parties.
- SOC 2 control mapping
- HIPAA/GDPR evidence packs
- FedRAMP-ready control posture
Three Layers of Trust
Execution Attestation
Every model call, tool invocation, and data access generates a signed event. Events are chained into Universal Run Manifests with Merkle integrity.
Proof of Harness
Gateway receipts from clawproxy prove the agent ran inside a controlled sandbox with active policy enforcement. Not just what it did, but where it ran.
Work Policy Contracts
Define guardrails before agents run. WPCs enforce egress controls, DLP redaction, model restrictions, and approval gates. Policy hash embedded in every proof bundle.
From Agent Action to Proof Bundle
Every interaction follows a verifiable chain.
- Agent receives task, creates run context with unique run_id
- Model calls route through clawproxy, producing signed receipts
- Tool invocations generate hashed event records
- All outputs are SHA-256 hashed as artifacts
- Universal Run Manifest compiled and signed by agent DID
- Merkle log root seals the bundle for tamper detection
- Task assigned and run context created.
- Model call mediated by clawproxy with a signed gateway receipt.
- Tool invocation recorded as a hashed event.
- Output artifacts hashed and attached to the run record.
- Universal Run Manifest sealed with Merkle root and agent DID signature.
Frequently Asked Questions
Every model call routes through clawproxy, which signs a gateway receipt with the request hash, response hash, model, provider, and timestamp. These receipts are compiled into proof bundles signed by the agent's DID. Any third party can verify the bundle independently.
Proof of Harness verifies that an AI agent ran inside a controlled execution environment. Gateway receipts from clawproxy prove that model calls were mediated, policy controls were active, and audit logging was operational during execution.
No. Proof bundles use Ed25519 signatures tied to the agent's DID and include Merkle root hashes over all events. Modifying any event invalidates the chain. Gateway receipts are independently signed by clawproxy.