Skip to content
ClawForge

Security

Operational posture for a governance layer.

ClawForge is the operations layer for enterprise AI agents. The trust boundary, incident path, and disclosure route are explicit — no certifications claimed beyond what is in place, and no opaque deployment shape.

Self-hosted deployment keeps the control plane, admin surface, and storage boundary in customer-managed infrastructure.

Policy enforcement happens close to the assistant runtime instead of relying on a detached reporting-only layer.

Audit trails are a product surface, not an afterthought added once rollout becomes painful.

Incident controls are visible and operational, with kill-switch state designed to propagate through the same control loop as policy updates.

Security model

The launch story is about clear boundaries and visible controls

Launch posture should help technical buyers understand what ClawForge secures, what the customer still owns, and how emergency state moves across the fleet.

Identity and access

ClawForge supports SSO / OIDC and password-based paths, with org-scoped roles deciding who can review policies, inspect events, and change emergency state.

Audit logging

Tool attempts, session activity, and related operator actions are intended to be queryable in the control plane so teams can inspect behavior without reconstructing it from scattered local logs.

Fail-secure posture

The heartbeat model carries policy freshness and kill-switch state. If the control plane becomes unreachable for too long, the runtime model is designed to fail secure rather than silently continuing under stale assumptions.

Release hygiene

The public product repo shows CI and release automation in view. That keeps the shipping history inspectable and makes it easier for evaluators to understand how changes move from source to package updates.

Shared responsibility

What ClawForge secures, and what it does not

ClawForge is meant to strengthen the governance layer, not to replace infrastructure, identity, or runtime security responsibilities outside its boundary.

ClawForge secures

  • Policy distribution and enforcement boundary.
  • Audit collection, retention configuration, and operator query surface.
  • Incident-control surfaces, including the remote kill switch and heartbeat propagation.

You still own

  • Infrastructure hardening, network policy, and database posture.
  • Identity-provider configuration and secrets management.
  • Assistant-specific behavior outside the governed adapter surface.

Responsible disclosure

Use the public contact path for security reports at launch

A dedicated disclosure alias can be swapped in later. For launch, the contact route and general inbox stay explicit so there is at least one public path for reporting issues.

Send responsible disclosures to contact@clawforge.co. If you are using the website contact form instead, choose the security disclosure inquiry type so the message is routed with the right context.

Email contact@clawforge.co

A reproduction outline, impacted surface, and severity estimate are enough to start the follow-up — please avoid attaching unnecessary sensitive material in the first contact.