Skip to content

README.md

Latest commit

 

History

History
86 lines (54 loc) · 2.33 KB

README.md

File metadata and controls

86 lines (54 loc) · 2.33 KB

ClawLedger

Witness ledger for OpenExec + ClawShield

ClawLedger exists to make governed execution provable.

It does not execute tasks. It does not decide policy. It does not enforce boundaries.

It records what happened, when, and under which governance context — so decisions can be reviewed, shared, and defended outside the system that performed them.

System architecture

This project is part of a three-layer governed execution system:

  • OpenExec executes actions deterministically.
  • ClawShield governs whether actions are permitted before execution.
  • ClawLedger records immutable receipts of what was decided and why.

Execution, governance, and evidence are intentionally separated. No layer replaces another. Together, they make autonomous systems legible, reviewable, and defensible.

What you are looking at

This repository is the canonical reference for the ClawLedger witness model:

  • What constitutes a receipt / witness record
  • What fields are required for verification
  • What must be immutable once written
  • How attestations are derived and exported

The running services and UI may be implemented elsewhere. This repository defines intent, scope, and guarantees.

Relationship to OpenExec and ClawShield

  • OpenExec executes actions (bounded execution).
  • ClawShield governs whether actions are allowed (policy gate).
  • ClawLedger witnesses outcomes and preserves evidence (verifiable history).

ClawLedger does not wrap runtime execution. It records outputs produced by systems that executed and governed the action.

Related repositories

Core witness record (concept)

A witness record SHOULD include:

  • Action metadata (what was requested)
  • Target metadata (what the action touched)
  • Governance context (policy hash / version)
  • Decision (allowed / denied)
  • Outcome (what actually happened, if executed)
  • Timestamp + monotonic ordering
  • Integrity marker (hash / seal / signature)
  • Optional: export bundle pointer (for portability)

Receipts are evidence. They should not expire.

Status

Canonical contract repository.

License: To be defined.