Enterprise Trust & Safety

GoClaw operates under a strict deny-by-default execution policy. Our 5-layer permission framework checks authorization at the Global System layer, the LLM Provider layer, the Tenant Workspace layer, the individual Agent Definition layer, and the specific Session Execution layer. This ensures agents can never run unauthorized command lines, read files outside designated paths, or leak sensitive directories.

All third-party LLM provider API credentials, database strings, and channel tokens are encrypted at rest using industry-standard AES-256-GCM. Decryption keys are loaded into system memory only at startup, and decrypted keys are never written to disk, console, or observability trace files in plaintext.

Any agent executing web fetching, page crawling, or headless browsing tools passes through an egress proxy verification layer. All outbound requests targeting private loopbacks (e.g., localhost, 127.0.0.1), link-local IP addresses (e.g., 169.254.169.254 AWS metadata endpoints), or internal subnets are automatically identified and blocked to prevent Server-Side Request Forgery.

GoClaw includes dynamic, real-time safety heuristics designed to parse incoming chat prompts and external web context streams. The parser detects structural patterns matching well-known prompt injection techniques and payload evasion schemes. Adversarial prompts are caught, logged, and isolated before passing into active model context windows.

GoClaw provides structural isolation at the database layer (PostgreSQL schemas and Row-Level Security), per-tenant configuration file storage directories, and isolated agent execution runtimes. With our built-in Role-Based Access Control (RBAC), organizations can guarantee that developers, operators, and agents operate within strictly segregated security sandboxes. Furthermore, rate limiting is applied granularly per tenant and per messaging channel to shield LLM budgets against runaway API costs or DDoS vectors.