v0.6.3.2 Now Available: The Exoskeleton

Post-Authorization Observability

Traditional security stops at the door. We watch the room.

A fully containerized, local-first behavioral analysis and kinetic response SOC for Agentic AI infrastructure. Powered by deterministic DRIFT policies and a probabilistic LLM judge.

Try Demo
docker-compose logs -f butterclaw

🦞 ButterClaw Exoskeleton v0.6.3.2 is ONLINE.

Routing: Nginx TLS Reverse Proxy

Active Model: gemma4:e4b (Local GPU Bridged)

🔐 [AUTH] Zero-Trust API Gateway Armed.

🛡️ [POLICY] DRIFT Engine initialized: 16 strict guardrails active.

🔔 [ALERT] Air-gapped ntfy push dispatcher ready.

============================================================

📥 [HTTP POST RECEIVED] Live Gateway Log

Payload: Origin: wss://malicious-vibe.net attempting to bind...

🧠 [HTTP 200 OK] Model returned CRITICAL (99%) in 1.2s.

✅ [POLICY] Pre-Tool Gate Passed: execute_gibson_kill allowed.

🔔 [ALERT] Dispatching verdict_critical to 3 channels...

☢️ [VAULT] Gibson Triggered: Active network token assassination in progress...

============================================================

The Sentinel Pipeline

A 6-Node Decoupled Architecture

Traditional security perimeters fail when authorized AI Agents are compromised. ButterClaw enforces **Evaluation before Execution**.

👀

1. The Watcher

watcher.py

A high-speed Python daemon tailing raw OS-level logs. Features auto-serialization on SIGTERM to prevent log loss during container reboots, securely passing Bearer tokens to the Gateway.

🧠

2. The Brain

Gemma 4:e4b

The localized reasoning engine. It evaluates a sliding window of recent temporal memory to detect behavioral drift, and can dynamically compose multi-step tool chains to neutralize threats.

🛡️

3. The API & Policy

server.py / policy_engine.py

The central nervous system shielded by HMAC-SHA256 Auth. Features a deterministic Policy Engine that applies pre-brain, post-brain, and pre-tool guardrails to constrain probabilistic drift.

🧈

4. The ButterVault

buttervault.py

Zero-trust credential storage. Instantly obliterates local DB entries on breach, and now fires live HTTP requests to actively assassinate remote GitHub/Google OAuth tokens before local wipe.

🔔

5. The Dispatcher

alert_dispatcher.py

Air-gapped notification routing. Routes 9 critical event types to 5 distinct channels (ntfy, Discord, SMTP, Gotify, Webhooks). "Alert-then-burn" guarantees you know what happened before the Gibson fires.

🖥️

6. The UI Suite

Docker + Nginx TLS

A highly polished, class-based Dark Mode control panel entirely isolated behind an Nginx reverse proxy. Control policies, test injection payloads with Double Air-Gaps, and monitor MCP health.

Adjustable Paranoia.

ButterClaw doesn't just block known vulnerabilities. It uses probabilistic reasoning combined with deterministic DRIFT guardrails to assess intent. You control how aggressive the response should be.

  • LVL 1

    Chill Mode

    Only blocks known 1-click RCE payloads. Background scanning is relaxed. API keys remain static.

  • LVL 2

    Cautious Mode

    Actively monitors SDK logs for plaintext token leaks. Uses Policy Engine blocks to catch suspicious pre-tool calls.

  • LVL 3

    Zero Trust (Gibson)

    If an external origin breathes on a monitored port, ButterClaw instantly actively assassinates remote OAuth tokens, shreds local Vault ciphertext, and pushes a mobile alert to your phone.

UI Dashboard Preview
🚨

Auth Brute-Force Detected

[Gate: Origin] [99% Confidence] External origin attempting to brute-force Gateway.

🛡️ Policy Override 🔔 Alert Sent
📡

MCP Execution Layer

Status: Armed | Transport: SSE | Active Tools: 5

Tools: scan_port (SSRF Locked), execute_gibson...

🧈

ButterVault Sync

Google Cloud tokens sealed & auto-refreshing.

🔗 Connected Active Assassination Ready

Ready to secure your local agents?

ButterClaw v0.6.3.2 is open-source. Clone the repo, spin up the Docker stack, and arm the Vault.

View on GitHub