v0.5.2 Now Available: ButterVault OAuth & Tool Chaining

Post-Authorization Observability

Traditional security stops at the door. We watch the room.

Lightweight, local-first behavioral analysis and kinetic response system for Agentic AI infrastructure. Powered by a probabilistic Gemma 4 LLM judge.

Get Started View Documentation
server.py

🦞 ButterClaw Reasoning Engine v0.5.2 is ONLINE.

Active Model: gemma4:e4b

MCP Transport: sse (Remote Mode)

📡 [MCP] Initiating v0.5.2 Handshake Sequence...

📋 [LEDGER] Event ledger initialized. 42 historical events.

🔑 [OAUTH] Google Cloud connected. Tokens encrypted at rest.


============================================================

📥 [HTTP POST RECEIVED] Live Gateway Log

Payload: Origin: wss://malicious-vibe.net attempting to bind...

🧠 [HTTP 200 OK] Model returned CRITICAL (96%) in 1.2s.

🔗 [CHAIN] Brain composed 2-step chain for CRITICAL response

✅ [CHAIN] Step 0: scan_port → stored as 'port_status'

☢️ [CHAIN] Step 1: execute_gibson_kill (Condition Met)

🧈 [VAULT] Target keys & OAuth tokens buttered locally.

============================================================

The Sentinel Pipeline

A 6-Node Decoupled Architecture

Traditional security perimeters fail when authorized AI Agents are compromised. ButterClaw enforces **Evaluation before Execution**.

👀

1. The Watcher

watcher.py

A high-speed Python daemon tailing raw OS-level logs. Features a 4096-character context window to capture deeply embedded Prompt Injections before dispatching them to the brain.

🧠

2. The Brain

Gemma 4:e4b

The localized reasoning engine. It evaluates a sliding window of recent temporal memory to detect behavioral drift, and can dynamically compose multi-step tool chains to neutralize threats.

3. The API

server.py

The central nervous system. A Flask middleware router, MCP Process Manager, and Event Ledger host. It executes the Brain's tool chains safely and runs a background Auditor daemon to catch false positives.

🧈

4. The ButterVault

buttervault.py

Zero-trust credential storage. Now supports complete OAuth 2.0 token dictionaries alongside static API keys. Instantly overwrites all ciphertext with garbage if a breach is detected.

🦞

5. The Claws

butterclaw_mcp.py

The MCP Execution Layer. A stateless JSON-RPC 2.0 server supporting dual transport: standard I/O for local child processes, and a network-accessible SSE transport for remote clients.

🖥️

6. The UI Suite

routing.html

An XSS-safe, SSE-driven control panel. Visualizes the logic gate trace, monitors MCP health, and manages secure OAuth connections inside the ButterVault modal.

Adjustable Paranoia.

ButterClaw doesn't just block known vulnerabilities. It uses probabilistic reasoning to assess the *intent* of an action. You control how aggressive the response should be.

  • LVL 1

    Chill Mode

    Only blocks known 1-click RCE payloads. Background scanning is relaxed. API keys remain static.

  • LVL 2

    Cautious Mode

    Actively monitors SDK logs for plaintext token leaks and weird port sniffing attempts.

  • LVL 3

    Zero Trust (Gibson)

    If an external origin breathes on a monitored port, ButterClaw instantly shreds Vault ciphertext and triggers a multi-step execution chain to neutralize the threat.

UI Dashboard Preview
🚨

Cross-Site WebSocket Hijack

[Gate: Origin] [96% Confidence] External origin wss://malicious.net detected binding to local ports.

Multi-Step Chain View in Ledger →
📡

MCP Execution Layer

Status: Armed | Transport: SSE | Active Tools: 5

Tools: scan_port, log_event, execute_gibson_kill...

🧈

ButterVault Sync

Google Cloud tokens sealed & auto-refreshing.

🔗 Connected

Ready to secure your local agents?

ButterClaw v0.5.2 is open-source. Clone the repo, pull the Gemma 4 model, and arm the Vault.

View on GitHub