We present enclawed, a hard-fork hardening framework built on top of the OpenClawsingle-user personal artificial intelligence (AI) assistant gateway. enclawed targets deploy-ments that need attestable peer trust, deny-by-default external connectivity, signed-moduleloading, and a tamper-evident audit trail — typically regulated industries such as finan-cial services, healthcare, defense contracting, regulated R&D, and government enclaves.The framework ships in two flavors: an open flavor that preserves OpenClaw compatibil-ity while still emitting audit, classification, and data-loss-prevention (DLP) signals, and anenclaved flavor that activates strict allowlists, Federal Information Processing Standards(FIPS) cryptographic-module assertion, mandatory module-manifest signature verification,and high-assurance peer attestation for the Model Context Protocol (MCP). The classifica-tion ladder is fully data-driven: a deploying organization selects from five built-in presets(generic, US-government, healthcare, financial services, three-tier) or supplies its own JSON.We accompany the implementation with a security review, a 204-case test suite (146 unittests, 58 adversarial pen-tests for tamper detection, signature forgery, egress bypass, trust-root mutation, DLP evasion, prompt injection, and code injection), real-time human-in-the-loop control (per-agent pause / resume / stop and approval queues), a memory-boundedsecure transaction buffer with rollback (default cap 50% of system RAM, configurable), astrict-mode TypeScript typecheck of all 22 framework files, and a GitHub Actions workflowready for continuous integration. enclawed is a hardening framework, not an ac-credited compliance certification. The deploying organization remains responsible forhardware, validated cryptographic modules, certified facilities, and assessor sign-off.
Alfredo Metere (Fri,) studied this question.