Governance Pipeline

Crawl. Gate. Sign. Ship.

Agent Clawbrary is the cryptographic supply chain for AI agent skills. Every skill is crawled from public sources, evaluated by DetGate, signed with Ed25519, and Merkle-chained before any agent can execute it. No receipt, no execution. No exceptions.

Browse DirectoryOperator CatalogRejection Log
164
Skills
28
Agents
133
Automations
131
Published
192
Receipts
0
Rejections
The Pipeline

How It Works

Step 01

Crawl & Discover

cl-crawler scans GitHub, npm, PyPI, and Hugging Face every 15 minutes. Skill manifests are parsed, hashed, and queued for evaluation.

Four adapters · SHA-256 manifest hashing · SQS FIFO dispatch
Step 02

Gate & Evaluate

DetGate evaluates TierDrivingFacts — mutation type, criticality, impact, cross-boundary access, identity root contact. Three verdicts: Pass, Escalate, Reject.

Risk tiers T0–T3 · Threshold signing (2-of-3 for T2, 3-of-3 for T3)
Step 03

Sign & Chain

Passing skills get an Ed25519 or ECDSA P-256 signed receipt. Every receipt is appended to a Merkle chain. Rejected skills get a public rejection log with findings.

Append-only · Merkle-anchored · Tamper-evident chain
Step 04

Distribute

Attested bundles are exported in three formats — Claude Code skill (.md), MCP tool definitions (.json), and raw bundle with full manifest + SBOM + receipt. Served through the /api/v1/skills/[id]/bundle endpoint.

S3 exports · API-key authenticated · Rate-limited
Step 05

Public Directory

Atestiv.com surfaces the catalog as a public governance directory. Every listing shows its receipt card — signer, Merkle root, signature, risk tier. Downloads go through our governed API, not raw source.

SEO-indexed · Receipt verification · Attested downloads
Architecture

Three-Repo Governance System

Gate Engine

SovereignClaw

Deterministic execution control. Evaluates skills through DetGate, signs Ed25519 receipts, enforces mechanical refusal at runtime.

sovclaw skill vet → receipts
Catalog Backend

Agent Clawbrary

Skill supply chain. Crawls sources, ingests signed receipts, serves attested bundles. The governed source of truth.

claw ingest → Supabase → bundles
Public Directory

Atestiv

Public governance directory. Browse attested listings, verify receipts, download governed bundles. The consumer-facing layer.

atestiv.com → badges + downloads
Live Pipeline

Operator Dashboard

Recent Receipts

192 total
s-memoryT0_STANDARD
50c69952045bbc74...4/1/2026
skill-cli-tui-architectlow
9f4fdad33640829d...4/1/2026
s-error-handlingT0_STANDARD
f37471ce0f50aac1...4/1/2026
ecc-agent-loop-controlsmedium
213907f9413230d5...4/1/2026
ecc-django-verificationlow
65fb51fe6d03284b...4/1/2026

Signing Keys

activeEd25519
sovereign-claw-ed25519
Activated: 4/1/2026

API Endpoints

GET/api/v1/catalog
GET/api/v1/keys
GET/api/v1/skills/:id/bundle
GET/api/v1/skills/:id/receipt
GET/api/v1/skills/:id/verify
GET/api/v1/rejections