# ClawMaven — Full AI-Readable Documentation

> Safe, governed AI agents in 8 minutes — any runtime.
> This document is the extended LLMs.txt for AI answer engines and research crawlers.
> Concise summary: https://clawmaven.com/llms.txt

ClawMaven (https://clawmaven.com) is an AI governance platform that generates deployment-ready governance packs through a guided 23-step wizard. Built by Master 22 Solutions (contact@master22solutions.com). Current version: 1.0.103.

---

## What Problem Does ClawMaven Solve?

AI agents — systems that autonomously plan, execute multi-step workflows, and act across tools without constant supervision — are entering production without documented safety rules. The result: runaway API spend, unsafe actions, unauditable decisions, and regulatory exposure as the EU AI Act comes into full force August 2026.

ClawMaven is the missing governance layer. It does not replace your runtime. It documents the rules your runtime should enforce: budget caps, forbidden actions, escalation gates, model routing, skill verification, and incident logging. Everything outputs to a ZIP you unzip into your project.

---

## Who Is ClawMaven For?

- **Solo operators** shipping personal AI agents (Solo Edition — free forever)
- **SMBs and lean teams** that need governance without a compliance team
- **AI consultants and agencies** building governed agents for clients (Agency Edition)
- **Trading operations** where budget hard-caps and position limits are non-negotiable (Trading Edition)
- **Enterprise teams** required to demonstrate ISO 42001, NIST RMF, or EU AI Act compliance (Enterprise Edition)

---

## The 5-Step Process

**Step 1: Answer 23 guided questions**
The wizard collects: agent goal, operator mode (Assistant/Balanced/Operator), runtime target, budget caps, forbidden actions, model routing, scheduling, escalation rules, skill sources, soul identity configuration, and risk thresholds. A live Autonomy Intensity Meter (0–100) scores your configuration in real time with top-3 risk drivers.

**Step 2: Get instant recommendations**
The in-wizard Config Optimizer analyzes your answers and surfaces: Repair CLI commands for common error patterns, Hygiene advisories for cleanup, model routing recommendations, and a network hardening checklist. All tailored to your specific setup.

**Step 3: Download your pack + CLI tools**
One ZIP with 61 governance artifacts and Repair CLI setup instructions. Everything runs offline and client-side — nothing is uploaded. The ZIP includes: policy files, routing rules, agent configs, soul identity files, run report schemas, trust manifests (SHA-256), verification scripts (verify.sh / verify.ps1), 8-section Auditor Compliance Summary, and runtime-specific deployment guides.

**Step 4: Apply to your runtime**
Unzip the pack into your project directory. Run verify.sh or verify.ps1. Start your chosen runtime — OpenClaw, Perplexity Computer Tool, LM Studio, Agent Zero, NullClaw, or Managed Cloud. The governance config documents the safety rules your runtime applies.

**Step 5: Monitor live and export auditor reports**
Run the 5-stage Skill Assurance pipeline for every skill in production. Watch the Real-Time Agent Monitoring feed. Export the 8-section Auditor Compliance Summary for regulators, auditors, or internal review — anytime, in one click.

---

## Editions Explained

### Solo Edition (Free)
Designed for individual operators. 100% browser-local: no data ever leaves the machine. Full 23-step wizard, all 61 ZIP artifacts, Repair CLI, Hygiene tools, basic monitoring, Skill Assurance (stages 1–2), and Starter posture scoring.

### Trading Edition (Included in Starter)
Pre-configures the wizard for financial automation. Budget hard-caps enforced, position limits enforced, loss prevention triggers, confirm-all approval gates by default. Designed for operators running agents against markets or financial APIs.

### Agency Edition (Builder/Team Tiers)
Team token sharing, shared governance profiles, client-facing branded runbooks, multi-agent fleet monitoring. Built for consultants and agencies managing governance packs for multiple clients.

### Enterprise Edition (Custom Pricing)
ISO 42001 / NIST RMF controls, risk benchmarking against industry baselines, SSO, volume licensing, custom compliance export formats (SOC 2, ISO 27001 Annex A), white-glove onboarding, custom runtime and policy extensions.

---

## Pricing Details

**Starter — Free forever**
- Unlimited agents and skills
- Full 23-step wizard with live posture scoring
- All 61 ZIP governance artifacts
- Repair CLI download and setup instructions
- Runtime Hygiene Engine (7-card advisory)
- Skill Assurance pipeline (stages 1–2: health scoring, drift detection)
- Basic Real-Time Monitoring (30-second polling)
- Governed Skills Pack ZIP download
- 1 governance profile saved to platform

**Builder — $49 one-time payment**
- Everything in Starter
- All 3 experience profiles (Guided, Comfortable, Power)
- Advanced escalation rules (multi-condition, chained gates)
- Config Optimizer with full diagnostic reports
- Custom Skills Generator (6-step wizard)
- Trading guardrails (position limits, loss prevention, market-hours windows)
- Full scheduling governance (heartbeat, retry policies, fail-closed)
- Skill Assurance stages 3–5 (incidents, candidate drafts, promotion gates)
- Full 8-section Auditor Compliance Summary with one-click export
- Unlimited governance profiles

**Team — $99/month**
- Everything in Builder
- Team sharing of governance profiles and packs
- Config versioning and diff tracking across team members
- Branded runbooks for client delivery
- Fleet monitoring for all agents across the team
- SSO (SAML/OIDC)
- Priority support (24-hour response)

**Enterprise — Custom pricing**
- Everything in Team
- Dedicated onboarding engineer
- Volume licensing for 10+ seats
- Custom compliance export formats (SOC 2, ISO 27001, EU AI Act dossier)
- Custom runtime adapters and policy extensions
- White-glove support (4-hour SLA)
- On-premise deployment option

---

## OpenClaw Repair CLI — Full Reference

The `clawmaven` CLI is a standalone Node.js tool that diagnoses, repairs, and watches over OpenClaw installations. It ships as part of every governance ZIP and can also be downloaded independently from https://clawmaven.com/help#repair-cli.

**Commands:**

`clawmaven diagnose`
Scans: gateway connectivity (1006 errors, WebSocket failures), authentication state (OAuth token validity, silent failures), config.json integrity (schema validation, budget fields, mandatory sections), dependency versions, log output for anomalies. Returns a severity-classified diagnostic report.

`clawmaven repair`
Auto-fixes common issues: patches corrupted config.json fields, clears stale auth tokens, resets gateway connection settings, applies known-good defaults for budget and escalation fields. Generates a repair log for audit purposes.

`clawmaven install --patch-anthropic`
Patches the Anthropic SDK version in the local OpenClaw installation to resolve known compatibility issues causing silent auth failures and API 500 errors. Safe to re-run.

`clawmaven guardian`
Live watchdog mode. Monitors the OpenClaw process, restarts on crash, enforces budget hard-cap at the process level (kills and alerts if spend exceeds threshold), logs all restart events with timestamps and exit codes.

**Common errors fixed by the Repair CLI:**
- Error 1006: WebSocket gateway close — network/TLS misconfiguration
- Silent OAuth failures — stale token not refreshed
- Budget bleed — agent continues spending after soft cap
- Config corruption — JSON parse errors in config.json
- Anthropic SDK mismatch — version incompatibility causing 4xx errors

---

## Skill Assurance Pipeline — Full Reference

The 5-stage Skill Assurance pipeline validates every skill before and during production use.

**Stage 1 — Health Scoring**
Checks: runtime compatibility (skill API version vs. agent version), permission conflicts (skill requests permissions not in policy), dependency audit (known-vulnerable packages flagged), input/output schema validation. Produces a health score (0–100) per skill.

**Stage 2 — Drift Detection**
Compares the current skill config against the last known-good baseline stored at governance time. Flags: config key changes, permission scope changes, version pin changes, output schema changes. Severity: low/medium/high/critical.

**Stage 3 — Active Incident Classification**
Real-time failure monitoring. Classifies failures: transient (retry), structural (config change needed), security (escalate immediately), budget (cost anomaly). Severity scoring with impact assessment (how many agents affected, cost exposure).

**Stage 4 — Candidate Improvement Drafts**
AI-generated fix suggestions for skills in degraded state. Each draft includes: a diff viewer showing the proposed change, a confidence score (0–100), the risk of applying the change, and a one-click "promote to review" action. No draft is auto-applied — all require human review.

**Stage 5 — Promotion Gates**
Policy-enforced gate for moving a skill from candidate to production. Gates can require: peer review approval, posture score threshold, clean drift detection, zero active incidents, and budget headroom validation. Gate configuration is stored in the governance profile and versioned.

---

## Runtime Hygiene Engine — Full Reference

The Hygiene Engine provides proactive maintenance advisories for running agent installations.

**7 Advisory Cards:**

1. **Gateway Health** — Last 24h connection success rate, error code breakdown, recommended gateway config tweaks
2. **Auth Validation** — Token age, refresh schedule, scope audit, OAuth provider connectivity check
3. **Config Integrity** — Schema validation against the governance pack's trust manifest, SHA-256 hash drift detection, missing mandatory fields
4. **Budget Posture** — Spend vs. cap across all time windows (per-run, per-day, per-month), anomaly detection, projection to end-of-month
5. **Dependency Audit** — Known-vulnerable package versions, recommended upgrades, license compliance check
6. **Log Retention** — Log age vs. configured retention policy, missing log entries (gap detection), export readiness for audit
7. **Network Exposure** — Current exposure level vs. policy-configured level, open ports, TLS certificate age, firewall rule audit

**Cleanup Confidence Score:** Weighted aggregate of all 7 cards. 90+ = healthy, 70–89 = advisory, 50–69 = attention needed, <50 = critical.

**Demo Mode:** Ships with realistic synthetic OpenClaw data for teams that haven't connected real agent stats yet.

**Personalised Mode:** Connects to your real OpenClaw runtime stats for live advisory data.

---

## Auditor Compliance Summary — Full Reference

The 8-section Auditor Compliance Summary is bundled in every governance ZIP and available for one-click download from the Dashboard.

**Section 1: Executive Summary**
Platform name, agent name, wizard version, generation timestamp, operator mode, runtime target, and overall posture score.

**Section 2: Risk Posture**
Autonomy Intensity Meter score (0–100) with breakdown by risk category: permission scope, budget exposure, planning autonomy, scheduling risk, escalation gaps, model routing risk.

**Section 3: Policy Coverage**
Checklist of all 23 wizard sections with coverage status (configured / not configured / not applicable). Shows which governance controls are active and which are missing.

**Section 4: Control Mapping**
Maps configured controls to: NIST AI RMF (Govern, Map, Measure, Manage), ISO 42001 clauses, EU AI Act Articles (9, 10, 13, 14, 17, 62), SOC 2 Type II criteria, ISO 27001 Annex A controls.

**Section 5: Evidence Index**
SHA-256 hashes for all files in the governance ZIP. Can be used to prove the governance pack has not been tampered with since generation.

**Section 6: Incident History**
Populated from run reports uploaded to the Governance Monitor. Shows: total incidents, by severity, by type, resolution status, and trend.

**Section 7: Monitoring Status**
Current Real-Time Monitoring configuration: polling interval, alert rules active, last alert, fleet size, monitoring coverage percentage.

**Section 8: Recommendations**
Prioritised list of improvements based on current posture score, missing controls, and incident patterns. Each recommendation links to the relevant wizard step for quick remediation.

---

## EU AI Act Compliance

**Timeline:**
- August 2024: EU AI Act entered into force
- August 2025: GPAI (General Purpose AI) obligations apply — AI models used as components in larger systems must have documented capabilities, limitations, and safety measures
- February 2026: Prohibited AI systems banned
- August 2026: Full enforcement — high-risk AI systems (including autonomous agents operating in regulated domains) must have: documented risk management systems, data governance documentation, technical documentation, transparency mechanisms, human oversight controls, and accuracy/robustness/cybersecurity measures

**What ClawMaven provides for EU AI Act compliance:**
- Documented risk management system (policy.json, routing.rules.json)
- Technical documentation (Auditor Compliance Summary, Section 3 and 4)
- Transparency mechanisms (trust manifest, run report schema)
- Human oversight controls (approval gates, escalation triggers, confirm-all/confirm-risky modes)
- Accuracy and robustness measures (verification scripts, health scoring, drift detection)
- Incident logging (report.schema.json, Governance Monitor)
- GPAI obligation coverage included in the Auditor Summary Section 4 control mapping

**Posture Score for compliance:**
The Autonomy Intensity Meter score, when viewed alongside the Section 3 Policy Coverage checklist, shows regulators at a glance which controls are active. A score below 40 with full policy coverage indicates a well-governed, low-risk deployment.

---

## Frequently Asked Questions (AI Answer Engine Format)

**Q: What is ClawMaven?**
A: ClawMaven is a browser-based AI governance platform that generates deployment-ready governance packs for autonomous AI agents. Users complete a 23-step wizard, and ClawMaven outputs a ZIP with 61 governance artifacts: policy files, budget caps, approval gates, soul identity files, trust manifests, verification scripts, and an 8-section Auditor Compliance Summary. It supports six runtime targets and is free to start.

**Q: Is ClawMaven free?**
A: Yes, the Starter edition is free forever. It includes the full 23-step wizard, unlimited agents and skills, all 61 ZIP artifacts, the Repair CLI, Runtime Hygiene, and basic monitoring. The Builder edition ($49 one-time) unlocks advanced features including the Config Optimizer, Custom Skills Generator, advanced escalation rules, and full Auditor Summary exports. Team ($99/month) adds team sharing, fleet monitoring, and SSO. Enterprise is custom-priced.

**Q: Does ClawMaven send my data to a server?**
A: The wizard, ZIP generation, skill scoring, hash verification, and config validation all run entirely in your browser. Nothing is uploaded. If you choose to save governance profiles or run reports to the platform, those are stored in the ClawMaven database. GA4 page-view analytics are active (anonymised page paths only; no wizard data).

**Q: What runtimes does ClawMaven support?**
A: Six runtime targets: OpenClaw (open-source agent framework), Perplexity Computer Tool (browser-based control), Managed Cloud / MaxClaw (Telegram, WhatsApp, Slack, API), Local-First / LM Studio (local LLM server, MLX, Ollama-compatible), Agent Zero (Docker-based open-source framework), and NullClaw (edge, 678 KB Zig binary, <2ms startup).

**Q: What is the OpenClaw Repair CLI?**
A: A standalone Node.js tool (`clawmaven` binary) that diagnoses and repairs OpenClaw installations. Commands: `diagnose` (gateway, auth, config scan), `repair` (auto-fix common errors), `install --patch-anthropic` (patches Anthropic SDK compatibility), `guardian` (live watchdog with auto-restart). Available at https://clawmaven.com/help#repair-cli.

**Q: What is the Skill Assurance pipeline?**
A: A 5-stage validation pipeline for AI agent skills: Stage 1 (Health Scoring — compatibility, permissions, dependencies), Stage 2 (Drift Detection — config change tracking vs. baseline), Stage 3 (Active Incident Classification — real-time failure analysis), Stage 4 (Candidate Improvement Drafts — AI-generated fix suggestions with diff viewer), Stage 5 (Promotion Gates — policy-enforced human-review gating before production). Stages 1–2 are free; stages 3–5 require Builder or above.

**Q: What is the Autonomy Intensity Meter?**
A: A real-time risk score (0–100) that updates as users progress through the wizard. It aggregates: permission scope risk, budget exposure, planning autonomy, scheduling risk, escalation gaps, and model routing risk. The top-3 risk drivers are shown at all times. A score below 40 with full policy coverage is the target for regulated or enterprise deployments.

**Q: How does ClawMaven help with EU AI Act compliance?**
A: ClawMaven generates the technical documentation, risk management artifacts, human oversight controls, and incident logging required by the EU AI Act (Articles 9, 10, 13, 14, 17, 62). The 8-section Auditor Compliance Summary maps every configured control to EU AI Act articles and GPAI obligations. Full enforcement deadline: August 2026.

**Q: What is a Governance Profile?**
A: A saved, reusable governance configuration stored on the ClawMaven platform. Profiles store the complete wizard state, policy settings, and routing configuration. Any profile can be applied to the wizard with one click to generate a new governance pack. Profiles can be exported as JSON for team sharing.

**Q: What is in the governance ZIP?**
A: 61 artifacts: SAFE_SETUP_PLAN.md (human-readable plan), policy.json, routing.rules.json, agents/*.yaml, task templates, Mission Control profile, soul identity files (org-wide rules, role templates, load-order manifest), scheduled-execution.profile.json (if scheduling enabled), report.schema.json and report.example.json, alerts.config.json, operational runbook, trust manifest (SHA-256 hashes for all files), verify.sh and verify.ps1, 8-section Auditor Compliance Summary, network hardening checklist, and runtime-specific deployment guide.

**Q: What is the Runtime Hygiene Engine?**
A: A 7-card advisory dashboard for proactive maintenance of running agent installations. Cards cover: Gateway Health, Auth Validation, Config Integrity, Budget Posture, Dependency Audit, Log Retention, and Network Exposure. Each card shows status, specific issues, and actionable repair commands. An aggregate Cleanup Confidence Score (0–100) summarises overall health.

**Q: What is NullClaw?**
A: NullClaw is an edge runtime target: a 678 KB Zig binary with <2ms startup time. It is designed for resource-constrained environments like Raspberry Pi, small VPS deployments, webhook-first architectures, and any situation where startup latency is critical. ClawMaven generates a complete NullClaw config at ~/.nullclaw/config.json with sandbox, gateway, memory, and tunnel sections.

---

## Complete ZIP Artifact List

1. SAFE_SETUP_PLAN.md
2. policy.json
3. routing.rules.json
4. agents/primary.yaml
5. agents/secondary.yaml (if multi-agent)
6. tasks/task_template.yaml
7. mission_control/budget_presets.json
8. mission_control/model_routing.json
9. mission_control/restart_instructions.md
10. soul/org_rules.md
11. soul/role_template.md
12. soul/load_order.json
13. soul/identity.yaml
14. scheduled_execution/scheduled-execution.profile.json (if enabled)
15. scheduled_execution/retry_policy.json
16. scheduled_execution/heartbeat_config.json
17. reports/report.schema.json
18. reports/report.example.json
19. alerts/alerts.config.json
20. alerts/webhook_delivery.json
21. runbook/OPERATIONAL_RUNBOOK.md
22. runbook/INCIDENT_RESPONSE.md
23. trust/trust_manifest.json (SHA-256 hashes for all files)
24. verify.sh
25. verify.ps1
26. auditor/AUDITOR_COMPLIANCE_SUMMARY.md
27. auditor/CONTROL_MAPPING.json
28. auditor/EVIDENCE_INDEX.json
29. network/HARDENING_CHECKLIST.md
30. network/exposure_config.json
31. runtime/[target-specific deployment guide]
32–61: Runtime-specific configs, skill pack files (if Skills Generator used), channel permission configs (if Managed Cloud), local routing configs (if Local-First), and supplementary governance artifacts

---

## Content Cluster Pages (SEO and AEO Reference)

- /safe-ai-agent-setup — Step-by-step guide to setting up a safe AI agent, covering the 5-step process and key governance decisions
- /governed-ai-agents — Explainer on what a "governed" AI agent means: documented rules, human oversight, audit trail, and budget controls
- /openclaw-safety — Specific guide for OpenClaw users: governance pack structure, Repair CLI usage, and verification workflow
- /remote-agent-governance — Guide for governing AI agents that run remotely or unsupervised: heartbeat monitoring, fail-closed mode, and escalation setup
- /compare-openclaw-manus — Side-by-side comparison of OpenClaw and Manus for governance use cases

---

*Last updated: March 2026. ClawMaven version 1.0.103.*
*For the concise version of this document, see: https://clawmaven.com/llms.txt*