{"id":51462596,"url":"https://github.com/codenlighten/openai-claw","last_synced_at":"2026-07-06T07:01:19.867Z","repository":{"id":357643454,"uuid":"1237907172","full_name":"codenlighten/openai-claw","owner":"codenlighten","description":null,"archived":false,"fork":false,"pushed_at":"2026-05-24T23:23:16.000Z","size":1191,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-25T00:15:29.797Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codenlighten.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-13T16:12:22.000Z","updated_at":"2026-05-24T23:23:19.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/codenlighten/openai-claw","commit_stats":null,"previous_names":["codenlighten/openai-claw"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/codenlighten/openai-claw","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codenlighten%2Fopenai-claw","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codenlighten%2Fopenai-claw/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codenlighten%2Fopenai-claw/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codenlighten%2Fopenai-claw/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codenlighten","download_url":"https://codeload.github.com/codenlighten/openai-claw/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codenlighten%2Fopenai-claw/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35180933,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-06T02:00:07.184Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-07-06T07:01:16.433Z","updated_at":"2026-07-06T07:01:19.858Z","avatar_url":"https://github.com/codenlighten.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# openai-claw\n\n\u003e **An auditable AI agent CLI.** Every tool action is recorded, signed with a post-quantum (NIST FIPS-204 ML-DSA-65) key, hashed into a deterministic Merkle tree, and optionally Bitcoin-timestamped via OpenTimestamps — independently verifiable by anyone with a small standalone audit-side package (~11 kB) and standards-compliant tooling (`ots verify`). No trust required in the runtime agent, the model provider, or the operator.\n\nA Claude-Code-style TypeScript CLI agent powered by OpenAI's `gpt-5-nano` (or any chat-completions-compatible model) — but the audit story is the actual product.\n\n```\n$ claw audit verify session.attest.json --proofs ./proofs\nClaw audit verification\n\n  Cryptography\n    ✓ format                ✓ leafContinuity       ✓ merkleRoot\n    ✓ ML-DSA-65 signature   ✓ sessionAlignment     ✓ anchorDigest\n\n  Identity\n    publicKeyId:   TSR2Wtuvy-3Ls1Ov\n    suiteId:       ml-dsa-65\n    leafCount:     6\n    merkleRoot:    545fde095bf6ee9a682a602f69212d1feaf5169cc0cff9aa200e78511c3dbbdf\n\n  OpenTimestamps proofs\n    ✓ sample-session.alice.ots   v1 sha256, 237 bytes, pending\n    ✓ sample-session.bob.ots     v1 sha256, 235 bytes, pending\n    ✓ sample-session.finney.ots  v1 sha256, 256 bytes, pending\n\n  Result\n    ✓ Claw-side audit trail is valid\n    ✓ OpenTimestamps proofs are well-formed\n```\n\n---\n\n## Audit quickstart\n\nThe audit story is reproducible in five commands. The full reproducible demo (with committed fixtures) lives in [`examples/audit-demo`](./examples/audit-demo/). The protocol and threat model are described in the whitepaper, [No Trust in the Agent](./WHITEPAPER.md).\n\n```bash\nnpm install -g @smartledger.technology/openai-claw\nclaw attest init                                     # one-time: generate a PQ keypair\nclaw -p \"write a hello world script\"                 # session is signed automatically\nclaw attest anchor \u003csession-id\u003e                      # submit digest to OpenTimestamps\nclaw attest export-ots \u003csession-id\u003e --out ./proofs   # standards-compliant .ots files\nclaw audit verify \u003csession-id\u003e --proofs ./proofs     # one beautiful command\n```\n\nFor independent verification with no claw runtime:\n\n```bash\nnpm install @smartledger.technology/openai-claw-verify   # ~11 kB\n# then call verifyAttestation() against any sidecar\nots verify proofs/*.ots                              # standard Python OTS tool\n```\n\n---\n\n## What is proven\n\n1. **The session existed at or before a Bitcoin block time.** The sha256 of the signed attestation header is submitted to three independent OpenTimestamps calendars and becomes Bitcoin-anchored within ~3 hours.\n2. **The leaves match the deterministic Merkle root.** Recomputing the root from the leaves matches the value the signature was made over.\n3. **The Merkle root was signed by the local ML-DSA-65 identity.** Post-quantum (NIST FIPS-204) signature verifies under the public key embedded in the sidecar.\n4. **The `.ots` files are independently parseable** by the standard OpenTimestamps tool — claw is not in the verification path.\n5. **The audit-side package verifies without trusting the runtime agent.** `@smartledger.technology/openai-claw-verify` has zero dependency on claw, OpenAI, or the model.\n6. **Which remote MCP server supplied each tool call.** When the agent uses an `mcp__\u003cserver\u003e__\u003ctool\u003e` capability, the server attachment, the tool advertisement, and per-call provenance (`mcp_attach`, `mcp_tool_offered`, `mcpProvenance`) are signed into the same Merkle tree — a verifier can prove not just that a tool ran, but where the tool came from.\n\n## What is not proven\n\nThis honesty is what makes the project defensible:\n\n1. **The AI's answer was correct.** Verification proves the agent acted as the sidecar says. It does not prove the text was true.\n2. **The user intended every action the AI took.** Verification proves what happened, not what was wanted.\n3. **The terminal environment was clean.** If the local machine was compromised at the time of the session, the attestor could have been fed false data — the signature would still verify.\n4. **The model was honest internally.** Verification covers the I/O boundary. It says nothing about model alignment, hallucination, or intent.\n5. **Bitcoin block confirmation, immediately.** Initial OTS proofs are pending — they become Bitcoin-confirmed after the calendars' daily merge (~3 hours). Run `ots upgrade` after that to fetch the upgraded proof, then `ots verify`.\n\n---\n\n## Comparison\n\n| Capability                 | Claude Code | OpenAI Codex-style tools | Aider | openai-claw |\n| -------------------------- | :---------: | :----------------------: | :---: | :---------: |\n| Agent CLI                  |     yes     |           yes            |  yes  |     yes     |\n| Tool use                   |     yes     |           yes            |  yes  |     yes     |\n| Persistent session log     |     yes     |        partial           |  yes  |     yes     |\n| **Signed session log**     |     no      |            no            |  no   |     yes     |\n| **Deterministic Merkle root** |  no      |            no            |  no   |     yes     |\n| **Post-quantum signature** |     no      |            no            |  no   |     yes     |\n| **OpenTimestamps export**  |     no      |            no            |  no   |     yes     |\n| **Bitcoin-verifiable**     |     no      |            no            |  no   |     yes     |\n\n\u003e To our knowledge, this is the first npm-published AI agent CLI with signed Merkle session attestations and standards-compliant OpenTimestamps export. Please open an issue if you have a counter-example — we'd genuinely like to hear about it.\n\n---\n\n## Audit architecture\n\n```\n            user prompts   tool calls   tool results   assistant text\n                  \\           |              |               /\n                   +---------- leaves ------+-+-------------+\n                                  |\n                                  v\n                          deterministic Merkle root\n                                  |\n                                  v\n                  ML-DSA-65 (NIST FIPS-204, post-quantum)\n                                  |\n                                  v\n                       sha256(canonical-JSON(header))\n                                  |\n                  +---------------+--------------+\n                  v               v              v\n              alice.btc        bob.btc       finney\n              calendar         calendar     calendar\n                  \\               |              /\n                   +--- daily merge into Bitcoin ----+\n                                  |\n                                  v\n                            Bitcoin block\n                          (~3 hours later)\n```\n\nThe runtime agent (claw) and the audit-side verifier (`@smartledger.technology/openai-claw-verify`) are deliberately separate packages so an auditor never installs the thing they're auditing.\n\n| Surface | Package | Size | Job |\n|---|---|---|---|\n| Runtime agent | [`@smartledger.technology/openai-claw`](https://www.npmjs.com/package/@smartledger.technology/openai-claw) | ~111 kB | Run the agent, produce signed sidecars |\n| Audit-side verifier | [`@smartledger.technology/openai-claw-verify`](https://www.npmjs.com/package/@smartledger.technology/openai-claw-verify) | ~11 kB | Recompute Merkle, verify signature, check anchor digest |\n| Crypto primitives | [`@smartledger/crypto`](https://www.npmjs.com/package/@smartledger/crypto) | ~484 kB | ML-DSA-44/65/87, dual-stack ECDSA |\n| OTS chain proof | `opentimestamps-client` (Python) | external | Pull the Bitcoin block attestation, prove inclusion |\n\n---\n\n## Attestation commands\n\n```\nclaw attest init                          generate a fresh ML-DSA-65 keypair\nclaw attest status                        suite, key id, file path\nclaw attest pubkey                        print the base64 public key\nclaw attest anchor \u003cid\u003e [--all]           submit header digest to OTS calendars\nclaw attest export-ots \u003cid\u003e [--out=DIR]   write standards-compliant .ots files\nclaw verify \u003cid\u003e [--strict]               verify a single session by id\nclaw audit verify \u003csidecar|id\u003e [--proofs=DIR]\n                                          unified report: crypto + anchor + .ots\n\nclaw identity show                        fingerprint, suite, file path\nclaw identity fingerprint                 just the fingerprint\nclaw identity export-public               base64 public key\n```\n\nThe private key lives in `~/.openai-claw/keys/attestor.json` at mode `0600`. Treat it like `~/.ssh/id_ed25519` — it is your signing identity and is not recoverable from the public key. Back it up off-machine.\n\nResumed sessions (`--continue`) currently skip attestation and preserve any existing sidecar; see the roadmap below.\n\n---\n\n## Agent capabilities\n\nAlongside the audit story, claw is a full coding agent — competitive surface with Claude Code, Codex-style CLIs, and Aider:\n\n- **Interactive UI** — ink-based TUI by default; pass `--no-tui` for the readline REPL fallback. Streaming output, `Ctrl-C` to abort a turn.\n- **Core tools** — `Read`, `Write`, `Edit`, `Bash`, `Grep` (ripgrep), `Glob`, `LS`, `WebFetch`, `WebSearch`, `Task`, `TodoWrite`, plus background-shell `BashOutput` / `KillShell`\n- **Permission system** — `ask` / `acceptEdits` / `bypassPermissions` / `plan` modes; allowlist + denylist via `settings.json`. \"Always\" / \"save\" answers scope to the described key (e.g. `Bash(npm:*)`) rather than the bare tool name.\n- **Subagents** — `Task` tool spawns an isolated agent. Built-in `general-purpose` / `explore` plus a frontmatter-driven registry. Optional `isolation: \"worktree\"` runs the subagent in a temp git worktree and returns a sanitized diff (sensitive paths like `.env`, `*.pem`, `id_rsa` are redacted).\n- **Plan mode** — read-only investigation, no mutations until approved\n- **Hooks** — `PreToolUse` / `PostToolUse` / `UserPromptSubmit` / `Stop` / `SessionStart` / `SessionEnd` / `PreCompact` / `SubagentStop` / `Notification` shell hooks (exit 2 = block)\n- **Project trust gate** — the first time you open a repo whose `.claw/settings.json` defines hooks or MCP servers, claw prompts before honoring them and remembers your answer.\n- **Skills** — Markdown skill files with frontmatter, invoked as `/skill-name`\n- **Persistent memory** — `MEMORY.md` index + per-entry frontmatter files\n- **Sessions** — every run is saved under `~/.openai-claw/projects/\u003cslug\u003e/sessions/`; `--continue`, `/sessions`, `/fork` restore or branch them\n- **Context compaction** — older turns are summarized as the conversation approaches the model's context window\n- **Semantic index (RAG)** — `/index` embeds the working tree with `text-embedding-3-small`; the agent can query via the `Semantic` tool\n- **Cost tracking** — per-turn cost is logged to `cost.log` and surfaced via `/cost` and the optional dashboard\n- **MCP** — stdio and streamable-HTTP MCP clients; remote tools wrapped as `mcp__\u003cserver\u003e__\u003ctool\u003e`\n- **Plugins** — `claw install \u003cgit-url\u003e` / `claw uninstall \u003cname\u003e` / `claw plugins [list|search]`\n- **Auto-PR** — `claw pr \"\u003ctask\u003e\"` runs the agent in a worktree and opens a PR\n- **Dashboard** — `claw dashboard` serves a local web UI for cost, sessions, evals\n- **Notifications** — desktop notifications for long-running tools and session completion\n- **Self-review** — `/review` asks the agent to critique the current branch's diff\n- **Evals** — `npm run eval` runs scenario-based regression tests against the agent\n- **Shell escape** — prefix any input with `!` to run it directly in the shell\n- **One-shot mode** — `claw -p \"your prompt\"` runs once and prints the answer\n\n---\n\n## Install\n\n```bash\nnpm install -g @smartledger.technology/openai-claw\n```\n\nYou'll also want `ripgrep` for the `Grep` tool:\n\n```bash\nsudo apt install ripgrep      # Debian/Ubuntu\nbrew install ripgrep          # macOS\n```\n\nFor audit verification with the standard OTS tool:\n\n```bash\npipx install opentimestamps-client\n# or:\npython3 -m venv /tmp/ots-venv \u0026\u0026 /tmp/ots-venv/bin/pip install opentimestamps-client\n```\n\n## Configure\n\nThe only required setting is your OpenAI API key:\n\n```bash\nexport OPENAI_API_KEY=sk-...\n```\n\nOptional environment overrides:\n\n| Variable | Purpose |\n| -------- | ------- |\n| `OPENAI_CLAW_MODEL` | Model to use (default `gpt-5-nano`) |\n| `OPENAI_BASE_URL` | Alternative API base (Azure, vLLM, OpenRouter, …) |\n| `OPENAI_CLAW_SEARCH_PROVIDER` | `duckduckgo` (default) or `tavily` |\n| `TAVILY_API_KEY` | API key for Tavily web search |\n\nPersistent settings live in `~/.openai-claw/settings.json` and (per project) `\u003cworkdir\u003e/.claw/settings.json`. Project settings win.\n\n## Use\n\nStart the TUI in any project directory:\n\n```bash\ncd ~/some-project\nclaw\n```\n\nOne-shot:\n\n```bash\nclaw -p \"summarize what this repo does in one paragraph\"\n```\n\nA typical interactive turn looks like:\n\n```\n\u003e fix the typo in src/server.ts around line 42\n\n▸ Read src/server.ts\n▸ Edit src/server.ts\n  @@ -42,1 +42,1 @@\n  -    cosole.log(\"starting server\");\n  +    console.log(\"starting server\");\n\nFixed: `cosole` → `console` on line 42.\n\n● openai-claw model=gpt-5-nano tokens=4127 $0.0003\n```\n\nParallel tool calls (e.g. reading ten files at once), background bash shells, slash commands (`/sessions`, `/fork`, `/index`, `/review`, …), and persistent sessions all work as you'd expect.\n\nIf `claw attest init` has been run, every session — one-shot, REPL, or TUI — writes a signed sidecar automatically.\n\n---\n\n## Project layout\n\n```\nsrc/\n├── index.ts              CLI entry (run, install, pr, dashboard, attest, verify, audit, identity)\n├── agent.ts              tool-calling loop + streaming\n├── client.ts             OpenAI SDK wrapper (retry, error classification)\n├── config.ts             config loading + settings.json merging + file lock\n├── trust.ts              per-project trust prompt for hooks/MCP\n├── session.ts            save/load/list/fork sessions\n├── cost.ts               model pricing + cost.log writer/reader\n├── subagent.ts           Task tool runner + worktree isolation + diff redaction\n├── attest/               attestation surface\n│   ├── identity.ts       ML-DSA-65 keypair, on-disk mode 0600\n│   ├── attestor.ts       live event collection + signing\n│   ├── anchor.ts         OpenTimestamps calendar HTTP client\n│   ├── ots-file.ts       spec-compliant .ots serialization\n│   ├── runtime.ts        SessionAttestor — UI-agnostic wrapper\n│   └── index.ts          facade re-exporting from openai-claw-verify\n├── tools/                Read, Write, Edit, Bash (fg+bg), Grep, Glob, LS,\n│                         WebFetch, WebSearch, Task, TodoWrite, Semantic\n├── permissions/          ask/allow/deny + interactive prompt\n├── memory/               listMemories/writeMemory + compaction.ts\n├── hooks/                shell hooks driven by settings.json\n├── skills/               SKILL.md loader\n├── commands/             /slash commands\n├── mcp/                  stdio + streamable-HTTP MCP clients\n├── rag/                  embeddings-based semantic index\n├── plugins/              plugin installer + registry\n├── autopr/               `claw pr` orchestrator\n├── self-review/          `/review` skill\n├── notifications/        desktop notifications\n├── eval/                 evals harness\n├── web/                  `claw dashboard` HTTP server\n└── ui/                   tui/ (ink) + repl.ts (readline)\n\npackages/openai-claw-verify/   audit-side verifier (separately published)\n├── src/leaf.ts                canonical JSON, sha256\n├── src/merkle.ts              deterministic binary Merkle tree\n├── src/verify.ts              signature + Merkle + anchor checks\n└── src/types.ts               Attestation, AnchorProof, VerifyReport\n```\n\n---\n\n## Roadmap\n\n| Version | Theme | Highlights |\n|---|---|---|\n| 0.5.0 | Auditor Experience | `claw audit verify`, `claw identity`, reproducible demo fixtures |\n| **0.6.0** | MCP Attestation | per-MCP-tool provenance (`mcp_attach`, `mcp_tool_offered`, `mcpProvenance`) signed into the Merkle tree; strict-mode tool schemas + dispatch-layer arg validation |\n| 0.7.0 | Automation | auto-anchor batching, anchor-on-save, retry queue, configurable calendars |\n| 0.8.0 | SmartLedger Interop | GDAF envelope wrapping, ChainSimple alternate anchor, Legal Token Protocol metadata, optional BSV publication |\n\n---\n\n## Differences from Claude Code\n\n- Powered by OpenAI's API, not Anthropic's — so no anthropic-prompt-caching, no extended thinking. Prompt caching is approximated via cache-friendly system prompts and tracked in cost accounting.\n- Web search defaults to scraping DuckDuckGo HTML (rate-limited and fragile); set `OPENAI_CLAW_SEARCH_PROVIDER=tavily` for production use.\n- Permission model is simplified — allowlist patterns support `Tool` or `Bash(prefix:*)`, but not full glob semantics.\n- **Auditability is the differentiator.** Claude Code logs to disk; openai-claw signs, Merkle-hashes, and Bitcoin-anchors.\n\n---\n\n## Author\n\n**Gregory J. Ward**, CTO, [SmartLedger.Technology](https://smartledger.technology)\n\n## License\n\nMIT — see [LICENSE](./LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodenlighten%2Fopenai-claw","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodenlighten%2Fopenai-claw","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodenlighten%2Fopenai-claw/lists"}