FIND-20260323-024 — Clawdstrike — Runtime Security Enforcement Engine for AI Agent Fleets

Clawdstrike is a fail-closed policy engine and cryptographic attestation runtime built to secure autonomous AI agent systems. It intercepts agent tool execution at the boundary layer and enforces security policies via a 13-layer Guard Stack (filesystem access control, network egress filtering, secret detection, shell restrictions, MCP tool controls, jailbreak detection, prompt injection blocking). Every enforcement decision is signed with Ed25519 into an immutable receipt — unsigned actions are blocked. A Swarm C2 plane manages policy coordination across agent fleets over NATS JetStream. A Swarm Trace module enables post-incident forensics via signed audit trails integrated with Tetragon, auditd, and Hubble. The project is in active beta (873 commits, last push March 2026, MSRV Rust 1.93) with SDKs for TypeScript, Python, and Go. It has a Tauri-based desktop runtime and native MCP protocol support. Apache 2.0 license. 259 stars, 26 forks, created January 2026.

Direct relevance to ODS AI agent security posture. The ADLC pipeline spawns autonomous subagents (dev, ba, architect, security, devops, pr, deploy) that execute shell commands, write files, call external APIs, and push to git. Clawdstrike's Guard Stack could enforce least-privilege policies on these agents — blocking unauthorized filesystem paths, redacting secrets from prompts, filtering network egress to unexpected hosts. The MCP tool controls are directly applicable to Claude Code agents using MCP servers. The Swarm Trace audit trail would satisfy compliance requirements for autonomous agent actions. The Tauri-based runtime aligns with ODS DocSign desktop architecture. Short-term: evaluate as a security wrapper for ADLC subagents. Medium-term: consider integrating SDR posture exports into the ODS observability stack (Redpanda topic → ClickHouse → Metabase).

Clawdstrike — Runtime Security Enforcement Engine for AI Agent Fleets

Source

ODS Impact

Security Review

Tags