CLAWPLANE

Security And Release Control Plane For AI Agents

ClawPlane combines ClawPolicy, ClawScan, and ClawGate into one product surface: the same policy, the same evidence, and the same gate result across Agent release workflows.

Request AlphaOpen OpenClaw Watchboard
Control plane1
Core surfaces3
Public watchboardOpenClaw
Gate responsePR / CI / Deploy

PRODUCT SURFACES

One product, three layers

ClawPlane is not another loose collection of scanner scripts. It is a product layer for policy, scanning, gating, and trust proof.

CLAWPOLICY

Policy Control

Centralize rulepacks, thresholds, exceptions, and policy versions so each repo does not reinvent its own security logic.

  • Policy profiles
  • Versioned rulepacks
  • Allowlist and exceptions

CLAWSCAN

Evidence Scan

Scan repos, skills, MCP servers, and exposed endpoints with evidence-rich output and scanner/rulepack lineage.

  • JSON and HTML reports
  • Baseline and diff
  • Finding lineage

CLAWGATE

Release Gate

Apply blocking decisions to PR, CI, and deploy workflows before risky Agent changes ship.

  • Fail-on thresholds
  • PR and deploy hooks
  • Audit-ready decisions

WORKFLOW

One closed loop from intake to release

Your engineering flow connects once. Scanning, diffing, blocking, and public proof then run through the same model.

01

Connect targets

Connect GitHub repos, artifacts, skills, or public endpoints into one scan job pipeline.

02

Apply policy

Run scans against versioned rulepacks and policy profiles with traceable lineage on every job.

03

Gate release

Use ClawGate to block only new or high-risk findings before merge or deploy.

04

Publish evidence

Sync reports, watchboards, and audit exports into one public or internal view.

WHY THIS PRODUCT

Do not just scan once. Control release continuously.

A standalone scanner only tells you that something is wrong. ClawPlane answers who blocks, when to block, how to verify again, and how to present evidence externally.

Versioned policyDiff-first gatingWatchboard syncAudit evidence

PUBLIC PROOF

OpenClaw watchboard as the external proof layer

ClawScan results are no longer isolated reports. They become searchable, filterable, shareable security surfaces.

Open the openclaw.aipwn.org view →

ARCHITECTURE

The product is structured as a control plane

ClawPlane does not replace your engineering systems. It sits between submission, scan, gate, and proof.

Ingress
  • GitHub App / Action
  • CLI / API submit
  • Endpoint scan triggers
Control Plane
  • Policy profiles
  • Job orchestration
  • Report index
Execution
  • ClawScan workers
  • Baseline / diff
  • Lineage capture
Outputs
  • ClawGate decision
  • HTML/JSON report
  • OpenClaw watchboard

USE CASES

Start with these teams

Release control

Platform teams

Standardize the Agent release path once instead of rebuilding security flow in every business line.

Evidence first

Security teams

Track which repos, endpoints, and skill packs keep generating high-risk findings and prioritize newly introduced risk.

Fast adoption

AI product teams

Insert scanning, gating, and trust proof into an existing engineering workflow without adding a heavyweight platform.

API + CONTROL PLANE

Keep integration simple. Keep internal state strict.

Public entrypoints stay small: submit a job and evaluate a gate. Internally, lineage, reports, and aggregates remain available to the control plane and watchboard.

Submit scan job

curl -X POST https://clawplane.aipwn.org/v1/scan-jobs \
  -H 'Content-Type: application/json' \
  -d '{
    "source_type": "repo",
    "source_ref": "https://github.com/org/repo",
    "policy_profile": "default",
    "fail_on": "high"
  }'

Evaluate gate

curl -X POST https://clawplane.aipwn.org/v1/gates/evaluate \
  -H 'Content-Type: application/json' \
  -d '{
    "job_id": "job_01JY...",
    "fail_on": "high"
  }'

Gate response

{
  "job_id": "job_01JY...",
  "decision": "blocked",
  "severity": "high",
  "counts": {
    "high": 3,
    "medium": 7,
    "low": 2
  },
  "lineage": {
    "scanner_version": "0.2.0-alpha",
    "policy_version": "default@2026.03",
    "rulepack_version": "builtin@2026.03"
  }
}

PRICING DIRECTION

Charge for the product layer, not per scan

Early pricing should validate control-plane value: gating, policy, public proof, and team collaboration.

Starter

Free

For a single repo or public research workflow that needs an initial scan loop.

  • Manual scan jobs
  • Basic JSON report
  • Public watchboard listing

Pro

Waitlist

For product teams already wiring Agents into PR and CI workflows.

  • ClawGate in PR / CI
  • Baseline and diff
  • Policy profiles

Team

Design Partner

For platform and security teams rolling out one control plane together.

  • Multi-project control plane
  • Audit export
  • Custom onboarding

FAQ

These are the first questions most teams ask

What is the difference between ClawPlane and ClawScan?

ClawScan is the scan engine. ClawPlane is the product layer that unifies policy, scan, gate, watchboard, and lineage.

Does it only scan OpenClaw?

No. OpenClaw is the first public watchboard surface. The same model applies to repos, skills, MCP servers, and exposed endpoints.

Why build a public watchboard?

Because public result pages create external trust proof and let teams monitor risk changes over time instead of burying a single report.

What ships first in alpha?

The first alpha includes scan jobs, gate evaluate, baseline/diff, the OpenClaw watchboard, and GitHub Action level integration.

EARLY ACCESS

Request ClawPlane Alpha

Best for teams already shipping Agents, scanning repos, checking MCP/skill supply chains, or publishing security status externally.