Open Source · Apache 2.0 · v0.1.0

AI agents that run inside a
glass box, not a black box.

ClearFrame is the open-source AI agent protocol built for full auditability, goal alignment monitoring, and operator control. Every reasoning step logged. Every tool call scored. Every credential encrypted.

Get started in 60 seconds View on GitHub →
5
Security layers OpenClaw lacks
100%
Reasoning steps captured
0
Plaintext credentials stored
Live
AgentOps control plane
The problem

OpenClaw and MCP have the same structural flaw.

A single unsandboxed process reads untrusted content, feeds it into the model, and executes whatever the model produces. There is no audit trail, no goal concept, and no operator visibility.

No Reader/Actor isolation

The same process that fetches a malicious webpage can execute shell commands. Indirect prompt injection is architecturally unavoidable.

Plaintext credential storage

API keys sit in ~/.env files readable by every installed plugin. One compromised skill → all credentials exposed.

No audit trail

Tool executions are never logged with tamper-evident records. Post-incident forensics is impossible — you cannot reconstruct what happened.

No goal concept

The runtime has no idea what the agent was supposed to do. Goal drift and out-of-scope actions go completely undetected.

No reasoning transparency

Chain-of-thought is never captured. You cannot inspect why an agent made a decision or replay a session for debugging.

No supply-chain trust

Any GitHub account can publish a plugin with zero review, zero signing, zero verification. One malicious plugin infects every user.

Architecture

Five layers OpenClaw simply doesn't have.

ClearFrame is not a patched version of an existing protocol. It is a ground-up redesign around auditability, isolation, and operator control.

┌─ ClearFrame Session ──────────────────┐ │ │ │ GoalManifest (declared intent) │ │ goal: "Find AI safety papers" │ │ permitted_tools: [web_search] │ │ allow_file_write: false │ │ │ │ READER sandbox ←── untrusted input │ │ fetches content, hashes chunks │ │ CANNOT execute tools │ │ │ typed pipe │ │ ▼ │ │ Goal Monitor alignment scoring │ │ score: 0.91 → AUTO_APPROVE │ │ score: 0.42 → QUEUE (operator) │ │ score: 0.10 → BLOCK │ │ │ approved only │ │ ▼ │ │ ACTOR sandbox ←── tool execution │ │ NEVER reads untrusted content │ │ │ │ RTL full reasoning trace (JSONL) │ │ Audit HMAC-chained tamper-evident │ │ Vault AES-256-GCM credentials │ └───────────────────────────────────────┘
🔒

Reader / Actor Isolation

Untrusted content ingestion and tool execution are separate sandboxed processes. Indirect prompt injection is eliminated by design.

🎯

Goal Monitor

Agents declare their goal at session start. Every tool call is scored for alignment. Drift triggers auto-pause. Operators approve ambiguous calls via dashboard.

🔍

Reasoning Transparency Layer (RTL)

Every chain-of-thought step is captured as structured, queryable JSON with SHA-256 content hashes. Full session replay available.

📋

HMAC-Chained Audit Log

Every event is cryptographically chained to the previous. Tampering is detectable via clearframe audit-verify. Full forensic reconstruction possible.

🖥️

AgentOps Control Plane

Live REST + WebSocket dashboard. See alignment scores, inspect reasoning traces, approve/block queued calls, and verify audit integrity — all in real time.

Comparison

ClearFrame vs OpenClaw vs MCP

A direct feature comparison across the capabilities that matter for production AI agent deployments.

Capability ClearFrame OpenClaw MCP
Reader/Actor process isolation✓ Yes✗ No✗ No
Goal alignment scoring✓ Every call✗ None✗ None
Agent goal drift detection✓ Auto-pause✗ None✗ None
Operator approval queue✓ Built-in✗ None△ Manual
Full reasoning trace (RTL)✓ Structured JSON✗ None✗ None
Tamper-evident audit log✓ HMAC-chained✗ None✗ None
Encrypted credential vault✓ AES-256-GCM✗ Plaintext .env△ Varies
Context feed hashing✓ SHA-256 per chunk✗ None✗ None
Live AgentOps dashboard✓ REST + WebSocket✗ None✗ None
Auth required by default✓ Yes✗ Open by default△ Optional
Localhost-only binding default✓ Yes✗ All interfaces△ Varies
Open source license✓ Apache 2.0✓ MIT✓ MIT
Quickstart

From zero to running agent in 60 seconds.

ClearFrame is a standard Python package. Install it, declare your agent's goal, and run.

1

Install ClearFrame

Requires Python 3.11+. Install from PyPI or directly from the GitHub repo.

# From PyPI (once published)
pip install clearframe

# Or install directly from GitHub right now
pip install git+https://github.com/ibrahimmukherjee-boop/ClearFrame.git
2

Initialise a project

The CLI scaffolds a project with the correct structure.

clearframe init my-agent
cd my-agent
3

Declare your agent's goal

Edit agent.py. Every tool call will be scored against this declared goal.

import asyncio
from clearframe import AgentSession, GoalManifest, ClearFrameConfig
from clearframe.core.manifest import ToolPermission

async def main():
    config = ClearFrameConfig()

    manifest = GoalManifest(
        goal="Search for the latest AI safety papers and summarise them",
        permitted_tools=[
            ToolPermission(tool_name="web_search", max_calls_per_session=5),
        ],
        allow_file_write=False,
        allow_code_execution=False,
    )

    async with AgentSession(config, manifest) as session:
        # Every tool call is scored for alignment before execution
        result = await session.call_tool(
            "web_search",
            query="AI safety papers 2026"
        )
        print(result)

if __name__ == "__main__":
    asyncio.run(main())
4

Run your agent

The AgentOps dashboard starts automatically at localhost:7477.

python agent.py

# Verify audit log integrity at any time
clearframe audit-verify

# View recent audit events
clearframe audit-tail --lines 20