Clavion

Secure Runtime for Autonomous Agents

Keys never leave the trusted core. Policy enforced. Human-approved execution.
Clavion is the security runtime that protects blockchain automation.

🧪 Developer Alpha — Open Source
NEW Clavion Documentation is live
Get Started Install in one line Discord Coming soon Docs Learn the ropes GitHub View the source

What You Can Verify

Clavion is designed to be inspected, tested, and reproduced.
Every claim about security and execution can be verified directly.

📂
Open source runtime

The full core runtime is available on GitHub, including signing logic and adapters.

🔐
Local key isolation

Private keys never leave the trusted core process.

📋
Typed transaction intents

Agents express structured intents instead of raw transactions.

🛡
Policy enforcement layer

Every action is evaluated against explicit security policies.

🔬
Preflight simulation

Transactions are simulated before signing and broadcasting.

👤
Human approval flow

Critical actions require explicit confirmation via CLI, web dashboard, or Telegram.

📂
Open source runtime

The full core runtime is available on GitHub, including signing logic and adapters.

🔐
Local key isolation

Private keys never leave the trusted core process.

📋
Typed transaction intents

Agents express structured intents instead of raw transactions.

🛡
Policy enforcement layer

Every action is evaluated against explicit security policies.

🔬
Preflight simulation

Transactions are simulated before signing and broadcasting.

👤
Human approval flow

Critical actions require explicit confirmation via CLI, web dashboard, or Telegram.

📊
Audit timeline

Every execution step is recorded and traceable.

📦
Sandboxed skill execution

Untrusted code runs in a constrained environment.

Reproducible demo scripts

End-to-end demos can be executed locally.

🧪
639 automated tests

Isolation, policy, and security guarantees validated by comprehensive test suite.

🔌
MCP, ElizaOS, Telegram adapters

Ready-made integrations for Claude Desktop, ElizaOS agents, and Telegram bots.

🐙
OpenClaw compatibility

Clavion integrates with OpenClaw agents out of the box.

📊
Audit timeline

Every execution step is recorded and traceable.

📦
Sandboxed skill execution

Untrusted code runs in a constrained environment.

Reproducible demo scripts

End-to-end demos can be executed locally.

🧪
639 automated tests

Isolation, policy, and security guarantees validated by comprehensive test suite.

🔌
MCP, ElizaOS, Telegram adapters

Ready-made integrations for Claude Desktop, ElizaOS agents, and Telegram bots.

🐙
OpenClaw compatibility

Clavion integrates with OpenClaw agents out of the box.

Security infrastructure should be auditable by design.
Inspect the system and verify the guarantees yourself.

Quick Start

bash — clavion
# Install Clavion — one line, done
$ curl -fsSL https://clavion.xyz/install.sh | bash
# Or with Docker
$ docker compose up -d clavion

Works on macOS, Windows & Linux. The one-liner installs everything for you.

The Problem

AI agents are starting to control real money.

Autonomous agents can now trade tokens, bridge assets, and manage DeFi positions. But they hold raw private keys with zero security boundaries.

A single bug, hallucination, or malicious plugin can drain a wallet instantly. No approval. No audit trail. No way back.

  • Agent has direct wallet access — full signing privileges
  • No transaction review before broadcast
  • No policy enforcement or spend limits
  • No human oversight for high-risk operations
  • No audit trail or forensic visibility
⚠ Typical Agent Setup (Unsafe)
🤖 AI Agent
↓ direct access to keys
🔑 Private Key (exposed)
↓ unreviewed tx
⛓ Blockchain
One bad call → funds gone forever

Three Trust Domains

Clavion separates agent logic from key material. Agents express typed intents — Clavion handles the rest.

Untrusted Zone

🤖 Agent Logic

Your agent framework — OpenClaw, MCP (Claude Desktop), ElizaOS, Telegram bots, or any HTTP client. Submits typed transaction intents. Never sees keys.

Trusted Core

🛡 Clavion Runtime

Policy enforcement. Preflight simulation. Risk scoring. Human approval workflows. Encrypted keystore. Full audit trail.

External

⛓ Blockchain

Only verified, approved, and signed transactions reach the chain. Simulation-checked before broadcast.

Five Steps to Safe Execution

1
Intent
Agent defines what it wants to do as a typed intent
2
Policy
Rules engine checks spend limits, allowed targets, time windows
3
Preflight
Transaction simulated, risk scored, outcome predicted
4
Approval
Human confirms or rejects via CLI, web dashboard, or Telegram
5
Sign & Send
Clavion signs with local encrypted key and broadcasts
# Build a transfer intent — agent never touches the key
curl http://localhost:3100/v1/tx/build \
  -H "Content-Type: application/json" \
  -d '{ "version": "1", "id": "a1b2c3d4-...", "timestamp": 1700000000, "chain": { "type": "evm", "chainId": 8453 }, "wallet": { "address": "0xYOUR_WALLET" }, "action": { "type": "transfer", "asset": { "kind": "erc20", "address": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", "symbol": "USDC", "decimals": 6 }, "to": "0xRECIPIENT", "amount": "1000000" }, "constraints": { "maxGasWei": "1000000000000000", "deadline": 1700000600 } }'

# Response: buildPlan, policyDecision, description
# → if policy says require_approval, user is prompted

What It Does

🔐
Encrypted Keystore
Keys encrypted at rest (scrypt + AES-256-GCM) and never exposed to agent processes. Import via private key or BIP-39 mnemonic.
📋
Policy Engine
Configurable rules: spend limits, allowed contracts, chain allowlists, rate limiting, per-agent permissions.
🔬
Preflight Simulation
Every transaction simulated before signing. Risk scored across 7 rules. Outcome predicted. No surprises.
👤
Human Approval
Approval flows via CLI, web dashboard, or Telegram bot. Auto-approve low-risk, sign-off for high-risk.
📊
Audit Trail
Every intent, policy decision, simulation, approval, and broadcast logged with timestamps in append-only SQLite.
🔌
Agent Agnostic
Adapters for OpenClaw, MCP (Claude Desktop/Cursor), ElizaOS, and Telegram. REST API for any framework.
Multi-Chain
Supports Ethereum, Base, Optimism, and Arbitrum. Per-chain RPC routing and policy configuration.
🔄
DEX Aggregation
Swaps via 1inch aggregator for best rates across DEXs, with automatic Uniswap V3 fallback.
📦
Skill Registry
Register, verify, and manage skill manifests with ECDSA signing, file hashing, and static code analysis.

Works With Everything

🐙 OpenClaw 🔧 MCP / Claude Desktop 🧠 ElizaOS 💬 Telegram Bot 🔗 Custom REST API
◆ Ethereum 🔵 Base 🔴 Optimism 🔷 Arbitrum 🦄 Uniswap V3 🔀 1inch Aggregator

See It in Action

Community

💬 Discord Coming soon 📖 Documentation Learn the ropes GitHub View the source 𝕏 Twitter Follow updates