You gave it the keys.
Claw gives you the kill switch.

Watch them check in.

Every action, gated the instant it happens. Green clears the leash. Amber waits for you. Red never lands.

Four moves. The whole system.

Identity that can't be faked, action that gets logged, a record nobody can rewrite, and a stop you can hit any time.

The Claw goes everywhere the agent goes.

A Claw isn't an ID badge that stays at the door. It's a passport — your agent carries it to every service it visits. Anyone can verify it (signature, scope, status, owner) in one round trip. The leash travels with it. The kill switch travels with it. Every verified service it touches adds a stamp to its record. Agent KYC: cryptographic, instant, permissionless.

• Verifiable everywhere — services check the cryptographic signature, no permission from us needed.
• Revocable in real time — you flip the switch in your dashboard, every service it visits sees it.
• The leash rides along — services know what's allowed before they serve a single byte.
• Stamps build the record — a portable, verifiable history follows the agent across the web. Tracked when it earns trust. Tracked when it doesn't.

What we built. What it solves. How it's secured.

The agent economy is being built on a layer that doesn't exist yet: identity, accountability, and a kill switch. People are letting AI agents loose with their credentials, their inboxes, their wallets, their shell access — usually because the agent said "sure!" once during testing. No record of what it did. No way to stop it mid-action. No recourse when something goes wrong.

Claw is that missing layer. Cryptographic identity for every agent. A programmable leash the owner sets. A kill switch that propagates in real time. A tamper-proof receipt for every action — at every service the agent ever touches.

If you can't revoke it, you don't own it — it owns you. Claw is what owning an agent actually feels like.

How the technology works

• Cryptographic identity. When an agent registers, it generates its own Ed25519 keypair locally. The private key never leaves the agent. We sign a token (the "Claw") that binds the agent's public key, the owner's identity, and the leash. The token is unforgeable without our signing key.
• Proof of possession. On every action, the agent has to sign a fresh server-issued challenge with its private key. A stolen Claw alone is useless — the attacker doesn't have the matching key.
• Permissionless verification. Any service on the open web can fetch our JSON Web Key Set and verify a Claw's signature offline. For live revocation status they hit /v1/verify. No registration. No API key. No fees. Forever.
• Tamper-proof receipts. Every check-in is appended to a hash-chained log. Each entry includes a hash of the previous entry. Alter or delete one record and every subsequent hash is wrong — including ours. We can't rewrite history. Neither can anyone else.
• Real-time kill switch. When you revoke a token, it's dead. Every verifier sees it dead, immediately. No grace period. No window for one last bad action.

How it's secured

• The signing key lives in cloud HSM/KMS in production. Hardware-bound, never enters application memory. If our entire codebase leaked tomorrow, no one could forge a Claw.
• Zero-trust internal posture. Service-to-service mTLS, no implicit trust between components, least-privilege IAM everywhere — we don't trust our own services until they prove who they are.
• Dashboard auth is passkey-only. No passwords. No magic links. No email-based auth, ever — because agents have email, and any auth method an agent could intercept is fundamentally compromised. Hardware-bound biometric (Touch ID, Face ID, YubiKey) is the only way in.
• Audit log is hash-chained AND anchored. Internal tampering breaks the chain. We anchor Merkle roots of the log to an external public ledger so even we can't rewrite the record.
• API keys never enter the browser. The dashboard uses opaque server-issued session cookies (httpOnly + Secure + SameSite=Strict). The browser holds nothing of value; everything sensitive lives server-side.
• Verification is free, forever. The directory pays nothing, the SDK is open source. We monetize who gets found and used, never what flowed through. The audit log is the customer's, not our ad inventory.

Free forever. Three lines of code.
A Claw'd agent is a customer worth having.

Verify any agent hitting your API in three lines. You learn who owns it, what its leash allows, and a tamper-evident record exists of every interaction — on your side too. Free to verify. Free to list. Forever. No paid tier to "be found." We monetize the operator side, never the verifier. The network effect requires zero friction on yours.

// example vendors shown · apply to be a Verified Vendor →

Vendors verify free, forever.
Operators meter by the check-in.

Infrastructure pricing, not SaaS pricing. We meter by the unit of work — every check-in your agent makes. No seat tax. No per-agent fee. Vendors pay nothing to verify, ever — that's the architecture, not a launch promo.

// comparable infrastructure: Twilio Verify is $0.05 / verification (SMS OTP only) · Persona KYC is $1.50+ / verification (humans, docs) · ClawID at $0.005 / check-in is 10× cheaper, for cryptographic agent identity with leash and live revocation

Live in production. Three lines to verify.

The hub runs at api.holdtheleash.id with the root signing key in Cloud KMS — zero-trust, production posture. SDKs are open source under Apache 2.0. Vendors verify in three lines, free forever. Operators mint and manage from the dashboard.

# install the SDK
$ pip install clawid

# three lines — done
import clawid

result = clawid.verify(token)
if result.valid:
    serve(result.agent_id, result.tenant_id)
else:
    deny(result.status, result.reason)

# 1. sign in to the dashboard with a passkey
$ open https://app.holdtheleash.id

# 2. set the leash:
#    spend cap, allowed surfaces,
#    active hours, escalation,
#    auto-revoke trip-wire

# 3. mint — token shown ONCE
#    private key generated locally,
#    hub never sees it