MirrorClaw is the secure agent workspace in the Mirror stack. The primary AI path runs on the Mirror-protected route, longer work moves into an isolated runtime, and proof shows up inside the product as a receipt chain on every turn.
Built around three product ideas, not a list of backend features.
The primary AI path runs on the Mirror-protected route. AES-256-GCM via a request-scoped CEK. Request encrypted, response encrypted, end to end.
Long or risky work moves into a delegated runtime boundary instead of widening the main chat trust zone. Jobs and Stack stay reviewable.
Every turn carries a receipt chain in the workspace: Enc in → Route → Enc out → Decrypt. Proof lives in the product, not in backend claims.
Four sections, attached to the chat surface. The same chain an operator can inspect inline with Show proof.
Prompt is wrapped with a per-request CEK before transport. The gateway sees ciphertext.
Request is forwarded over the Mirror inference path. Route, policy, and runtime lane all logged for the operator.
Model response returns on the encrypted lane. Same CEK reference, same boundary.
Decryption happens inside the trusted workspace. Operators can inspect the proof chain for any turn.
MirrorClaw separates the product into distinct trust boundaries. Each one has a surface in the workspace.
The workspace doesn't default to a public unauthenticated chat surface. Onboarding and app entry are separate so the authenticated workspace stays operator-focused.
Encrypted prompt and response transport on the main model path. Live evidence exposed in the product and status surfaces.
Conversation, memory, and proof in one operator surface. Proof attached to the chat surface rather than buried in backend logs.
Long-running or tool-heavy work moves off the main thread. Reviewable through Jobs and Stack instead of trusting hidden backend behavior.
Custody and readiness made visible instead of implying trust. Hosted blockers and dependency gaps surfaced before they bite.
Hosted builds are pressure-tested through MirrorArena before they ship. Release gating uses security evaluation as part of the product process.
MirrorArena is the security validation harness in the Mirror stack. Seven scan families, all in the release loop before a hosted build ships.
End-to-end runtime misuse across input, planning, tool use, persistence, and exfiltration stages.
ClawSafety-style domain harm: destructive actions, secret leakage, unsafe destination changes, config tampering.
Ingress auth, replay, compaction poisoning, subagent trust, memory drift, identity bleed, secure defaults, attestation claims, tool-risk guards, permission integrity, and context-judge decisions.
Skill injection, prompt seeding, exploit refinement, and seeded-vs-baseline attack deltas.
Jailbreak-style attacks, transformed prompt corpora, and operator-scenario prompt-defense evaluation.
Static and agentic scanning of repo trust boundaries, provider config, MCP exposure, and skill provenance.
HTTP target fingerprinting, version matching, and advisory-driven exposure analysis on the deployed surface.
Same threat classes, every Claw variant. Severity columns are how heavily each variant exposes the surface today; the last column is how MirrorClaw narrows it.
Mirror-hosted route is the strongest transport story. Customer-managed inference and fully-local stacks keep MirrorClaw's trust-boundary and proof story intact.
Hosted alpha, workspace tier, dedicated tier. Same product story, different boundary separation.
Other agent workspaces ask you to trust their backend. MirrorClaw shows you the receipt.