MirrorClaw is a secure agent workspace built around three ideas: keep the primary inference path on the Mirror-protected route, move longer or riskier work into an isolated runtime boundary, and make proof visible inside the product.
MirrorClaw separates the product into distinct trust boundaries. Each one has a surface in the workspace.
Hosted alpha access is explicitly gated. The workspace doesn't default to a public unauthenticated chat surface.
Encrypted prompt and response transport on the main model path. Live evidence exposed in the product.
Conversation, memory, and proof in one operator surface. Proof attached to chat, not buried in backend logs.
Long-running or tool-heavy work moves off the main thread. Reviewable through Jobs and Stack.
Custody and readiness made visible instead of implying trust. Hosted blockers and dependency gaps surfaced.
Hosted builds are pressure-tested through MirrorArena before they ship. Security evaluation as part of shipping.
What an operator actually sees in the workspace, attached to the chat surface.
Prompt is wrapped with a per-request CEK before transport. The gateway sees ciphertext.
Request forwarded over the Mirror inference path. Route, policy, and runtime lane logged.
Model response returns on the encrypted lane. Same CEK reference, same boundary.
Decryption happens inside the trusted workspace. Operators can inspect the full chain.
MirrorArena is the security validation harness in the Mirror stack. Seven scan families in the release loop before a hosted build ships.
End-to-end runtime misuse across input, planning, tool use, persistence, and exfiltration.
ClawSafety-style domain harm: destructive actions, secret leakage, unsafe destination changes.
Ingress auth, replay, compaction poisoning, subagent trust, memory drift, identity bleed, tool-risk guards, permission integrity, and context-judge decisions.
Skill injection, prompt seeding, exploit refinement, seeded-vs-baseline attack deltas.
Jailbreak-style attacks, transformed prompt corpora, operator-scenario prompt-defense evaluation.
Static and agentic scanning of repo trust boundaries, provider config, MCP exposure, skill provenance.
HTTP target fingerprinting, version matching, advisory-driven exposure analysis.
Four layers. Each one independently testable, each one logged.
Same product story, different boundary separation.
Protected route, visible proof, shared hosted control plane
Encrypted inference included, readiness and connector policy visible
Dedicated VM or confidential-runtime path with stronger boundary separation
Other agent workspaces ask you to trust their backend. MirrorClaw shows you the receipt.