Version: 1.9.1 Date: 2026-06-01 Status: Current
Integrate PiQrypt audit trail into OpenClaw autonomous agents.
OpenClaw is an autonomous AI agent framework based on:
- Llama 3.2 (3B parameter model)
- Computer Use (OS-level control)
- Tool calling (file operations, bash, Python)
Challenge: How to ensure OpenClaw decisions are auditable and trustworthy?
Solution: PiQrypt cryptographic audit trail + behavioral monitoring.
┌──────────────────────────────────────────┐
│ User Request │
│ "Analyze sales data and create report" │
│ ↓ │
├──────────────────────────────────────────┤
│ OpenClaw (Llama 3.2) │
│ 1. Reasoning: What steps needed? │
│ 2. Planning: Read CSV → Analyze → PDF │
│ ↓ │
├──────────────────────────────────────────┤
│ PiQrypt Audit Layer │
│ • Sign each decision (Ed25519) │
│ • Link decisions in hash chain │
│ • Store cryptographic proof │
│ • Trust State Index (TSI) │
│ • VRS composite risk score │
│ ↓ │
├──────────────────────────────────────────┤
│ Execution │
│ • Read sales.csv │
│ • Run analysis │
│ • Generate report.pdf │
└──────────────────────────────────────────┘
pip install piqryptRequirements: Python 3.9+
git clone https://github.com/openclaw/openclaw
cd openclaw
pip install -e .Create openclaw_config.yaml:
agent:
name: openclaw_assistant
model: llama-3.2-3b
audit:
enabled: true
provider: piqrypt
tier: pro # recommended for production
tools:
- file_operations
- bash_executor
- python_executorimport piqrypt as aiss
from aiss.agent_registry import AgentRegistry
from aiss.key_store import KeyStore
from openclaw import Agent, Task
class AuditableOpenClaw(Agent):
"""OpenClaw with PiQrypt audit trail."""
def __init__(self, config):
super().__init__(config)
# Initialize PiQrypt with encrypted key storage
registry = AgentRegistry()
registry.register_agent("openclaw_main")
key_store = KeyStore(agent_name="openclaw_main")
key_store.generate_and_save(passphrase="your-secure-passphrase")
self.piqrypt_key = key_store.load(passphrase="your-secure-passphrase")
from aiss.crypto import ed25519
pub = ed25519.get_public_key(self.piqrypt_key)
from aiss.identity import derive_agent_id
self.piqrypt_id = derive_agent_id(pub)
print(f"🔐 PiQrypt audit enabled")
print(f" Agent ID: {self.piqrypt_id}")
def execute_task(self, task: Task):
"""Execute task with audit trail."""
# 1. Llama reasoning
plan = self.llama_model.plan(task.description)
# 2. Sign reasoning with PiQrypt
reasoning_event = aiss.stamp_event(
self.piqrypt_key,
self.piqrypt_id,
payload={
"event_type": "task_reasoning",
"task": task.description,
"plan": plan.steps,
"confidence": plan.confidence,
"model": "llama-3.2-3b"
}
)
aiss.store_event(reasoning_event)
# 3. Execute each step
results = []
previous_hash = aiss.compute_event_hash(reasoning_event)
for step in plan.steps:
result = self.execute_step(step)
execution_event = aiss.stamp_event(
self.piqrypt_key,
self.piqrypt_id,
payload={
"event_type": "step_execution",
"step": step.description,
"tool": step.tool,
"result": result.summary,
"success": result.success
},
previous_hash=previous_hash
)
aiss.store_event(execution_event)
results.append(result)
previous_hash = aiss.compute_event_hash(execution_event)
return results
def export_audit_trail(self, output_path="openclaw-audit.json"):
"""Export audit for human review."""
events = aiss.load_events()
from aiss.identity import export_identity
from aiss.crypto import ed25519
pub = ed25519.get_public_key(self.piqrypt_key)
identity = export_identity(self.piqrypt_id, pub)
audit = aiss.export_audit_chain(identity, events)
import json
with open(output_path, 'w') as f:
json.dump(audit, f, indent=2)
print(f"📋 Audit trail exported: {output_path}")# Initialize OpenClaw with PiQrypt
agent = AuditableOpenClaw(config)
# Execute task
task = Task("Analyze Q4 sales data and create executive summary")
results = agent.execute_task(task)
# Export audit trail
agent.export_audit_trail("q4-sales-audit.json")
# Verify (for human reviewer)
# $ piqrypt verify q4-sales-audit.jsonEvery OpenClaw decision is signed:
- Task Understanding — What did OpenClaw understand? When?
- Reasoning Process — What steps planned? Confidence level?
- Tool Executions — bash, Python, file operations + results
- Failures & Retries — What failed? How did it recover?
Chain of Evidence:
[Task] → [Reasoning] → [Step 1] → [Step 2] → [Step 3] → [Result]
↓ ↓ ↓ ↓ ↓ ↓
Sign Sign Sign Sign Sign Sign
python -m vigil.vigil_server
# Dashboard → http://127.0.0.1:18421
# API → http://127.0.0.1:18421/api/summaryMonitors in real-time:
- Trust State Index (TSI): STABLE / WATCH / UNSTABLE / CRITICAL
- A2C anomaly detection: 16 relational scenarios
- VRS score: composite behavioral risk per agent
from aiss import search_events
suspicious_events = search_events(event_type="step_execution")
for event in suspicious_events:
payload = event["payload"]
if payload.get("tool") == "bash":
if any(cmd in payload["step"] for cmd in ["rm -rf", "curl | bash", "chmod 777"]):
print(f"⚠️ Suspicious command detected:")
print(f" Event: {aiss.compute_event_hash(event)}")
print(f" Command: {payload['step']}")
print(f" Timestamp: {event['timestamp']}")Problem: OpenClaw has OS-level access — dangerous if compromised.
PiQrypt guarantees:
- Non-repudiation — OpenClaw cannot deny actions
- Tamper-proof — Cannot modify history after execution
- Auditability — Humans can verify what happened
- Accountability — Legal proof of agent behavior
- Behavioral drift — TSI/A2C detect anomalous patterns over time
The KeyStore (v1.8.4) provides scrypt N=2¹⁷ + AES-256-GCM encryption for the private key at rest. See example above.
# All OpenClaw decisions encrypted at rest
# .key.enc = 97 bytes, magic bytes PQKY, fixed structureBenefits:
- ✅ Brute-force resistant (>400ms per attempt)
- ✅ AES-GCM authentication tag (any tampering detected)
- ✅ Private key zeroed from RAM after use
- ✅ GDPR, HIPAA compatible
# Export and certify audit trail
piqrypt export openclaw-chain.json audit.json
# Request certification
piqrypt certify-request audit.json audit.json.cert --email compliance@company.com
# Verify
piqrypt certify-verify audit-CERT-XXXXX.piqrypt-certified
# ✅ Certified by PiQrypt Inc.# OpenClaw A and OpenClaw B collaborate on task
from aiss.a2a import initiate_handshake, accept_handshake
handshake = initiate_handshake(
openclaw_a.piqrypt_key,
openclaw_a.piqrypt_id,
openclaw_b.piqrypt_id,
payload={"task": "joint_analysis", "split": "50/50"}
)
response = accept_handshake(
openclaw_b.piqrypt_key,
openclaw_b.piqrypt_id,
handshake
)
# Both agents have cryptographic proof of agreement
# Audit trail shows: A and B collaborated on task X- Sign Before Execution — sign reasoning BEFORE tool execution
- Granular Events — one event per step, not per entire task
- Include Context — task description, confidence, tool details
- Use KeyStore — never store private keys in plaintext
- Monitor with Vigil — catch behavioral drift early
- Regular Exports — daily/weekly audit trail export
- Human Review — periodic review of VRS alerts
Error: LicenseError: Free tier limited to 3 agents
piqrypt status
piqrypt identity deactivate old-agent.json
# Or upgrade to Pro (50 agents)# Fast indexed search
piqrypt search --type step_execution
# Archive old events
piqrypt archive create openclaw-q4.pqz --from 2026-01-01 --to 2026-03-31OpenClaw + PiQrypt questions:
- Email: piqrypt@gmail.com
- GitHub: piqrypt/discussions
- Tag:
#openclaw-integration
Making OpenClaw Trustworthy with Cryptographic Proof 🔐✨
Intellectual Property Notice
Core protocol concepts described in this document were deposited via e-Soleau with the French National Institute of Industrial Property (INPI):
Primary deposit: DSO2026006483 — 19 February 2026 Addendum: DSO2026009143 — 12 March 2026
These deposits establish proof of authorship and prior art for the PCP protocol specification and PiQrypt reference implementation.
PCP (Proof of Continuity Protocol) is an open protocol specification. It may be implemented independently by any compliant system. PiQrypt is the reference implementation.
© 2026 PiQrypt — contact@piqrypt.com