### Overview

1Claw is architecting a dedicated, zero-trust infrastructure suite designed to safeguard the operations of AI agents. The core offering integrates an HSM-backed secret management Vault, a TEE-based LLM proxy (Shroud), and a multi-chain transaction signing API (Intents API). Their vision is to establish the definitive security layer that enables agents to act autonomously across cloud environments and blockchains without ever compromising sensitive credentials.

### The Problem & Solution

The platform's unique value proposition lies in the absolute separation of secret storage from the LLM's context window. AI agents are inherently prone to leaking database credentials, API keys, and PII into provider logs or chat outputs. 1Claw mitigates this risk by retaining keys within Hardware Security Modules (HSMs) and Trusted Execution Environments (TEEs).

• Runtime Fetching: Agents utilize short-lived JWTs to fetch credentials only at the moment of execution.
• Proactive Redaction: The Shroud proxy scrubs and redacts prompts before they reach models like OpenAI or Claude, preventing exfiltration and command injections.

### Core Functional Pillars

1. Vault Operations: Users store API keys and tokens within the HSM-backed Vault, defining scoped policies such as token limits and blocklists.

2. Shroud (LLM Traffic): Agents route inference calls through the `shroud.1claw.xyz` proxy. Operating within GKE confidential compute nodes, Shroud scores prompts against six security layers, using Aho-Corasick matching to redact secrets.

3. Intents API (Web3): Private keys are decrypted strictly within a TEE. Agents submit an 'intent' (e.g., 'send 0.01 ETH on Base'), and the infrastructure evaluates strict guardrails—including value caps and allowed addresses—before signing and broadcasting the transaction.

### Target Audience & ICP

1Claw is built for developers, Security Engineers, and SREs responsible for deploying autonomous agents in production environments. Key segments include: