KeyClaw's README is optimized for first contact. This directory holds the deeper operational material that maintainers, reviewers, and security-minded adopters usually ask for next.
- Architecture overview: request/response flow, major modules, and runtime trust boundaries
- Configuration reference: config file sections, environment variables, allowlists, audit log behavior, and daemon restart semantics
- macOS desktop-app guide: system-proxy and CA-trust setup for Finder-launched apps such as Claude.app, Codex.app, and ChatGPT.app
- Supported secret patterns: how the typed detectors and opaque-token detection work today
- Threat model: what KeyClaw protects against, what it does not, and how to deploy it safely
- Cargo package metadata lives in
Cargo.toml - Runtime behavior lives under
src/ - Contributor workflows live in
.github/
- README: landing page, quickstart, positioning, and top-level operating guide
- CONTRIBUTING: contributor workflow and local validation
- SECURITY: private vulnerability reporting
- AGENTS and CLAUDE: AI-agent repo guides
- Cargo install path:
cargo install keyclaw - Homebrew tap:
brew tap GuthL/tap && brew install keyclaw - Homebrew formula source:
GuthL/homebrew-tap - GitHub release artifacts: version tags published from
.github/workflows/release.yml