Skip to content

avp-protocol/zeroclaw-avp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 

Repository files navigation

AVP Shield

zeroclaw-avp

ZeroClaw SecretBackend integration for AVP
Drop-in replacement · Same API · Hardware security

Crates.io CI License


Overview

zeroclaw-avp implements ZeroClaw's SecretBackend trait using the Agent Vault Protocol. Replace ZeroClaw's default credential storage with AVP — get hardware-grade security without changing your agent code.

Installation

[dependencies]
zeroclaw-avp = "0.1"

Quick Start

use zeroclaw::Agent;
use zeroclaw_avp::AvpSecretBackend;

fn main() -> zeroclaw::Result<()> {
    // Create AVP-backed secret store
    let secrets = AvpSecretBackend::from_config("avp.toml")?;

    // Use with ZeroClaw agent
    let agent = Agent::builder()
        .secret_backend(secrets)
        .build()?;

    // Secrets are now stored in AVP vault instead of ~/.zeroclaw/credentials
    agent.run()
}

Migration from Default Backend

# Export existing secrets
zeroclaw secrets export > secrets.json

# Import into AVP
avp import secrets.json --backend keychain

# Update zeroclaw.toml
echo '[secrets]
backend = "avp"
config = "avp.toml"' >> zeroclaw.toml

# Clean up
rm secrets.json
zeroclaw secrets clear  # Remove old plaintext secrets

Configuration

zeroclaw.toml

[secrets]
backend = "avp"
config = "avp.toml"  # Path to AVP config

avp.toml

[backend]
type = "keychain"  # or "file", "hardware", "remote"

[workspace]
name = "zeroclaw-default"

Backend Selection

use zeroclaw_avp::{AvpSecretBackend, Backend};

// OS Keychain (recommended)
let secrets = AvpSecretBackend::with_backend(Backend::Keychain)?;

// Hardware secure element (maximum security)
let secrets = AvpSecretBackend::with_backend(Backend::Hardware {
    device: "/dev/ttyUSB0".into(),
})?;

// Remote vault (team environments)
let secrets = AvpSecretBackend::with_backend(Backend::Remote {
    url: "https://vault.company.com".into(),
})?;

API Compatibility

AvpSecretBackend implements the full SecretBackend trait:

Method AVP Operation
get(key) RETRIEVE
set(key, value) STORE
delete(key) DELETE
list() LIST
exists(key) LIST + filter

Security Comparison

Backend Infostealer Host Compromise Memory Dump
ZeroClaw default
AVP File
AVP Keychain
AVP Hardware

Contributing

See CONTRIBUTING.md.

License

Apache 2.0 — see LICENSE.


AVP Specification · ZeroClaw

About

ZeroClaw SecretBackend using AVP

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published