Skip to main content
This document maps the current Clawb system architecture from the codebase.

How to view visually

  • GitHub: open this file in the repository UI (Mermaid renders automatically).
  • VS Code: open this file and use Markdown Preview (Cmd/Ctrl + Shift + V).
  • Mermaid Live Editor: copy/paste any diagram block into https://mermaid.live.

1) System Context

Auth and trust boundaries

CallerMain auth modePrimary endpoints
Dashboard user (browser)Session cookie (magic link login)/auth/*, /v1/workspaces, /v1/agents, /v1/policies, /v1/vault/*
Enterprise backend/gatewayWorkspace API key/v1/check, /v1/workspace/*, /v1/identity/*
Agent runtimeSignature + nonce/timestamp via relying service or signed agent endpoints/v1/verify, /v1/telemetry/heartbeat, vault signed endpoints
Public approval linksOpaque one-time tokens/v1/approval-links/*, /v1/agent-approval/*, /v1/policy-challenges/*

2) End-to-End Decision Loop (Verify + Policy)

3) Vault + JWT Credential Path

4) Control Plane Domains

5) Core Data Model Topology