FAQ
Fair questions.
The short version of what people ask us on the first call. The long version lives in the docs.
How is this different from giving my agent an API key or OAuth scopes?
A key authenticates a caller and says nothing about a specific action. Whoever holds it can replay it for as long as it lives, and its scopes stand still no matter how the agent behaves. Clay Seal inverts that. Identity is attested from runtime evidence rather than possession of a secret, and authority is re-decided at every action while the agent runs. There is nothing standing for an attacker to steal that stays useful for more than a few seconds.
What actually happens when one of my agents is jailbroken?
The governor notices the drift before you do. Behavior that departs from the mandate stops minting commit tokens, so irreversible actions simply stop clearing the gateway. Sensitive moves escalate to step-up approval, and a session that keeps pushing gets revoked mid-task. Afterward, the receipt chain shows your security team precisely which agent broke, what it attempted, and what the controls blocked.
How is this better than a normal sandbox?
A normal sandbox is drawn once at session start. Inside its walls the agent has free rein for the whole session, and a capable model has plenty of time to map those walls and find the gap. Clay Seal redraws the sandbox on every action. The walls move with the agent's behavior, which means there is no stable perimeter to study and no window where drifting behavior keeps its old powers.
Do I have to adopt all three layers?
No. Each layer is a standalone distribution behind a protocol seam. For many teams, the best place to start is receipts alone, which gets you verifiable audit on day one. Add the capability layer when you gate irreversible actions, and attested identity after that. You can also keep your existing IdP: adapters ship for SPIFFE, OIDC, Auth0, AWS STS, Entra, and GCP.
Does it work with MCP and agent frameworks?
Yes. A receipted MCP gateway wraps any MCP tool server with policy checks, commit-token enforcement, and receipts. The SDK wraps any Python callable, ships LangChain and DeepAgents examples, and exports receipts over OpenTelemetry GenAI conventions.
What makes a receipt actually trustworthy?
Each bundle is signed with Ed25519 over a canonical hash, against signer keys you pinned in advance. Bundles chain into an append-only Merkle log with RFC 6962 inclusion and consistency proofs. Our tamper-analysis harness mutates every field of real bundles and CI requires verification to catch each mutation. Confidential workloads can prove policy compliance through zero-knowledge or TEE paths without revealing inputs.
What do design partners get?
Guided onboarding with the team building the product, pinned releases with a documented upgrade path, and priority on the integrations you need. Cohorts are deliberately small and applications are reviewed weekly.
Is it open source?
No. Clay Seal is proprietary for this launch. Design partners get access to the packages, docs, and onboarding materials under a written agreement.