Developer Ibrahim Mukherjee has unveiled ClearFrame, an open-source AI agent protocol designed to address critical security vulnerabilities found in existing frameworks like OpenClaw and the Model Context Protocol (MCP).
ClearFrame introduces a structural redesign that separates untrusted content ingestion from tool execution. The protocol uses a dual-sandbox architecture, utilizing a 'Reader' sandbox to fetch data and an 'Actor' sandbox to execute commands, preventing indirect prompt injection attacks.
Security-first architecture
Existing agent frameworks often suffer from a lack of process isolation, where a single process reads untrusted web content and can immediately execute malicious shell commands. ClearFrame mitigates this by implementing a 'Goal Monitor' that scores every tool call against a pre-declared 'GoalManifest.'
If an agent's action deviates from its original intent, the system can automatically pause the session or trigger an operator approval request via the AgentOps control plane. This mechanism aims to stop 'goal drift' and unauthorized actions before they occur.
Beyond isolation, the protocol implements an HMAC-chained audit log. Every event in a session is cryptographically linked to the previous one, allowing developers to use a 'clearframe audit-verify' command to detect any tampering with the execution history.
ClearFrame also addresses credential management by replacing plaintext `.env` files with an AES-2025-GCM encrypted vault. This prevents a single compromised plugin from gaining access to all stored API keys.
For transparency, the protocol includes a Reasoning Transparency Layer (RTL). This feature captures every step of an agent's chain-of-thought as structured, queryable JSON with SHA-256 hashes, enabling full session replays for debugging and forensic reconstruction.
Developers can currently install ClearFrame via PyPI or GitHub. The system includes a live dashboard, accessible via a REST and WebSocket interface, which allows operators to monitor alignment scores and inspect reasoning traces in real time.
