Skip to content
clawkernel mascot clawkernel

Specification

Current Version

Section titled “Current Version”

CKP v0.3.0 — Released March 2026, Apache 2.0 License.

The Claw Kernel Protocol is an open specification for describing, composing, and interoperating autonomous AI agents. It defines eleven primitive units that together form a complete declarative manifest for an agent’s identity, capabilities, communication surfaces, security boundaries, memory systems, predictive planning surfaces, and multi-agent coordination.

CKP is complementary to MCP (Model Context Protocol). MCP standardizes how LLM hosts discover and invoke tools. CKP standardizes how autonomous agents are assembled, secured, and orchestrated as first-class runtime entities.

Reading Order

Section titled “Reading Order”

For a complete understanding of the protocol, read the documents in this order:

  1. Specification — This page. Architecture overview and design principles.
  2. Primitives — The eleven building blocks (Identity through WorldModel, Swarm, and Telemetry).
  3. URI Scheme — The claw:// addressing format.
  4. Lifecycle — Agent state machine (INIT through STOPPED).
  5. Transport & Wire Format — JSON-RPC 2.0 methods and error codes.
  6. Security Model — Defense-in-depth layers and threat model.
  7. Runtime Profile — Recommended defaults, retry semantics, transport extensions.

Design Principles

Section titled “Design Principles”

CKP is guided by seven principles:

IDPrincipleStatement
P1Declarative Over ImperativeAgent behavior is described, not coded. A YAML/JSON manifest declares what an agent is and can do. The runtime decides how.
P2Secure by DefaultSecurity is not an add-on. Every primitive has built-in security surfaces. A Claw with no explicit policy runs in the most restrictive mode.
P3MCP-CompatibleCKP’s Tool primitive is a strict superset of MCP’s tool definition. Any MCP server can be referenced as a CKP tool source.
P4Transport-AgnosticCKP does not mandate a specific transport. Manifests can be exchanged over stdio, HTTP, WebSocket, message queues, or filesystem.
P5Progressive ComplexityA valid Claw manifest can be as simple as an Identity + one Provider. Every other primitive is optional and additive.
P6Hardware-AgnosticThe same manifest targets any runtime — from a Rust binary on embedded hardware to a TypeScript process on Kubernetes.
P7AuditableEvery primitive produces structured telemetry. Agent behavior can be traced, replayed, and audited.

The Eleven Primitives

Section titled “The Eleven Primitives”

Every CKP agent is assembled from these building blocks:

PrimitivePurpose
IdentityWho the agent is — personality, context files, autonomy level
ProviderLLM inference endpoint — protocol, auth, fallback chains
ChannelCommunication surface — Telegram, Slack, CLI, webhook, voice
ToolExecutable function — MCP-compatible, sandboxed, policy-governed
SkillComposed workflow — tools + natural-language instructions
MemoryPersistent state — conversation, semantic, key-value, workspace, checkpoint
WorldModelOptional predictive planning — simulate futures, estimate risk and cost
SandboxExecution isolation — process, WASM, container, VM
PolicyBehavioral rules — allow, deny, require-approval, audit
SwarmMulti-agent coordination — topologies, delegation, aggregation
TelemetryObservability — exporters, sampling, redaction

Only Identity and Provider are required. Everything else is optional and additive.

Conformance Levels

Section titled “Conformance Levels”

CKP defines three conformance levels to accommodate the full range of implementations:

LevelRequired PrimitivesTarget
Level 1: CoreIdentity, ProviderMinimal deployments, embedded devices, simple chatbots
Level 2: StandardIdentity, Provider, Channel, Tool, Sandbox, PolicyPersonal assistants, team bots, automated workflows
Level 3: FullAll 9 core primitives (WorldModel and Telemetry optional at all levels)Enterprise deployments, research teams, multi-agent swarms

Architecture

Section titled “Architecture”
                    +-------------+
                    |   Human     |
                    +------+------+
                           | interacts via
                    +------v------+
                    |  Channel(s) |
                    +------+------+
                           | routes to
                    +------v------+
                    |  Identity   |
                    +------+------+
                           | reasons with
                    +------v------+
                    |  Provider   |
                    +------+------+
                           | acts through
              +------------+------------+
              |            |            |
       +------v--+  +-----v-----+  +--v------+
       |  Tool   |  |   Skill   |  |  Swarm  |
       +----+----+  +-----+-----+  +----+----+
            |             |              |
       +----v----+  +-----v-----+  +----v----+
       | Sandbox |  |  Memory   |  | Policy  |
       +---------+  +-----------+  +---------+

Full Specification

Section titled “Full Specification”

The complete normative specification is available on GitHub:

Sections 1-4 of the specification are informative context. Appendices are informative unless explicitly marked otherwise.