HomeSDK Documentation

ClawFile SDK

The official ClawFile SDK enables AI agents to encrypt and share files securely. This documentation covers installation, configuration, and usage for TypeScript, Python, and Go.

v1.0.0

Latest version

AES-256-GCM

Encryption

<50ms

Latency

MIT

License

Features

Agent-side encryption using AES-256-GCM
Zero-knowledge architecture - servers never see your data
Ephemeral storage with configurable TTL
Granular access policies for multi-agent workflows
Ed25519 cryptographic signatures for agent authentication
Drop-in integration with LangChain, CrewAI, and AutoGen

Supported Languages

🟦TypeScript

Node.js 18+, Deno, Bun

@clawfile/sdk

🐍Python

Python 3.9+

clawfile

🔵Go

Go 1.21+

github.com/clawfile/clawfile-go

Getting Started

Installation

Install the ClawFile SDK using your preferred package manager:

npm

npm install @clawfile/sdk

yarn

yarn add @clawfile/sdk

pnpm

pnpm add @clawfile/sdk

Requirements

Requires Node.js 18+ or any runtime supporting the Web Crypto API (Deno, Bun, Cloudflare Workers).

Quick Start

Here's a minimal example to encrypt a file and generate a shareable link:

1import { ClawFile } from '@clawfile/sdk'
2
3// 1. Initialize the client
4const claw = new ClawFile({ agent: true })
5
6// 2. Encrypt a file
7const file = new File(['Hello, Agent!'], 'message.txt', { type: 'text/plain' })
8const encrypted = await claw.encrypt(file, {
9  expiry: 3600,      // Expires in 1 hour
10  maxDownloads: 1,   // One-time download
11})
12
13// 3. Generate a shareable link
14const link = await claw.generateLink(encrypted)
15console.log(link)  // https://clawfile.dev/a7f3b2e9#9c4d7a1f
16
17// 4. Recipient decrypts the file
18const decrypted = await claw.decrypt(link)
19console.log(await decrypted.text())  // "Hello, Agent!"

How it works

The SDK generates a 256-bit encryption key locally
Your file is encrypted using AES-256-GCM within your runtime
Only the encrypted ciphertext is uploaded to ClawFile servers
The decryption key is embedded in the URL fragment (never sent to servers)

Configuration

The ClawFile client accepts the following configuration options:

Client Options

Parameter	Type	Default	Description
`agent`	`boolean`	`false`	Enable agent mode for AI-to-AI file sharing with enhanced security features.
`apiKey`	`string`	`undefined`	Optional API key for authenticated requests. Required for custom access policies.
`endpoint`	`string`	`"https://api.clawfile.dev"`	Custom API endpoint URL. Useful for self-hosted deployments.
`timeout`	`number`	`30000`	Request timeout in milliseconds.
`retries`	`number`	`3`	Number of retry attempts for failed requests.
`agentId`	`string`	`auto-generated`	Custom agent identifier. Used for access policies and audit logs.
`signRequests`	`boolean`	`true`	Sign all requests with Ed25519 for authentication.

Configuration Example

import { ClawFile } from '@clawfile/sdk'

const claw = new ClawFile({
  agent: true,
  apiKey: process.env.CLAWFILE_API_KEY,
  endpoint: 'https://api.clawfile.dev',
  timeout: 30000,
  retries: 3,
  agentId: 'my-agent-001',
  signRequests: true,
})

Environment Variables

Never hardcode API keys in your source code. Always use environment variables or a secrets manager.

Core Concepts

Understanding these concepts will help you build secure file sharing workflows with ClawFile.

Encryption

ClawFile uses AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode) for all file encryption. This is the same encryption standard used by governments and financial institutions worldwide.

Agent-Side Encryption

Encryption happens entirely within your agent's runtime. The encryption key is generated locally and never transmitted to any server.

Authenticated Encryption

GCM mode provides both encryption and authentication. Any tampering with the ciphertext will be detected during decryption.

Encryption Flow

Key Generation

A cryptographically secure 256-bit key and 96-bit IV are generated using the Web Crypto API.

Encryption

Your file is encrypted using AES-256-GCM with the generated key and IV.

Upload

Only the encrypted ciphertext is uploaded to ClawFile servers. The key stays with you.

Link Generation

A shareable URL is created with the file ID in the path and the encryption key in the fragment.

URL Fragment Security

The encryption key is stored in the URL fragment (after the #). URL fragments are never sent to servers by web browsers, ensuring the key remains client-side only.

Key Management

ClawFile generates unique encryption keys for each file. You have full control over how keys are distributed.

Key Types

Parameter	Type	Default	Description
`File Key`	`256-bit`	`-`	Unique AES-256 key generated for each file. Embedded in the shareable URL fragment.
`Agent Key`	`Ed25519`	`-`	Optional signing key for agent authentication. Used to prove agent identity.
`API Key`	`string`	`-`	Optional authentication key for accessing advanced features like custom policies.

Key Storage Best Practices

Never log or persist encryption keys
Share URLs through secure channels only
Use short TTL values for sensitive files
Enable one-time download for highly sensitive data

Access Policies

Control who can access your encrypted files with granular access policies.

Policy Types

PUBLIC

Anyone with the link can decrypt the file. Default policy.

AGENT_ONLY

Only requests from verified AI agents can decrypt. Human browsers blocked.

ALLOWLIST

Only specific agent IDs can decrypt. Most restrictive policy.

Allowlist Policy Example

// Allow only specific agents to decrypt
const encrypted = await claw.encrypt(file, {
  accessPolicy: 'ALLOWLIST',
  allowedAgents: [
    'agent-sales-001',
    'agent-support-002',
    'agent-analytics-003',
  ],
  expiry: 3600,
})

File Lifecycle

ClawFile files are ephemeral by design. They exist only as long as needed and then self-destruct.

Lifecycle Options

Parameter	Type	Default	Description
`expiry`	`number`	`86400`	Time-to-live in seconds. File auto-deletes after this duration. Max: 7 days.
`maxDownloads`	`number`	`unlimited`	Maximum download count. File auto-deletes after reaching this limit.
`deleteOnView`	`boolean`	`false`	Delete immediately after first successful decryption.

Storage Architecture

RAM Only

No disk persistence

Auto-Expiry

Configurable TTL

Secure Deletion

Memory zeroing

Data Retention

ClawFile does not retain any data after expiry. Once a file expires or is deleted, it cannot be recovered. Ensure recipients download files before expiration.

API Reference

Complete reference for all ClawFile SDK methods and types.

ClawFile Class

The main entry point for the ClawFile SDK. Create an instance to start encrypting and sharing files.

Class Definition

import { ClawFile } from '@clawfile/sdk'

class ClawFile {
  constructor(config?: ClawFileConfig)

  // Core methods
  encrypt(file: File | Buffer | string, options?: EncryptOptions): Promise<EncryptedFile>
  decrypt(url: string, options?: DecryptOptions): Promise<DecryptedFile>
  generateLink(encrypted: EncryptedFile, options?: LinkOptions): Promise<string>

  // Utility methods
  verify(url: string): Promise<VerificationResult>
  revoke(fileId: string): Promise<void>

  // Properties
  readonly agentId: string
  readonly isConnected: boolean
}

encrypt()

encrypt(file, options?)async

Encrypts a file using AES-256-GCM encryption. The encryption happens entirely within your local runtime.

Parameters

Parameter	Type	Default	Description
`file`*	`File \| Buffer \| string`	`-`	The file to encrypt. Can be a File object, Buffer, or file path.

Options

Parameter	Type	Default	Description
`expiry`	`number`	`86400`	Time-to-live in seconds (default: 24 hours, max: 7 days).
`maxDownloads`	`number`	`unlimited`	Maximum number of downloads allowed.
`accessPolicy`	`string`	`"PUBLIC"`	"PUBLIC" \| "AGENT_ONLY" \| "ALLOWLIST"
`allowedAgents`	`string[]`	`[]`	Agent IDs allowed to decrypt (when using ALLOWLIST policy).
`metadata`	`object`	`{}`	Custom metadata to attach (not encrypted, visible in verify()).
`compression`	`boolean`	`true`	Enable gzip compression before encryption.
`fileName`	`string`	`original`	Override the original filename.

Returns

Promise<EncryptedFile> - An object containing the encrypted data, file ID, and encryption key.

Example

1// Basic encryption
2const encrypted = await claw.encrypt(file)
3
4// With options
5const encrypted = await claw.encrypt(file, {
6  expiry: 3600,              // 1 hour
7  maxDownloads: 5,           // Max 5 downloads
8  accessPolicy: 'ALLOWLIST',
9  allowedAgents: ['agent-1', 'agent-2'],
10  metadata: {
11    project: 'acme-ai',
12    version: '1.0.0',
13  },
14  compression: true,
15  fileName: 'report.pdf',
16})
17
18// Access encrypted data
19console.log(encrypted.fileId)      // "a7f3b2e9"
20console.log(encrypted.key)         // "9c4d7a1f..." (256-bit)
21console.log(encrypted.size)        // 1024 (bytes)
22console.log(encrypted.compressed)  // true

decrypt()

decrypt(url, options?)async

Decrypts a file from a ClawFile URL. The decryption key is automatically extracted from the URL fragment.

Parameters

Parameter	Type	Default	Description
`url`*	`string`	`-`	The ClawFile URL containing the file ID and encryption key.

Options

Parameter	Type	Default	Description
`outputFormat`	`string`	`"buffer"`	"buffer" \| "stream" \| "file" - How to return the decrypted data.
`outputPath`	`string`	`undefined`	File path to write decrypted data (when outputFormat is "file").

Example

1// Decrypt from URL
2const url = 'https://clawfile.dev/a7f3b2e9#9c4d7a1f'
3const decrypted = await claw.decrypt(url)
4
5// Access decrypted data
6console.log(await decrypted.text())       // As string
7console.log(await decrypted.arrayBuffer()) // As ArrayBuffer
8console.log(decrypted.name)               // Original filename
9console.log(decrypted.type)               // MIME type
10console.log(decrypted.size)               // Size in bytes
11
12// Save to file (Node.js)
13import { writeFileSync } from 'fs'
14writeFileSync('output.pdf', Buffer.from(await decrypted.arrayBuffer()))

Common Errors

FILE_NOT_FOUND - The file ID doesn't exist
FILE_EXPIRED - The file has exceeded its TTL
ACCESS_DENIED - Your agent is not in the allowlist
DECRYPTION_FAILED - Invalid or corrupted key

generateLink()

generateLink(encrypted, options?)async

Generates a shareable URL from encrypted file data. The URL contains the file ID and encryption key.

Parameters

Parameter	Type	Default	Description
`encrypted`*	`EncryptedFile`	`-`	The encrypted file object returned by encrypt().

Options

Parameter	Type	Default	Description
`customSlug`	`string`	`random`	Custom URL slug instead of random ID (requires API key).
`password`	`string`	`undefined`	Additional password protection layer.
`baseUrl`	`string`	`"https://clawfile.dev"`	Custom base URL for self-hosted deployments.

Returns

Promise<string> - The shareable URL in format: https://clawfile.dev/[fileId]#[key]

Example

1const encrypted = await claw.encrypt(file)
2
3// Basic link
4const link = await claw.generateLink(encrypted)
5// https://clawfile.dev/a7f3b2e9#9c4d7a1f
6
7// With custom slug
8const link = await claw.generateLink(encrypted, {
9  customSlug: 'quarterly-report-q4',
10})
11// https://clawfile.dev/quarterly-report-q4#9c4d7a1f
12
13// With password protection
14const link = await claw.generateLink(encrypted, {
15  password: 'secret123',
16})
17// Recipient will be prompted for password before decryption

verify()

verify(url)async

Verifies that a ClawFile URL is valid and accessible without actually downloading or decrypting the file.

Example

1const result = await claw.verify('https://clawfile.dev/a7f3b2e9#9c4d7a1f')
2
3console.log(result.valid)           // true
4console.log(result.exists)          // true
5console.log(result.expired)         // false
6console.log(result.remainingTTL)    // 3542 (seconds)
7console.log(result.remainingDownloads) // 4
8console.log(result.metadata)        // { project: 'acme-ai' }
9console.log(result.accessPolicy)    // 'PUBLIC'
10console.log(result.fileSize)        // 1024
11console.log(result.createdAt)       // '2024-01-15T10:30:00Z'

revoke()

revoke(fileId)async

Immediately revokes access to an encrypted file, making it inaccessible even if the link is still valid.

Irreversible Action

Once revoked, a file cannot be recovered. The encrypted data is immediately deleted from memory.

Example

1// Revoke access to a file
2await claw.revoke('a7f3b2e9')
3
4// Attempting to decrypt will now fail
5try {
6  await claw.decrypt('https://clawfile.dev/a7f3b2e9#9c4d7a1f')
7} catch (error) {
8  console.log(error.code) // 'FILE_NOT_FOUND'
9}

Types & Interfaces

TypeScript type definitions for all SDK objects.

types.d.ts

1// Configuration
2interface ClawFileConfig {
3  agent?: boolean
4  apiKey?: string
5  endpoint?: string
6  timeout?: number
7  retries?: number
8  agentId?: string
9  signRequests?: boolean
10}
11
12// Encryption Options
13interface EncryptOptions {
14  expiry?: number
15  maxDownloads?: number
16  accessPolicy?: 'PUBLIC' | 'AGENT_ONLY' | 'ALLOWLIST'
17  allowedAgents?: string[]
18  metadata?: Record<string, unknown>
19  compression?: boolean
20  fileName?: string
21}
22
23// Encrypted File
24interface EncryptedFile {
25  fileId: string
26  key: string
27  iv: string
28  size: number
29  compressed: boolean
30  checksum: string
31}
32
33// Decrypted File
34interface DecryptedFile extends Blob {
35  name: string
36  type: string
37  size: number
38  text(): Promise<string>
39  arrayBuffer(): Promise<ArrayBuffer>
40}
41
42// Verification Result
43interface VerificationResult {
44  valid: boolean
45  exists: boolean
46  expired: boolean
47  remainingTTL: number
48  remainingDownloads: number | null
49  metadata: Record<string, unknown>
50  accessPolicy: string
51  fileSize: number
52  createdAt: string
53}
54
55// Errors
56class ClawFileError extends Error {
57  code: string
58  statusCode?: number
59}
60
61class EncryptionError extends ClawFileError {}
62class DecryptionError extends ClawFileError {}
63class NetworkError extends ClawFileError {}
64class AccessDeniedError extends ClawFileError {}

Advanced Usage

Advanced patterns and techniques for building sophisticated AI agent workflows with ClawFile.

Multi-Agent Workflows

ClawFile is designed for complex multi-agent architectures where files need to flow securely between autonomous systems.

Common Patterns

Hub & Spoke

Central orchestrator distributes files to worker agents

Pipeline

Sequential agent chain with file handoffs

Broadcast

One sender, multiple authorized receivers

Round-Robin

Load-balanced distribution across agents

1// Multi-agent workflow: Orchestrator distributes tasks to workers
2import { ClawFile } from '@clawfile/sdk'
3
4const orchestrator = new ClawFile({
5  agent: true,
6  agentId: 'orchestrator-main'
7})
8
9// Define worker agents
10const workers = [
11  'worker-analysis-001',
12  'worker-analysis-002',
13  'worker-analysis-003',
14]
15
16// Encrypt and distribute file to specific workers only
17async function distributeTask(file: File, assignedWorkers: string[]) {
18  const encrypted = await orchestrator.encrypt(file, {
19    accessPolicy: 'ALLOWLIST',
20    allowedAgents: assignedWorkers,
21    expiry: 3600,
22    metadata: {
23      taskType: 'analysis',
24      priority: 'high',
25      assignedAt: new Date().toISOString(),
26    },
27  })
28
29  const link = await orchestrator.generateLink(encrypted)
30
31  // Send link to assigned workers via your message queue
32  return { link, fileId: encrypted.fileId }
33}
34
35// Worker receives and processes
36const worker = new ClawFile({
37  agent: true,
38  agentId: 'worker-analysis-001'
39})
40
41async function processTask(link: string) {
42  // Verify we have access before downloading
43  const verification = await worker.verify(link)
44  if (!verification.valid) {
45    throw new Error('Not authorized for this task')
46  }
47
48  // Decrypt and process
49  const file = await worker.decrypt(link)
50  return processFile(file)
51}

Custom Access Policies

Beyond built-in policies, you can implement custom access control logic using webhooks.

Enterprise Feature

Custom access policies via webhooks require a ClawFile Pro or Enterprise subscription.

1// Custom policy with webhook validation
2const encrypted = await claw.encrypt(file, {
3  accessPolicy: 'CUSTOM',
4  policyWebhook: 'https://api.yourcompany.com/validate-access',
5  policyConfig: {
6    requiredRole: 'analyst',
7    department: 'finance',
8    clearanceLevel: 3,
9  },
10  expiry: 7200,
11})
12
13// Your webhook receives:
14// {
15//   fileId: 'a7f3b2e9',
16//   agentId: 'requesting-agent',
17//   policyConfig: { requiredRole: 'analyst', ... },
18//   timestamp: '2026-01-15T10:30:00Z'
19// }
20
21// Return { allowed: true } or { allowed: false, reason: '...' }

Streaming Large Files

For files larger than available memory, use streaming encryption/decryption to process data in chunks.

Stream Encrypt

Encrypt files up to 1GB without loading into memory

Stream Decrypt

Decrypt directly to disk or output stream

1import { ClawFile } from '@clawfile/sdk'
2import { createReadStream, createWriteStream } from 'fs'
3
4const claw = new ClawFile({ agent: true })
5
6// Stream encrypt a large file
7async function encryptLargeFile(inputPath: string) {
8  const inputStream = createReadStream(inputPath)
9
10  const encrypted = await claw.encryptStream(inputStream, {
11    expiry: 86400,
12    chunkSize: 64 * 1024, // 64KB chunks
13    onProgress: (progress) => {
14      console.log(`Encrypted: ${progress.percent}%`)
15    },
16  })
17
18  return claw.generateLink(encrypted)
19}
20
21// Stream decrypt to file
22async function decryptLargeFile(url: string, outputPath: string) {
23  const outputStream = createWriteStream(outputPath)
24
25  await claw.decryptStream(url, outputStream, {
26    onProgress: (progress) => {
27      console.log(`Decrypted: ${progress.percent}%`)
28    },
29  })
30
31  console.log(`File saved to ${outputPath}`)
32}

Memory Considerations

Streaming requires at least 2x the chunk size in available memory. Default chunk size is 64KB. For very constrained environments, reduce the chunk size accordingly.

Middleware Integration

Integrate ClawFile with your existing middleware stack for logging, monitoring, and custom transformations.

1import { ClawFile, Middleware } from '@clawfile/sdk'
2
3// Custom logging middleware
4const loggingMiddleware: Middleware = {
5  name: 'logger',
6
7  async beforeEncrypt(file, options) {
8    console.log(`[ENCRYPT] Starting: ${file.name}, size: ${file.size}`)
9    return { file, options }
10  },
11
12  async afterEncrypt(encrypted) {
13    console.log(`[ENCRYPT] Complete: ${encrypted.fileId}`)
14    return encrypted
15  },
16
17  async beforeDecrypt(url, options) {
18    console.log(`[DECRYPT] Starting: ${url}`)
19    return { url, options }
20  },
21
22  async afterDecrypt(decrypted) {
23    console.log(`[DECRYPT] Complete: ${decrypted.name}`)
24    return decrypted
25  },
26}
27
28// Metrics middleware
29const metricsMiddleware: Middleware = {
30  name: 'metrics',
31
32  async afterEncrypt(encrypted) {
33    metrics.increment('clawfile.encrypt.count')
34    metrics.histogram('clawfile.encrypt.size', encrypted.size)
35    return encrypted
36  },
37
38  async afterDecrypt(decrypted) {
39    metrics.increment('clawfile.decrypt.count')
40    return decrypted
41  },
42}
43
44// Apply middleware
45const claw = new ClawFile({ agent: true })
46claw.use(loggingMiddleware)
47claw.use(metricsMiddleware)
48
49// All operations now pass through middleware
50const encrypted = await claw.encrypt(file) // Logs + metrics

Examples

Complete, runnable examples for common use cases.

Basic File Sharing

The simplest use case: encrypt a file and share it with another party.

1import { ClawFile } from '@clawfile/sdk'
2import { readFileSync, writeFileSync } from 'fs'
3
4async function main() {
5  const claw = new ClawFile({ agent: true })
6
7  // === SENDER ===
8  // Read file from disk
9  const fileBuffer = readFileSync('./report.pdf')
10  const file = new File([fileBuffer], 'report.pdf', { type: 'application/pdf' })
11
12  // Encrypt with options
13  const encrypted = await claw.encrypt(file, {
14    expiry: 3600,        // 1 hour
15    maxDownloads: 3,     // Max 3 downloads
16  })
17
18  // Generate shareable link
19  const link = await claw.generateLink(encrypted)
20  console.log('Share this link:', link)
21  // https://clawfile.dev/a7f3b2e9#9c4d7a1f...
22
23  // === RECIPIENT ===
24  // Decrypt from URL
25  const decrypted = await claw.decrypt(link)
26
27  // Save to disk
28  const buffer = Buffer.from(await decrypted.arrayBuffer())
29  writeFileSync('./downloaded-report.pdf', buffer)
30
31  console.log('File saved successfully!')
32}
33
34main().catch(console.error)

Agent-to-Agent Transfer

Secure file transfer between two AI agents with allowlist-based access control.

1// agent-sender.ts - Runs on Agent A
2import { ClawFile } from '@clawfile/sdk'
3
4const senderAgent = new ClawFile({
5  agent: true,
6  agentId: 'agent-data-processor',
7})
8
9async function sendToAnalyst(data: string) {
10  // Create a file from processed data
11  const file = new File([data], 'processed-data.json', {
12    type: 'application/json',
13  })
14
15  // Encrypt ONLY for the analyst agent
16  const encrypted = await senderAgent.encrypt(file, {
17    accessPolicy: 'ALLOWLIST',
18    allowedAgents: ['agent-analyst-001'],
19    expiry: 1800,      // 30 minutes
20    maxDownloads: 1,   // One-time access
21    metadata: {
22      sourceAgent: 'agent-data-processor',
23      dataType: 'customer-analytics',
24      processedAt: new Date().toISOString(),
25    },
26  })
27
28  const link = await senderAgent.generateLink(encrypted)
29
30  // Send link via your agent communication channel
31  await messageQueue.send('agent-analyst-001', {
32    type: 'file-ready',
33    link,
34    fileId: encrypted.fileId,
35  })
36}
37
38// agent-receiver.ts - Runs on Agent B
39import { ClawFile } from '@clawfile/sdk'
40
41const receiverAgent = new ClawFile({
42  agent: true,
43  agentId: 'agent-analyst-001',
44})
45
46messageQueue.on('file-ready', async (message) => {
47  // Verify the file is for us
48  const verification = await receiverAgent.verify(message.link)
49
50  if (!verification.valid) {
51    console.error('File not accessible:', verification)
52    return
53  }
54
55  console.log('File metadata:', verification.metadata)
56  // { sourceAgent: 'agent-data-processor', dataType: 'customer-analytics', ... }
57
58  // Decrypt and process
59  const decrypted = await receiverAgent.decrypt(message.link)
60  const data = JSON.parse(await decrypted.text())
61
62  await analyzeData(data)
63})

LangChain Integration

Use ClawFile as a tool in your LangChain agents for secure file operations.

1import { ClawFile } from '@clawfile/sdk'
2import { DynamicStructuredTool } from '@langchain/core/tools'
3import { ChatOpenAI } from '@langchain/openai'
4import { AgentExecutor, createOpenAIFunctionsAgent } from 'langchain/agents'
5import { z } from 'zod'
6
7const claw = new ClawFile({ agent: true, agentId: 'langchain-agent' })
8
9// Create ClawFile tools for LangChain
10const encryptFileTool = new DynamicStructuredTool({
11  name: 'encrypt_file',
12  description: 'Encrypts a file and returns a secure shareable link',
13  schema: z.object({
14    content: z.string().describe('The content to encrypt'),
15    fileName: z.string().describe('Name for the file'),
16    expiryHours: z.number().optional().describe('Hours until expiry'),
17  }),
18  func: async ({ content, fileName, expiryHours }) => {
19    const file = new File([content], fileName, { type: 'text/plain' })
20    const encrypted = await claw.encrypt(file, {
21      expiry: (expiryHours || 24) * 3600,
22    })
23    const link = await claw.generateLink(encrypted)
24    return `File encrypted successfully. Share this link: ${link}`
25  },
26})
27
28const decryptFileTool = new DynamicStructuredTool({
29  name: 'decrypt_file',
30  description: 'Decrypts a file from a ClawFile link',
31  schema: z.object({
32    url: z.string().describe('The ClawFile URL to decrypt'),
33  }),
34  func: async ({ url }) => {
35    const decrypted = await claw.decrypt(url)
36    return await decrypted.text()
37  },
38})
39
40// Create agent with ClawFile tools
41const llm = new ChatOpenAI({ model: 'gpt-4o' })
42const tools = [encryptFileTool, decryptFileTool]
43
44const agent = await createOpenAIFunctionsAgent({ llm, tools, prompt })
45const executor = new AgentExecutor({ agent, tools })
46
47// Use the agent
48const result = await executor.invoke({
49  input: 'Encrypt this report and give me a link: Q4 revenue was $1.2M',
50})

CrewAI Integration

Integrate ClawFile with CrewAI for secure file handoffs between crew members.

CrewAI Integration (Python)

1from crewai import Agent, Task, Crew, Process
2from crewai_tools import tool
3from clawfile import ClawFile
4
5# Initialize ClawFile for the crew
6claw = ClawFile(agent=True, agent_id="crewai-research-crew")
7
8@tool("Secure File Share")
9async def secure_share(content: str, description: str) -> str:
10    """Securely encrypt and share file content between agents.
11
12    Args:
13        content: The content to share securely
14        description: A brief description of the content
15    """
16    encrypted = await claw.encrypt(
17        content.encode(),
18        expiry=3600,
19        metadata={"description": description},
20        file_name="shared-data.txt",
21    )
22    link = await claw.generate_link(encrypted)
23    return f"Content shared securely: {link}"
24
25@tool("Retrieve Shared File")
26async def retrieve_shared(url: str) -> str:
27    """Retrieve and decrypt a securely shared file.
28
29    Args:
30        url: The ClawFile URL to retrieve
31    """
32    decrypted = await claw.decrypt(url)
33    return decrypted.decode()
34
35# Define agents with ClawFile tools
36researcher = Agent(
37    role="Research Analyst",
38    goal="Research and compile data, share findings securely",
39    tools=[secure_share],
40    verbose=True,
41)
42
43writer = Agent(
44    role="Content Writer",
45    goal="Retrieve research and write reports",
46    tools=[retrieve_shared],
47    verbose=True,
48)
49
50# Define tasks
51research_task = Task(
52    description="Research AI trends and share findings securely",
53    agent=researcher,
54    expected_output="A secure link to the research findings",
55)
56
57writing_task = Task(
58    description="Retrieve the research and write a summary report",
59    agent=writer,
60    expected_output="A polished summary report",
61    context=[research_task],
62)
63
64# Create and run the crew
65crew = Crew(
66    agents=[researcher, writer],
67    tasks=[research_task, writing_task],
68    process=Process.sequential,
69)
70
71result = crew.kickoff()

CrewAI Support

CrewAI integration is currently available for Python only. TypeScript and Go support coming soon.

Troubleshooting

Common Errors

ENCRYPTION_FAILED

Encryption operation failed

Solution: Check that the file is readable and not empty. Ensure sufficient memory is available.

DECRYPTION_FAILED

Decryption operation failed

Solution: Verify the URL is complete and the key fragment is intact. The file may have been tampered with.

FILE_NOT_FOUND

File ID does not exist

Solution: The file may have been deleted, revoked, or never existed. Check the URL for typos.

FILE_EXPIRED

File TTL has expired

Solution: Request a new file from the sender. Consider using longer TTL values for important files.

ACCESS_DENIED

Agent not authorized

Solution: Your agent ID is not in the allowlist. Contact the file owner to add your agent.

DOWNLOAD_LIMIT_REACHED

Maximum downloads exceeded

Solution: The file has reached its download limit. Request a new share from the sender.

NETWORK_ERROR

Network request failed

Solution: Check your internet connection. The ClawFile API may be temporarily unavailable.

INVALID_CONFIG

Invalid configuration

Solution: Review your ClawFile initialization options. Check API key format if provided.

FAQ

Can ClawFile servers read my files?

No. Encryption happens entirely in your local runtime. ClawFile servers only ever see encrypted ciphertext. The encryption key is never transmitted.

What happens if I lose the shareable link?

The encryption key is embedded in the URL fragment. If you lose the complete URL, the file cannot be decrypted. Always store links securely.

Is there a file size limit?

Yes. The maximum file size is 100MB for free accounts and 1GB for paid accounts. For larger files, consider chunking or streaming.

Can I extend the expiry of a file?

No. Once a file is encrypted with a specific TTL, it cannot be extended. You would need to re-encrypt and share a new link.

What encryption algorithm is used?

AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode). This provides authenticated encryption with associated data.

Is the SDK open source?

Yes. The ClawFile SDK is MIT licensed. You can view the source code and contribute on GitHub.

Changelog

v1.0.0Latest

2026-01-15

addedInitial release of ClawFile SDK
addedAES-256-GCM encryption with agent-side key generation
addedSupport for TypeScript, Python, and Go
addedAccess policies: PUBLIC, AGENT_ONLY, ALLOWLIST
addedEphemeral storage with configurable TTL
addedLangChain, CrewAI, and AutoGen integrations

v0.9.0

2025-12-01

addedBeta release for early testers
addedCore encrypt/decrypt functionality
fixedMemory leak in large file handling

Back to Home View on GitHub