Enforcement Order โ Every API Call
โ SUTRA
โ
โก DHARMA
โ
โข SANGHA
โ
โฃ KARMA
โ
โค BODHI
โ
โฅ METTA
โ
โฆ SILA
โ
โง NIRVANA
๐ 8 Security Layers
| 1 |
SUTRA |
Gateway โ origin validation, rate limit, TLS |
| 2 |
DHARMA |
Permissions โ 33 perms, 7 roles, RBAC |
| 3 |
SANGHA |
Skill vetting โ allowlist + AST scanning |
| 4 |
KARMA |
Cost control โ user-set budget ceiling (BYOK) |
| 5 |
BODHI |
Isolation โ subprocess sandbox, egress allowlist |
| 6 |
METTA |
Identity โ Ed25519 signing per agent |
| 7 |
SILA |
Audit โ every call logged with cost tracking |
| 8 |
NIRVANA |
Recovery โ kill switch, snapshots, rollback |
| NIRVANA |
before_agent_start |
p:1000 |
| DHARMA |
before_tool_call |
p:900 |
| SANGHA |
before_tool_call |
p:800 |
| KARMA |
before_agent_start |
p:700 |
| BODHI |
before_agent_start |
p:600 |
| METTA |
message_sending |
p:500 |
| SILA |
after_tool_call |
p:100 |
โก API Reference
POST/api/agents
Create agent
GET/api/agents/{id}
Detail
PUT/api/agents/{id}
Update
POST/api/agents/{id}/gateway
Chat (all 8 layers)
POST/api/agents/{id}/kill
Kill switch
POST/api/agents/{id}/revive
Revive
GET/api/agents/{id}/snapshots
Snapshot history
POST/api/agents/{id}/rollback/{s}
Restore snapshot
GET/api/marketplace/skills
Browse skills
POST/api/marketplace/skills/import
Upload SKILL.md
POST.../import-clawhub
Import from ClawHub
GET/api/audit
Full audit log
GET/api/audit?agent_id={id}
Per-agent log
POST/api/auth/magic-link
Send login email
POST/api/billing/portal
Stripe portal
GET/api/dashboard/health
Health check
๐ Quick Install
pip install samma-suit
openclaw plugins install samma-suit
openclaw plugins doctor โ
~/.openclaw/openclaw.json
{
"plugins": {
"entries": {
"samma-suit": {
"enabled": true,
"config": {
"api_url": "https://api.sammasuit.com",
"api_key": "samma_...",
"llm_key": "sk-ant-...",
"budget": 100,
"layers": ["ALL"]
}
}
}
}
}
Free
1 agent, 100 calls/mo
Pro $29/mo
5 agents, custom budget ceiling
Team $99/mo
25 agents, custom budget ceiling
You provide your LLM API key. We enforce governance.
KARMA budget ceiling protects your spend.
๐ฏ Threat Model
โ
CVE-2026-25253 โ WebSocket RCE
โ SUTRA
โ
ClawHavoc โ 341 malicious skills
โ SANGHA
โ
capability-evolver โ data exfil to Feishu
โ BODHI
โ
Runaway cron โ $750/mo heartbeat costs
โ KARMA
โ
Unauthorized tool execution
โ DHARMA
โ
Agent impersonation / spoofing
โ METTA
โ
No forensics / compliance gap
โ SILA
โ
Rogue agent โ no off switch
โ NIRVANA
os.system()
subprocess.*
eval() / exec()
fetch() / requests.*
open(.env)
__import__
๐ Dashboard
sammasuit.com/dashboard.html
Agents
Cards, status, budget gauge, chat
Skills
Browse, import, SANGHA status
Audit
Filter, export CSV/JSON
Live
Real-time activity feed
Costs
Spend tracking, projections
Billing
Plan, invoices, portal
?
Show help
N
New agent
C
Open chat
K
Kill agent
R
Revive agent
A
Audit tab
S
Skills tab
L
Live feed
$
Costs tab
/
Focus search
Esc
Close modal
SSE streaming chat
Hold-to-kill ceremony
Snapshot timeline + diff
Exec approval dialogs
Dark/light theme toggle
Mobile optimized (iPhone)
๐๏ธ Architecture
Backend
FastAPI + Python 3.11
Frontend
Vanilla JS, single file
Deploy
Railway + GitHub Pages
API api.sammasuit.com
Dashboard sammasuit.com/dashboard.html
Docs sammasuit.com/getting-started.html
ClawHub clawhub.ai/OneZeroEight-ai/samma-suit
GitHub github.com/OneZeroEight-ai/samma-suit
Parent onezeroeight.ai
Discord discord.gg/4A6ExTnKnK