Sammā Suit
v0.1 — ALL 8 LAYERS ENFORCED • 84 TESTS PASSING

SAMMĀ SUIT

Security architecture for autonomous AI agents. Gateway protection, permissions, cost controls, audit trails, identity verification, skill vetting, process isolation, and kill switches — out of the box. Open source.

See the Sammā Suit → View on GitHub
THE PROBLEM

OpenClaw proved the demand.
Then it proved the danger.

100,000+ GitHub stars. 1.5M autonomous agents. And a security posture that one industry leader called "a dumpster fire."

CVE-2026-25253

1-Click Remote Code Execution

Control UI trusts gatewayUrl from query strings without validation. A single malicious link gives an attacker operator-level access to your gateway — disabling sandbox, modifying config, executing arbitrary code.

Source: DepthFirst / The Hacker News • Feb 2026
CLAWHAVOC CAMPAIGN

341 Malicious Skills

Koi Security found 335 skills delivering Atomic Stealer malware via fake utility tools. ClawHub's only barrier: a GitHub account one week old. Stolen: API keys, wallet keys, SSH credentials, browser passwords.

Source: Koi Security / The Hacker News • Feb 2026
COST OVERRUN

$20/Night While You Sleep

Heartbeat cron jobs sending 120,000 tokens of context per time check. $0.75 per check, 25 checks per night. Projected $750/month — just for reminders. No budget caps, no throttling, no alerts.

Source: Benjamin De Kraker / The Register • Feb 2026
ZERO GOVERNANCE

No Permissions, No Audit, No Rollback

One monolithic agent with full system access. No role separation, no activity logging, no state snapshots. If your agent goes rogue at 3 AM, you find out when the damage is done.

Source: Gartner, China NVDB, IBM • Feb 2026
"OpenClaw is a security dumpster fire."
— Laurie Voss, Head of DevRel at Arize, Founding CTO of npm Read the full technical analysis →
THE SAMMĀ SUIT
Sammā Suit Sentinel

Eight Layers of Right Protection.
Always on. Never optional.

All 8 layers enforced. v0.1 in production. 163 tests passing. Continuous hardening.

1

SUTRA

Gateway
Origin validation, TLS 1.3, WebSocket auth, rate limiting
⬡ Power Suit — base armor Enforced
2

DHARMA

Permissions
Role-based agent scoping — email ≠ shell ≠ browser ≠ files
⬡ Varia Suit — environmental protection Enforced
3

SANGHA

Skill Vetting
Allowlist-based skill gating with AST static analysis for dangerous imports
⬡ Gravity Suit — pressure resistance Enforced
4

KARMA

Cost Controls
Per-agent monthly budgets with hard ceiling, pre-call budget checks, spend tracking
⬡ Energy Tanks — resource management Enforced
5

SILA

Audit Trail
Full activity logging with token counts, cost tracking, and layer enforcement trace
⬡ Scan Visor — full awareness Enforced
6

METTA

Identity
Cryptographic agent signing, no spoofing, verified communication
⬡ Morph Ball — controlled transformation Enforced
7

BODHI

Isolation
Per-agent resource limits, subprocess sandboxing, egress allowlists with wildcard support
⬡ Screw Attack — offense + defense Enforced
8

NIRVANA

Recovery
State snapshots, 1-click rollback, kill switch with auto-snapshot on termination
⬡ Reserve Tank — last resort Enforced
USE IT YOUR WAY

Three ways to deploy.
Same eight layers.

Drop it into your existing stack, run it standalone, or let us handle everything.

🔌

OpenClaw Plugin

Already using OpenClaw? Add Sammā Suit as a plugin.
openclaw plugins install samma-suit

Adds governance layers (budget, permissions, audit, kill switch) to your existing deployment. SANGHA, KARMA, DHARMA, SILA, METTA, BODHI, and NIRVANA — as OpenClaw lifecycle hooks.

✓ Verified compatible: openclaw plugins doctor
Plugin docs → View on ClawHub →
🛡️

Standalone Platform

Full security stack. Gateway to kill switch.

Everything the plugin does, plus: SUTRA gateway protection, managed dashboard, skill marketplace, hosted infrastructure, and Stripe billing.

pip install samma-suit
Quick start →
🇮🇸

Managed Hosting

We run it for you. Iceland.

All 8 layers managed. GDPR jurisdiction. Geothermal powered. Outside US CLOUD Act reach. Dashboard, alerts, and support included.

COMING SOON — JOIN WAITLIST
info@sammasuit.com →

Built by OneZeroEight.ai — 16 AI agents in production. We built Sammā Suit because we needed it.

See it in action

2 minutes. All 8 layers. Live production.

PRICING

Choose your armor tier.

Every tier includes the full Sammā Suit. Pay for scale, not security.

FREE / OSS
$0
forever
  • Open-source Sammā Suit SDK
  • Eight-layer reference implementation
  • Community support
  • Self-managed infrastructure
View on GitHub
PRO
$29/mo
per instance
🇮🇸 Hosted in Iceland • GDPR protected • 100% renewable energy
  • Managed Sammā Suit (all 8 layers)
  • Allowlist-based skill gating
  • Bring Your Own Key (BYOK)
  • Custom budget ceiling per agent
  • Cost control dashboard
  • Audit log viewer + alerts
  • Up to 5 agents
  • Email support
Get Started
TEAM
$99/mo
per workspace
🇮🇸 Hosted in Iceland • GDPR protected • 100% renewable energy
  • Everything in Pro
  • Bring Your Own Key (BYOK)
  • Custom budget ceiling per agent
  • Shared governance policies
  • Centralized admin dashboard
  • Up to 25 agents
  • Priority support
Get Started
ENTERPRISE
Custom
talk to us
  • Everything in Team
  • SSO / SAML
  • Compliance reporting
  • Custom policy engines
  • Unlimited agents
  • Dedicated SLA
Talk to Sales

Pro and Team plans support Bring Your Own Key (BYOK) — use your own Anthropic API key for full spend control.

Open source.
Built-in protection.

The Sammā Suit SDK is free and open source. Deploy it your way.

View on GitHub Join the Discord

Mega Cheatsheet

Every endpoint, layer, shortcut, and config — one page.

Sammā Suit Cheatsheet
Click to expand ↓