Crawdad is a small security program that runs on your machine. It sits between your AI agents and the upstream LLMs and inspects every request through a 7-layer detection pipeline before it's forwarded. Only signed metering packets (Ed25519-signed, content-free) transmit upstream. Raw prompts, responses, and action parameters stay on your machine by default — enforced by architecture, not policy.
Catches direct and indirect injection before the LLM sees the request.
Scans outbound responses for API keys, secrets, internal URLs, and 15 PII categories.
Every decision recorded locally in a SHA-256 Merkle-chained, Ed25519-signed audit trail.
Cmd+Space, type "Terminal", press Enter./usr/local/bin/crawdad-sidecar and registers a LaunchAgent that starts automatically at login.http://localhost:7750. Click Run Test Battery to verify the detection pipeline.Apple Silicon (ARM64) ships full ML detection — the sidecar downloads the model and libonnxruntime in the background after install, then activates on the next restart. Reproducible score: 99.80% detection / 0.09% FP (1/1,172) on the open 497-attack / 1,172-negative benchmark. Intel Macs run pattern-only because upstream ONNX Runtime has no 1.24+ x86_64-apple-darwin wheel. Full notes at Getting Started.
sudo once to register the systemd user unit at /etc/systemd/system/crawdad-sidecar.service.http://localhost:7750. Click Run Test Battery to verify detection.Linux x86_64 and Linux ARM64 both ship full ML detection — the sidecar auto-fetches the platform-specific libonnxruntime 1.24.4 tarball along with the model on first run, then activates ML on the next restart. Reproducible score: 99.80% detection / 0.09% FP (1/1,172) on the open 497-attack / 1,172-negative benchmark.
Or download the signed binary directly:
Windows is not yet supported as a native target and is tracked for a future release.
The recommended path for Windows users is WSL (Windows Subsystem for Linux), which runs the full Linux binary with ML detection:
Open the local dashboard at http://localhost:7750 to see every request inspected, per-layer decisions, and the continuous red team trend. Or see the cloud dashboard for fleet and billing views.