Summary
ZeroClaw added SLSA Build L3 provenance attestation to its release pipeline as part of a broader hardening push. The change strengthens supply-chain transparency for users evaluating agent frameworks in security-sensitive environments.
What changed
ZeroClaw PR #8277 added SLSA Build L3 provenance attestation to the project’s release pipeline.
Why it matters
AI agent runtimes are increasingly asked to execute tools, handle credentials, and run in production environments. Release provenance helps buyers and operators verify what they are installing and reduces supply-chain risk.
Evidence excerpt
Agents Radar listed PR #8277 as adding SLSA Build L3 provenance attestation and tied it to active supply-chain signing discussion in issue #8177.