Summary

ZeroClaw added SLSA Build L3 provenance attestation to its release pipeline as part of a broader hardening push. The change strengthens supply-chain transparency for users evaluating agent frameworks in security-sensitive environments.

What changed

ZeroClaw PR #8277 added SLSA Build L3 provenance attestation to the project’s release pipeline.

Why it matters

AI agent runtimes are increasingly asked to execute tools, handle credentials, and run in production environments. Release provenance helps buyers and operators verify what they are installing and reduces supply-chain risk.

Evidence excerpt

Agents Radar listed PR #8277 as adding SLSA Build L3 provenance attestation and tied it to active supply-chain signing discussion in issue #8177.

Sources