Cryptographic authorization layer for OpenClaw AI agents.

SPA prevents prompt injection attacks by requiring signed envelopes for sensitive tool calls. Every gated action (file writes, shell commands, API calls, etc.) requires a cryptographically verified prompt signed by a registered key.