MoltGuard - Security & Antivirus & Guardrails

- Updated description and installation instructions to simplify setup; removed the restart step from installation. - Clarified terminology to refer to the user as "human" for more consistent documentation. - No code or functional changes—documentation update only.

- Updated to version 6.8.15. - Clarified language for configuring an API key and onboarding steps. - Improved instructions for enterprise enrollment, specifying use of the local script. - Removed mention of API keys working across multiple agents from the Plans table. - Minor language and formatting improvements for clarity.

- Enterprise onboarding instructions added, allowing managed device enrollment with private Core deployments. - New uninstall process: uses a script for complete cleanup, removing config, plugin files, and credentials. - Documentation refinements, including clearer separation for "human" and agent protection and expanded plan details. - Version updated from 6.7.23 to 6.8.14.

- Updated homepage link in metadata to point to the MoltGuard GitHub repository. - No functional or documentation changes outside the metadata update.

- Updated metadata homepage URL to https://www.moltguard.com - Clarified onboarding flow: plugin now gets API key from Core (removed “auto-registers with Core with agent name and description”) - No other content changes detected.

- Documentation streamlined for clarity; redundant sections and technical transparency details removed. - "Description" updated for brevity and directness, with a clear source link. - Metadata simplified by removing detailed permission, network, and behavioral fields. - Privacy, network access, and local storage sections cut for conciseness. - Language around agent registration and onboarding flow simplified for easier understanding. - All core usage, installation, and command references retained; audience guidance unchanged.

- Added new security notice: Users are advised to verify the source code and plugin registry before installing, as this skill instructs the installation of an external plugin. - Updated plugin description and metadata to highlight the use of external code and added a warning note. - Provided detailed verification steps for auditing the external plugin and network behavior. - Clarified commands that display sensitive data and advised caution in shared environments. - No changes to core installation, usage, or command structure.

- Added a new "Privacy & Security Transparency" section detailing network access, local storage, and command behaviors. - Declared explicit permissions, including network domain (`api.openguardrails.com`) and local storage directory for credentials. - Clarified first-run behavior: MoltGuard auto-registers with the Core API, saves credentials locally, and begins protection. - Stated that content hashes, not raw content or user data, are sent for security checks. - Updated metadata to accurately reflect permissions, storage, network calls, and command key exposure.

- Updated the homepage URL in metadata to https://moltguard.com. - Removed the GitHub Issues and Documentation links from the Contact & Support section; now only the support email remains.

- Clarified installation instructions for immediate activation after install. - Updated onboarding flow details to specify auto-registration with agent name and description. - Simplified API key configuration steps in command documentation. - Minor text tweaks for accuracy and readability.

- Documentation streamlined by removing sections on daily risk announcements, local data sanitization, and quota instructions. - Kept onboarding, commands, feature overview, and support sections clear and concise. - No functional or technical changes—documentation only.

- Added a new "Local Data Sanitization" section to document support for local sanitization and restoration of sensitive data during LLM calls. - Clarified that sensitive data stays on your machine and is never transmitted externally. - No other content or functional changes noted.

- Removed the file references/details.md. - No other changes to documentation or functionality in this release.

- Removed detailed instructions and messaging for what to do when quota is exceeded. - Now only refers users to configure a new API key via `/og_config` after upgrading their plan. - No functional or code changes; documentation update only.

- Changed the sample test file in the installation/test instructions from a hidden phishing attack file to a non-harmful test file: `test-email-popup.txt`. - Removed explicit instructions to notify the user when `<openguardrails-quota-exceeded>` tags appear, though quota information is still relayed. - No other content or functional changes detected.

- Major documentation rewrite: clear step-by-step install, test, and usage instructions. - Added specific sample test workflow to show immediate protection in action. - New guidance: how to announce risks and quota issues to users. - Expanded command reference section with explanations for each command. - Detailed onboarding flow, claim process, and plan comparison tables. - Added explicit update and uninstall instructions.

- Clarified architecture: this version documents that the ClawHub skill is for guidance only and **does not include any code or security functionality**. - Added a prominent section describing the distinction between this skill (documentation) and the actual npm package (`@openguardrails/moltguard`), which must be installed separately to get security protection. - Included a verification checklist to help users safely review and install the actual npm package. - Made security trust boundaries more explicit: reading/using this skill is low risk, installing the npm package requires a full security audit. - Installation instructions now direct users to install the npm package for real protection and explain how to verify its provenance and runtime behavior.

**Summary: v6.7.9 introduces a new "Trust Model & Threat Assumptions" section, clarifying what is and is not protected, and updates security best practices.** - Added an in-depth "Trust Model & Threat Assumptions" section, detailing security boundaries, trust requirements, and the threat model for MoltGuard users. - Provided explicit lists of what users must and do not need to trust, and clear tables on what is protected or not in different architectural boundaries. - Enhanced security guidance with updated recommendations for sandbox testing, production installation, and defense-in-depth practices. - Added new warnings and safety instructions to improve user understanding of MoltGuard's architecture and recommended deployment practices.

**Version 6.7.8 Changelog** - Updated documentation to clarify MoltGuard's hybrid architecture: now emphasizes local data sanitization before cloud-based security detection. - Added prominent warnings and a new "Quick Architecture Summary" table describing what data stays local and what leaves the machine. - Included a new "Read This Before Installing" section, with a checklist for transparency and trust decisions. - Enhanced guidance on package provenance, review steps, and verification for security-conscious users. - No changes to plugin code or runtime functionality; documentation only.

Version 6.7.7 - Added documentation for the AI Security Gateway: a local proxy for data sanitization of secrets and PII before LLM requests. - Clarified that the data sanitization gateway runs locally (localhost:38790), never sends data to OpenGuardrails, and only communicates with your LLM provider. - Included instructions for network verification to demonstrate that no sensitive data leaves your device via the gateway. - Provided detailed architecture and data flow diagrams illustrating how the AI Security Gateway sanitizes and restores sensitive data. - Emphasized that all gateway code is open source and fully auditable.