backbay-labs · bb-connor · Mar 4, 2026 · Mar 4, 2026 · Mar 4, 2026 · Mar 4, 2026
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -82,7 +82,7 @@ clawdstrike check --action-type file --ruleset strict ~/.ssh/id_rsa
 - **Receipt** - Ed25519-signed attestation of decision, policy, and evidence
 - **HushEngine** - Facade orchestrating guards and signing
 
-### Built-in Guards (12)
+### Built-in Guards (13)
 
 1. `ForbiddenPathGuard` - Blocks sensitive filesystem paths
 2. `PathAllowlistGuard` - Allowlist-based path access control
@@ -96,11 +96,12 @@ clawdstrike check --action-type file --ruleset strict ~/.ssh/id_rsa
 10. `ComputerUseGuard` - Controls CUA actions for remote desktop sessions
 11. `RemoteDesktopSideChannelGuard` - Side-channel controls for clipboard, audio, drive mapping, file transfer
 12. `InputInjectionCapabilityGuard` - Restricts input injection capabilities in CUA environments
+13. `SpiderSenseGuard` - Hierarchical threat screening (Yu et al. 2026): embedding-based cosine similarity + optional LLM deep path
 
 ### Policy System
 
 Policies are YAML files with schema version 1.2.0 (backward-compatible with 1.1.0). They support inheritance via `extends`:
-- Built-in rulesets: `permissive`, `default`, `strict`, `ai-agent`, `cicd`, `ai-agent-posture`, `remote-desktop`, `remote-desktop-permissive`, `remote-desktop-strict`
+- Built-in rulesets: `permissive`, `default`, `strict`, `ai-agent`, `cicd`, `ai-agent-posture`, `remote-desktop`, `remote-desktop-permissive`, `remote-desktop-strict`, `spider-sense`
 - Local file references
 - Remote URLs
 - Git refs

diff --git a/README.md b/README.md
@@ -602,7 +602,7 @@ Composable, policy-driven security checks at the tool boundary. Each guard handl
 | **JailbreakGuard**                     | 4-layer detection engine with session aggregation (see below)                                                                                                                              |
 | **ComputerUseGuard**                   | Controls CUA actions: remote sessions, clipboard, input injection, file transfer                                                                                                           |
 | **ShellCommandGuard**                  | Blocks dangerous shell commands before execution                                                                                                                                           |
-| **SpiderSenseGuard**&nbsp;<sup>β</sup> | Hierarchical threat screening adapted from [Yu et al. 2026](https://arxiv.org/abs/2602.05386): fast vector similarity resolves known patterns, optional LLM escalation for ambiguous cases |
+| **SpiderSenseGuard** | Hierarchical threat screening adapted from [Yu et al. 2026](https://arxiv.org/abs/2602.05386): fast vector similarity resolves known patterns, optional LLM escalation for ambiguous cases |
 
 ---
 
@@ -619,7 +619,7 @@ Clawdstrike policies are versioned, deterministic policy-as-code artifacts desig
 | **Posture state machine** | `1.2.0+` posture states, budgets, and transitions for runtime containment/escalation flows |
 | **Fail-closed runtime semantics** | Load or evaluation ambiguity resolves to deny rather than implicit allow |
 
-Built-in rulesets: `permissive` | `default` | `strict` | `ai-agent` | `ai-agent-posture` | `cicd` | `remote-desktop` | `remote-desktop-permissive` | `remote-desktop-strict`
+Built-in rulesets: `permissive` | `default` | `strict` | `ai-agent` | `ai-agent-posture` | `cicd` | `remote-desktop` | `remote-desktop-permissive` | `remote-desktop-strict` | `spider-sense`
 
 Operational policy loop:
 

diff --git a/crates/libs/clawdstrike/Cargo.toml b/crates/libs/clawdstrike/Cargo.toml
@@ -92,7 +92,6 @@ full = [
 ]
 ipfs = ["full"]
 llm-judge-openai = ["full"]
-clawdstrike-spider-sense = ["full"]
 wasm-plugin-runtime = ["full", "dep:wasmtime"]
 
 [lints]

diff --git a/crates/libs/clawdstrike/src/async_guards/registry.rs b/crates/libs/clawdstrike/src/async_guards/registry.rs
@@ -2,11 +2,9 @@ use std::sync::Arc;
 use std::time::Duration;
 
 use crate::async_guards::threat_intel::{
-    SafeBrowsingGuard, SafeBrowsingPolicyConfig, SnykGuard, SnykPolicyConfig, VirusTotalGuard,
-    VirusTotalPolicyConfig,
+    SafeBrowsingGuard, SafeBrowsingPolicyConfig, SnykGuard, SnykPolicyConfig, SpiderSenseGuard,
+    SpiderSensePolicyConfig, VirusTotalGuard, VirusTotalPolicyConfig,
 };
-#[cfg(feature = "clawdstrike-spider-sense")]
-use crate::async_guards::threat_intel::{SpiderSenseGuard, SpiderSensePolicyConfig};
 use crate::async_guards::types::{
     AsyncGuard, AsyncGuardConfig, CircuitBreakerConfig, RateLimitConfig, RetryConfig,
 };
@@ -24,6 +22,21 @@ const DEFAULT_CACHE_MAX_SIZE_MB: u64 = 64;
 pub fn build_async_guards(policy: &Policy) -> Result<Vec<Arc<dyn AsyncGuard>>> {
     let mut out: Vec<Arc<dyn AsyncGuard>> = Vec::new();
 
+    // First-class spider_sense field.
+    if let Some(ref ss_cfg) = policy.guards.spider_sense {
+        let async_cfg = async_config_for_spec(ss_cfg.async_config.as_ref())?;
+        // Resolve env-var placeholders (${VAR}) in the config, matching the
+        // guards.custom path which calls resolve_placeholders_in_json.
+        let json = serde_json::to_value(ss_cfg)
+            .map_err(|e| Error::ConfigError(format!("spider-sense serialize: {e}")))?;
+        let resolved = resolve_placeholders_in_json(json)?;
+        let resolved_cfg: SpiderSensePolicyConfig = serde_json::from_value(resolved)
+            .map_err(|e| Error::ConfigError(format!("spider-sense deserialize: {e}")))?;
+        let guard = SpiderSenseGuard::new(resolved_cfg, async_cfg)
+            .map_err(|e| Error::ConfigError(format!("spider-sense init: {e}")))?;
+        out.push(Arc::new(guard));
+    }
+
     for spec in &policy.guards.custom {
         if !spec.enabled {
             continue;
@@ -52,8 +65,11 @@ fn build_guard(spec: &CustomGuardSpec) -> Result<Arc<dyn AsyncGuard>> {
             let typed: SnykPolicyConfig = serde_json::from_value(config)?;
             Ok(Arc::new(SnykGuard::new(typed, async_cfg)))
         }
-        #[cfg(feature = "clawdstrike-spider-sense")]
         "clawdstrike-spider-sense" => {
+            tracing::warn!(
+                "guards.custom[package=\"clawdstrike-spider-sense\"] is deprecated; \
+                 use guards.spider_sense instead"
+            );
             let typed: SpiderSensePolicyConfig = serde_json::from_value(config)?;
             let guard = SpiderSenseGuard::new(typed, async_cfg)
                 .map_err(|e| Error::ConfigError(format!("spider-sense init: {e}")))?;

diff --git a/crates/libs/clawdstrike/src/async_guards/threat_intel/mod.rs b/crates/libs/clawdstrike/src/async_guards/threat_intel/mod.rs
@@ -1,13 +1,9 @@
 pub mod safe_browsing;
 pub mod snyk;
-pub mod virustotal;
-
-#[cfg(feature = "clawdstrike-spider-sense")]
 pub mod spider_sense;
+pub mod virustotal;
 
 pub use safe_browsing::{SafeBrowsingGuard, SafeBrowsingPolicyConfig};
 pub use snyk::{SnykGuard, SnykPolicyConfig};
-pub use virustotal::{VirusTotalGuard, VirusTotalPolicyConfig};
-
-#[cfg(feature = "clawdstrike-spider-sense")]
 pub use spider_sense::{SpiderSenseGuard, SpiderSensePolicyConfig};
+pub use virustotal::{VirusTotalGuard, VirusTotalPolicyConfig};