feat(hermes-attestation-guardian): v0.1.0 release hardening (verify gate + trust policy + .mjs scan context) (#200)

* feat(hermes-attestation-guardian): release v0.0.2 hardening

* docs(wiki): add v0.0.2 hardening update note

* docs: add Hermes support coverage to README and compatibility report

* fix(hermes-attestation-guardian): address baz review on crontab detection and doc dedup

* feat(wiki): add PR-200 skill feature/platform matrix

* docs(wiki): rewrite PR-200 matrix as narrative capability mapping

* docs(readme): add skill feature matrix with requested headers

* docs(readme): replace unknowns with mapped yes/no feature matrix

* docs: move NanoClaw and CI/CD details from README to wiki modules

* docs(readme): remove platform/suite sections and keep wiki module pointers

* docs(readme): refresh project structure to match current repo

* feat(hermes-attestation-guardian): add signed advisory feed verification pipeline

* feat(hermes-attestation-guardian): add advisory-gated guarded skill verification

* feat(hermes-attestation-guardian): add advisory scheduler helper and phase-3 parity docs

* docs(wiki): expand hermes attestation guardian capability coverage

* fix(pr-200): address Baz review findings across Hermes parity rollout

* test(sandbox): extend Hermes regression to cover feed, guarded verify, and advisory scheduler

* fix(pr-200): address Baz semver parsing and feed-state fallback visibility

* fix(ci): suppress shellcheck false positives in sandbox inline docker script

* fix(hermes-attestation-guardian): fail closed on unsupported advisory ranges

* fix(hermes-attestation-guardian): restore safe install verdict in sandbox

* fix(sandbox): capture guarded verify exit under set -e

* fix(semver): fail closed on malformed affected specifiers

* docs(readme): clarify hermes capability matrix wording

* refactor(feed): share signed artifact verification flow

* refactor(cron): share managed block helpers across setup scripts

* fix(feed): require checksum manifest artifacts when enabled

* chore(hermes-skill): relocate sandbox test, refresh docs, and add v0.1.0 release notes

* chore(docs): remove remaining hermes parity plan file

* chore(release): roll hermes-attestation-guardian to v0.1.0

* chore(release): remove standalone v0.1.0 release notes file

* docs(hermes): update README status to v0.1.0

---------

Co-authored-by: David Abutbul <David.a@prompt.security>

wiki/modules/nanoclaw-integration.md

@@ -6,6 +6,35 @@
 - Maintain host-side cached advisory state with TLS/signature enforcement and IPC-triggered refresh.
 - Protect critical NanoClaw files with baseline drift detection and hash-chained audit trails.
 
+## Platform Support Summary (migrated from README)
+
+ClawSec supports NanoClaw as a containerized WhatsApp-bot deployment model.
+
+### `clawsec-nanoclaw` skill scope
+- Location: `skills/clawsec-nanoclaw/`
+- 9 MCP tools for advisory checks, package-safety checks, signature verification, and integrity monitoring.
+- Automatic advisory feed refresh/caching on a recurring cadence.
+- Platform filtering for NanoClaw-relevant advisories.
+- IPC-based host/container communication model.
+
+### NanoClaw advisory coverage
+The feed and matching pipeline include NanoClaw-relevant terms:
+- `NanoClaw`
+- `WhatsApp-bot`
+- `baileys`
+
+Advisories can be explicitly platform-scoped via:
+- `platforms: ["nanoclaw"]`
+
+### Quick integration checklist
+1. Copy skill files to the NanoClaw deployment.
+2. Integrate MCP tools in the container runtime.
+3. Configure host IPC handlers and advisory cache service.
+4. Restart NanoClaw services.
+
+Install guide:
+- `skills/clawsec-nanoclaw/INSTALL.md`
+
 ## Key Files
 - `skills/clawsec-nanoclaw/skill.json`: NanoClaw package contract and MCP tool registry.
 - `skills/clawsec-nanoclaw/lib/signatures.ts`: secure fetch and Ed25519 verification primitives.