Your data, your rules
ERPClaw is designed from the ground up with a security-first architecture. Self-hosted, zero network access, and a complete immutable audit trail.
Security Principles
Self-Hosted by Default
Your ERP runs on your infrastructure. No data ever leaves your network. No cloud dependency, no vendor lock-in, no third-party access.
Zero Network Access
ERPClaw skills make no outbound network calls. No telemetry, no analytics, no phone-home. Your data stays exactly where you put it.
Immutable Audit Trail
General ledger and stock ledger entries are never modified or deleted. Cancellations create reversal entries, preserving a complete audit history.
SQL Injection Safe
Every database query uses parameterized statements. No string interpolation, no dynamic SQL construction, no injection surface.
No Credentials Required
ERPClaw uses only Python standard library modules (sqlite3, json, decimal, uuid). No API keys, no OAuth tokens, no secrets to manage.
Atomic Transactions
Every submit operation (GL posting, stock movement, invoice) runs in a single SQLite transaction. Any failure triggers a full rollback.
How It Works
Single-File Database
All data lives in one SQLite file (~/.openclaw/erpclaw/data.sqlite). Backup is copying a file. No database servers to secure, patch, or monitor.
WAL Mode Isolation
SQLite Write-Ahead Logging provides read/write concurrency without locking. Foreign key constraints enforced at the database level.
Decimal Precision
All financial amounts stored as TEXT and processed through Python's Decimal library with ROUND_HALF_UP. No floating-point rounding errors.
Open Source
Full source code available for audit. No obfuscation, no proprietary components. Review every line of code that touches your financial data.
ERPClaw OS: AI Safety Built In
18 Constitutional Articles
Every operation is governed by 18 inviolable articles. Financial integrity, double-entry enforcement, immutable ledgers, and data ownership rules that cannot be overridden -- not even by the AI itself. 153 automated tests verify compliance.
11 Protected Financial Files
The DGM (Deterministic Generation Model) has a hard-coded exclusion list of 11 financial files that can NEVER be modified by the AI. gl_posting.py, stock_posting.py, tax_calculation.py, and other core financial logic are permanently protected.
23 Invariant Checks Per Batch
Every transaction batch is validated against 23 invariant checks: GL double-entry balance, voucher balance, immutability verification, and cross-table consistency. Failures block the entire batch.
Tier Classification System
Modules are classified into 4 tiers (0-3) based on deployment autonomy. Tier 0 (financial core) requires manual approval for any change. Tier 3 (low-risk utilities) can be autonomously updated. The classification itself is immutable.
ERPClaw vs. Cloud ERP Security
| Aspect | ERPClaw | Cloud ERPs |
|---|---|---|
| Data location | Your server, your network | Vendor's cloud |
| Network calls | Zero (no internet required) | Constant (SaaS model) |
| Audit trail | Immutable, append-only | Vendor-managed logs |
| Source code | Fully open (open source) | Proprietary, closed |
| Vendor access | None | Admin access to your data |
| Encryption | Your choice (disk/network) | Vendor-managed keys |
| Compliance | You control everything | Shared responsibility |
Audit it yourself
Every line of code is open source. Review our security model, run your own penetration tests, and deploy with confidence.
Related: see the test surface at quality, install steps at core docs, or pricing posture at pricing.
View Source Code