Install provenance and traffic safety.

Wraith asks developers to install a local binary and record API traffic. That makes provenance, scrubbing, and explicit boundaries part of the product, not afterthoughts.

Installer provenance

• Release source Public release assets are downloaded from bobisme/wraith-releases.
• Checksum verification The installer verifies the SHA-256 checksum before installing the binary.
• Version pinning Use `WRAITH_VERSION` to install a specific public release.

Traffic handling

Wraith records through a local proxy and applies scrub rules before writing WREC files. Header redaction, body pattern matching, and per-twin custom rules are the first line of defense. Review recordings before committing or sharing them.

Control-plane endpoints

Recording and serving modes expose local `__wraith` control endpoints for health, readiness, sessions, traces, and related operations. Keep local twins bound to development networks unless you have intentionally configured otherwise.

Current limits

This is not a SOC 2 trust center, a hosted API gateway, or production traffic replay infrastructure. Wraith is local-first service virtualization for development, tests, demos, and agent environments.