Show HN: Claw Patrol, a security firewall for agents

(github.com)

41 points by rough-sea2 days ago

8 comments

radku28 minutes ago
Nice work shipping this.Disclosure: author of a related tool here. I have create agent-vault-proxy for a very similar reason. It also can help keep credentials out of the agent process. The agent gets a placeholder, the proxy swaps in the real secret in transit.I read them as complementary: action firewall in front, credential broker behind. <a href="https://github.com/inflightsec/agent-vault-proxy" rel="nofollow">https://github.com/inflightsec/agent-vault-proxy</a>
- undefined_void20 minutes ago
 [dead]
varmabudharaju50 minutes ago
This is very interesting. I build something like this but native to claude code and something that focus on just logging the violation. My question is if you are terminating a process with in the workflow will that about all other things that executed before. anyway would love your feed back on this <a href="https://github.com/varmabudharaju/agent-pd" rel="nofollow">https://github.com/varmabudharaju/agent-pd</a>
- undefined_void25 minutes ago
 claw patrol runs on the network level. There’s no process being terminated - HTTP/SQL/etc are rejected based on rules that you define. it’s resilient to the agent making changes to its own hooks or bypassing a local sandbox.
- varmabudharaju50 minutes ago
 *abort
Apylon7772 days ago
This is a really cool library to look at even if you aren't running openclaw directly.Lots of good concepts to seek inspiration from.1. process-scoped egress policy2. policy-as-code3. explicit approval classes4. normalized network/ guardrail receipts.5. structured guardrail outcomes6. centralized decision rules
- rough-sea1 day ago
 Thanks! Don't forget wire level protocol parsing - this is important because agents usually can spawn subprocesses and if they have postgres credentials, you're just one psql call away from disaster if you only have MCP/HTTP proxies in place.
Jayakumark1 hour ago
How will credentials be injected via Gateway for each user ? If we have 5 users with one gateway, how it knows whose github credential to inject ?
- rough-sea1 hour ago
 You can define different profiles that are associated with different credentials. Take a look here <a href="https://clawpatrol.dev/docs/credentials/#single-credential-the-common-case" rel="nofollow">https://clawpatrol.dev/docs/credentials/#single-credential-t...</a>
dhavd22 minutes ago
I did this
pavelpilyak2 days ago
Neat! Reading the docs - it's default-allow and ships with no rules? Any plans for a default rule set?
- rough-sea1 day ago
 Yes default allow and no rules by default. Some sort of default policy would be a great feature - I've been considering it. No one wants agents to DROP tables.We have a big and detailed config file for our own internal use - but reluctant to release that exactly because it has information about our systems.There's an example config file here that might be helpful <a href="https://github.com/denoland/clawpatrol/blob/main/examples/gateway.example.hcl" rel="nofollow">https://github.com/denoland/clawpatrol/blob/main/examples/ga...</a> - we use agents to write the config by pointing it at <a href="https://clawpatrol.dev/llms-full.txt" rel="nofollow">https://clawpatrol.dev/llms-full.txt</a>
Hans_Cui5 hours ago
really interesting work! i am curious how you handle rule configuration for different protocols such as Postgres or ssh. Thanks for open-sourcing it under MIT.
- rough-sea1 hour ago
 There's a plugin API <a href="https://clawpatrol.dev/docs/plugins/" rel="nofollow">https://clawpatrol.dev/docs/plugins/</a>
oneclickclaw5 hours ago
[flagged]