CiscoCiscoDefenseClaw

Overview

DefenseClaw is the Cisco governance layer for AI coding agents — scan capabilities before they run, inspect runtime traffic, and export durable audit evidence across nine first-class connectors.

DefenseClaw is the Cisco governance layer for AI coding agents. It enforces one rule: untrusted agent capabilities are scanned, governed, logged, and blocked when policy says they are unsafe.

Quickstart in 5 minutes

Install, pick a connector, watch a guardrail block a destructive command.

Setup Guardrail

The central command. Modes, scanner backends, rule packs, judge, HITL.

Capability Matrix

Which connectors can block, which can ask, which support fail-closed.

Stories

Concrete walkthroughs — stop rm -rf on Claude Code, catch prompt injection on Codex, and more.

Three jobs, one runtime

GovernInspectProve
Skills, MCP servers, plugins, and generated code before they runPrompts, completions, tool calls, and sandbox activity at runtimeSQLite audit history, JSONL, OTLP, Splunk, webhooks, and TUI views

DefenseClaw combines a Python operator CLI, a Go gateway sidecar, and an OpenClaw TypeScript plugin. The CLI configures and inspects; the gateway runs the data path; the plugin wires the loop closed inside OpenClaw.

Architecture

setup · approve · audit
Agent runtimeClaude · Codex ·OpenClaw · ...
Connectorproxy or hooks
defenseclaw-gatewayGo sidecar
Policy + Scanners+ optional LLM Judge
SQLite + JSONL
OTLP · Splunk · Webhooks
OperatorCLI · TUI · HITL
DefenseClaw spans three runtimes — Python CLI, Go gateway sidecar, OpenClaw plugin — and exposes one enforcement contract per connector.

What's in the box

9 connectors

OpenClaw, ZeptoClaw, Claude Code, Codex, Hermes, Cursor, Windsurf, Gemini CLI, GitHub Copilot CLI.

Observe → Action → HITL

Three operating modes that compose. Start safe, earn enforcement, escalate to a human only when needed.

OpenClaw integration

The reference proxy connector. Fetch interceptor, before_tool_call hook, plugin-mediated approvals.

Reference

CLI commands, gateway API, configuration files, environment variables.

Scope and limitations

DefenseClaw improves safety by combining scanner results, runtime inspection, policy decisions, sandbox controls, and audit trails. It does not prove that an agent, skill, plugin, or model interaction is risk-free.

High-risk deployments should pair DefenseClaw with human review, least-privilege credentials, sandboxing, CI gates, and production monitoring. In observe mode, findings are logged without blocking. In action mode, configured HIGH and CRITICAL findings can block prompts, tool calls, or component admission.

What is DefenseClaw?

A 60-second pitch — DefenseClaw is the Cisco governance layer that wraps every AI coding agent (Claude Code, Codex, Cursor, OpenClaw, and more) with policy, audit, and human-in-the-loop approvals.