CiscoCiscoDefenseClaw

Command generator

Build a non-interactive `defenseclaw setup guardrail` command for any connector. Pick mode, scanner backend, detection strategy, rule pack, HITL behaviour, and every advanced knob; copy the result straight into your terminal or CI pipeline.

defenseclaw setup guardrail is fully scriptable — every prompt in the interactive wizard has a flag, with three documented exceptions. The generator below lets you build the exact --non-interactive invocation for any connector without leaving the docs. Pick the knobs; the command rewrites itself live; the Notes & validation panel flags combinations that won't behave the way you expect (e.g. HITL in observe mode, remote scanner with no Cisco endpoint, connectors that can't fail closed).

Generated commands are display-only. Nothing on this page runs against your machine — copy the result and paste it into the terminal of whichever host you operate.

Connector

Pick the agent framework.

Mode

observe logs without blocking. action enforces on configured severities.

Scanner backend

local is zero-key bundled regex. remote calls Cisco AI Defense. both runs the union.

Detection strategy

regex_only is the zero-key default. The judge variants need an LLM key.

Rule pack

Rule packs only apply when --mode is action.

Human-in-the-Loop (HITL)

HITL only fires in action mode. Switch above to enable.

Claude Code HITL: Claude Code supports native PreToolUse ask prompts. CRITICAL findings still block; HIGH findings can pause for approval.

Advanced

Knobs most operators leave untouched.

defenseclaw setup guardrail — Claude Code / observe
defenseclaw setup guardrail \
  --non-interactive \
  --connector claudecode \
  --mode observe \
  --scanner-mode local \
  --detection-strategy regex_only

Notes & validation

No warnings. The command above should run cleanly with the connector and flags selected.

Claude Code capabilities

Family
hooks
Scope
user
Tool inspection
pre-execution + response-scan
Subprocess policy
sandbox
Native ask
yes
Fail-closed
supported

See /docs/connectors/claudecode for the full per-connector guide.

What the generator covers

Connector picker

All nine first-class connectors — proxy (OpenClaw, ZeptoClaw) and hooks (Claude Code, Codex, Cursor, Windsurf, Gemini CLI, GitHub Copilot CLI, Hermes). Each card surfaces whether the connector supports native ask and fail-closed enforcement so HITL decisions are informed.

Mode + scanner backend

--mode (observe / action) and --scanner-mode (local / remote / both). Picking remote or both surfaces the Cisco endpoint, API key env var, and timeout fields, and emits a placeholder export so you remember to set the key.

Detection strategy + judge

--detection-strategy (regex_only / regex_judge / judge_first). Switching off regex_only opens the judge model, judge API base, and judge API key env var inputs and adds the matching export line to the generated script.

Rule pack

--rule-pack (default / strict / permissive). Locked to action mode so the disabled state matches the CLI semantics.

HITL

--human-approval + --hilt-min-severity (critical / high / medium / low). Disabled in observe mode. The connector card explains whether the prompt fires natively inside the agent UI or downgrades to a defenseclaw tui confirm.

Advanced knobs

--port, --block-message, --disable-redaction, --restart / --no-restart, --verify / --no-verify. The disable-redaction toggle emits a prominent warning so you don't ship un-redacted prompts to external sinks by accident.

Conventions the generator follows

  1. --non-interactive is always emitted — the whole point of this page is producing a flag-driven command. Drop the flag if you want the wizard to prompt for anything the generator left blank.
  2. defenseclaw setup guardrail is always the verb. The hook-only aliases (defenseclaw setup claude-code, etc.) only configure observability and accept a much smaller flag surface; the guardrail verb works for all nine connectors and is the path documented for CI.
  3. Values containing whitespace or shell metacharacters are POSIX-quoted. Single quotes wrap any token outside the safe alphanumeric + _./:@- allow-list, with the standard '\'' escape for embedded apostrophes. Copy-paste into bash, zsh, dash, or fish (interactive mode) without surprises.
  4. Conflicting choices surface as warnings, not errors. The generator never refuses to build a command — if you ask for --human-approval in observe mode, the flag is omitted (matching CLI behaviour) and a note explains why. Mistakes you should think about live in the Notes & validation panel.

defenseclaw setup guardrail

The narrative reference for every flag, including the three interactive-only prompts.

HITL

Per-connector native-ask vs downgraded-confirm matrix and the decision flow.

Capability matrix

Connector × capability comparison the generator reads from at build time.

CLI commands

Full CLI surface — first run, setup, audit, scanning, gateway control, status.

Overview

DefenseClaw is the Cisco governance layer for AI coding agents — scan capabilities before they run, inspect runtime traffic, and export durable audit evidence across nine first-class connectors.

What is DefenseClaw?

A 60-second pitch — DefenseClaw is the Cisco governance layer that wraps every AI coding agent (Claude Code, Codex, Cursor, OpenClaw, and more) with policy, audit, and human-in-the-loop approvals.