Install
Install DefenseClaw with curl on macOS/Linux, PowerShell on Windows, or build it from source. Pins Python 3.10+ and Go 1.26+ for source builds.
DefenseClaw ships pre-built binaries for macOS, Linux, and Windows. The macOS/Linux installer drops the defenseclaw CLI and defenseclaw-gateway sidecar into ~/.local/bin/, creates ~/.defenseclaw/, and sets up a virtualenv under ~/.defenseclaw/.venv/. The Windows installer uses the same per-user layout under %USERPROFILE%: defenseclaw-gateway.exe plus a defenseclaw.cmd CLI shim in %USERPROFILE%\.local\bin, with the virtualenv under %USERPROFILE%\.defenseclaw\.venv.
Installing as root is supported but discouraged — DefenseClaw is per-user by design so each operator's audit DB and connector state stays isolated.
Prerequisites
| Requirement | Version |
|---|---|
| Python | 3.10+ for source builds; Windows installer manages Python 3.12 through uv |
| Go | 1.26.2+ (only for source builds) |
| Node.js | 18+ (only for the OpenClaw plugin, source builds) |
| PowerShell | Windows PowerShell 5.1+ or PowerShell 7+ for the Windows installer |
| Docker | Optional, for local observability and Splunk bundles |
What's bundled (LLM backends)
The base install ships everything DefenseClaw needs to talk to the major LLM backends out of the box:
| Backend | Status | Notes |
|---|---|---|
| OpenAI / Anthropic / generic OpenAI-compatible | bundled | LiteLLM, the default LLM transport, is a base dependency. |
| AWS Bedrock | bundled | boto3 ships in [project].dependencies so SigV4, IAM credential modes, and Anthropic-on-Bedrock bearer tokens work without a follow-up pip install. |
| Google Vertex AI | opt-in extra | The Vertex SDK pulls ~286 MB of transitive deps (BigQuery, Cloud Storage, gRPC, protobuf). Install when you need it: pip install 'defenseclaw[vertex]'. The gateway falls back to LiteLLM's REST transport when the SDK is absent, so basic Vertex calls still work — only service-account / workload-identity auth needs the SDK. |
| Azure OpenAI | bundled | Routed via LiteLLM's azure_openai adapter. |
| Self-hosted / internal endpoints | bundled | Configure via defenseclaw setup provider add → see Unified LLM key → Custom providers. |
Pick an install path
VERSION=0.8.3
INSTALL_URL="https://raw.githubusercontent.com/cisco-ai-defense/defenseclaw/${VERSION}/scripts/install.sh"
curl -LsSf "$INSTALL_URL" | VERSION="$VERSION" bash
defenseclaw initThe installer fetches the latest release for your platform, drops the binaries into ~/.local/bin/, and writes nothing else — it does not configure DefenseClaw. The follow-up defenseclaw init does that interactively. For an existing installation, use defenseclaw upgrade so DefenseClaw verifies release artifacts, backs up operator state, applies release-owned schema migrations, restarts the gateway, and checks health. Re-running the curl installer replaces the installed artifacts but does not provide that complete upgrade transaction.
If you'd rather skip the wizard entirely (CI, scripted demos), use the zero-prompt sibling instead:
defenseclaw quickstart --connector codex$Version = "0.8.3"
$InstallUrl = "https://raw.githubusercontent.com/cisco-ai-defense/defenseclaw/$Version/scripts/install.ps1"
& ([scriptblock]::Create((irm $InstallUrl))) -Version $Version
defenseclaw initThe PowerShell installer downloads the Windows release ZIP for your architecture, verifies it against the release checksums, installs defenseclaw-gateway.exe, creates the CLI shim, and adds %USERPROFILE%\.local\bin to the user PATH. It also installs uv when needed so the Python CLI can run from the per-user virtualenv.
For non-interactive demos or CI, download the script and pass flags directly:
$Version = "0.8.3"
$InstallUrl = "https://raw.githubusercontent.com/cisco-ai-defense/defenseclaw/$Version/scripts/install.ps1"
& ([scriptblock]::Create((irm $InstallUrl))) -Version $Version -Connector codex -Quickstart -Yesgit clone https://github.com/cisco-ai-defense/defenseclaw.git
cd defenseclaw
make all
defenseclaw initmake all runs the Python install, builds the Go gateway, builds the OpenClaw plugin, and runs a quick smoke test. The artifacts land in bin/ and on your PATH. Then defenseclaw init walks you through the first-run setup (or run defenseclaw quickstart --connector <x> for the zero-prompt path).
What the install creates
On Windows, read the same tree under %USERPROFILE%: %USERPROFILE%\.defenseclaw\ for config, audit state, hooks, and the virtualenv; %USERPROFILE%\.local\bin\ for defenseclaw.cmd and defenseclaw-gateway.exe.
Verify
defenseclaw --version
defenseclaw doctordoctor runs a full health check: it walks the config, pings the gateway, reports each active connector (one per-connector block on a multi-connector install), surfaces missing API keys, and prints a remediation hint for every red row.
Uninstall
defenseclaw uninstall # reversible — keeps ~/.defenseclaw/ and binaries
defenseclaw uninstall --all # also delete ~/.defenseclaw/ (audit log, config, secrets)
defenseclaw uninstall --binaries # also remove ~/.local/bin/defenseclaw{,-gateway}
defenseclaw uninstall --all --binaries --yes # full nuke, no confirm promptThe default tears down connector integrations (restores ~/.codex/config.toml, ~/.claude/settings.json, etc. from byte-for-byte backups) but leaves ~/.defenseclaw/ and the installed binaries on disk so a subsequent defenseclaw setup guardrail can pick up where you left off. Use --all and/or --binaries to make the removal total. --dry-run previews the plan.
Next
What is DefenseClaw?
A 60-second pitch — DefenseClaw is the Cisco governance layer that wraps every AI coding agent (Claude Code, Codex, Cursor, OpenClaw, and more) with policy, audit, and human-in-the-loop approvals.
Upgrade DefenseClaw
Safely upgrade DefenseClaw with verified artifacts, automatic schema migrations, backups, health checks, and durable OTel destination conversion.