CiscoCiscoDefenseClaw
Get Started

What is DefenseClaw?

A 60-second pitch — DefenseClaw is the Cisco governance layer that wraps every AI coding agent (Claude Code, Codex, Cursor, OpenClaw, and more) with policy, audit, and human-in-the-loop approvals.

DefenseClaw is the enforcement and evidence layer for AI coding agents. It sits between your agent (Claude Code, Codex, Cursor, OpenClaw, ...) and the rest of the world, and answers three questions for you, by default:

  1. What is this agent allowed to do? Skills, MCP servers, plugins, and generated code are scanned before they run.
  2. What is the agent doing right now? Prompts, completions, tool calls, and sandbox activity are inspected at runtime.
  3. What did the agent do? Every decision lands in an SQLite audit DB and your existing telemetry sinks (OTLP, Splunk, webhooks).

Three modes, one command

Observe

Log everything, block nothing. Use this for the first week.

Action

Block on HIGH and CRITICAL. CRITICAL always wins.

HITL

Pause risky actions for a human. Native ask on Claude Code, Cursor, Copilot CLI, OpenClaw; downgraded confirm elsewhere.

Why a separate sidecar?

Inserting an inspection step inside the agent process means every agent has to grow its own copy. DefenseClaw moves the inspection out of the agent and into a single Go sidecar (defenseclaw-gateway), so:

  • The agent does not need to be modified — connectors are written for the agent (Claude Code's hooks, Codex's config.toml, Cursor's hooks.json, OpenClaw's plugin).
  • One audit log covers every agent the operator runs.
  • One policy file serves every connector — there is exactly one ~/.defenseclaw/config.yaml.

Where DefenseClaw sits

config · restart
hooks or proxy
TUI · HITL
Operator(you)
defenseclaw CLIPython
defenseclaw-gatewayGo sidecar
AgentClaude · Codex ·OpenClaw · ...
SinksSQLite · JSONL ·OTLP · Splunk · webhooks
One Python CLI for the operator. One Go gateway for the data path. One TypeScript plugin per agent that needs in-process integration.

What DefenseClaw is not

DefenseClaw does not prove an agent's behaviour is safe. It improves safety by combining static scanner results, runtime inspection, policy decisions, sandbox controls, and audit trails. High-risk deployments should pair it with human review, least-privilege credentials, sandboxing, CI gates, and production monitoring.

Next

Install

One curl command, or build from source.

Quickstart

Zero-prompt first-run setup.

Command generator

Build a non-interactive `defenseclaw setup guardrail` command for any connector. Pick mode, scanner backend, detection strategy, rule pack, HITL behaviour, and every advanced knob; copy the result straight into your terminal or CI pipeline.

Install

Install DefenseClaw with one curl command or build it from source. Covers macOS and Linux; pins Python 3.10+ and Go 1.26+ for source builds.