Setup

Every defenseclaw setup verb in one place — from the central guardrail wizard to the auxiliary commands that wire keys, webhooks, registries, observability, and per-connector hooks.

defenseclaw setup is the family of operator commands that take DefenseClaw from "binary on disk" to "actively defending an agent". Every verb writes the same ~/.defenseclaw/config.yaml, restarts the right side-cars, and emits an audit-log entry — interactively when you are at a TTY, scripted when you pass --non-interactive.

The one-line summary

Run defenseclaw setup guardrail once. Reach for the auxiliary verbs only when you want to wire a chat notifier, a registry, an observability sink, or a custom LLM key into a guardrail that is already running.

The central command

defenseclaw setup guardrail

The wizard. Picks the connector, observe vs action mode, scanner backend, hook fail-mode, optional LLM judge, HITL severity, and rule pack — then restarts the gateway.

Connector aliases (thin wrappers around `setup guardrail`)

Each alias pre-fills the connector flag and inherits every guardrail option. Pass --mode observe to run any of them in audit-only mode.

setup openclaw

Pins claw.mode=openclaw, installs the fetch interceptor + before_tool_call plugin.

setup zeptoclaw

Pins claw.mode=zeptoclaw, redirects api_base, runs scan + response-scan.

setup claude-code

Pins claw.mode=claudecode and installs the PreToolUse / Stop hooks into Claude Code's settings.json.

setup codex

Pins claw.mode=codex and installs the inspect-request / inspect-response hooks.

setup cursor

Pins claw.mode=cursor and writes hooks.json plus MCP/skills/rules surfaces.

setup windsurf

Pins claw.mode=windsurf — Cascade hooks plus local config discovery.

setup gemini-cli

Pins claw.mode=geminicli and configures settings.json hooks plus native OTLP export.

setup copilot

Pins claw.mode=copilot and writes the .github/hooks command hooks.

setup hermes

Pins claw.mode=hermes and wires config.yaml hooks for MCP, skills, and plugins.

setup mode <connector>

Switch the active claw connector with smart guardrail inheritance — does not re-prompt for guardrail options unless you change the integration scope.

Auxiliary setup verbs

The non-guardrail verbs each own a focused slice of the configuration surface. Every one of them runs interactively at a TTY and supports --non-interactive for CI.

defenseclaw keys

Stash DEFENSECLAW_LLM_KEY (and any per-component overrides) in ~/.defenseclaw/.env. Top-level group: list, set, fill-missing, check. Not a setup subcommand.

setup webhook

Add Slack, PagerDuty, Webex, or generic HMAC notifiers for high-severity alerts. Test deliveries, list, enable/disable, remove.

defenseclaw registry

Subscribe to public or internal skill / MCP catalogs (clawhub, smithery, http_yaml, http_json, git, file). Sync, scan, promote into asset_policy.

setup splunk

Configure the audit-sink HEC forwarder. Replays past events on enable, redacts PII before send.

setup local-observability

Bring up the bundled OTLP collector + Grafana stack so you can see decisions live without leaving your laptop.

setup skill-scanner

Wire the cisco-ai-skill-scanner SDK into admission. Optional VirusTotal + LLM second-opinion.

setup mcp-scanner

Wire the cisco-ai-mcp-scanner SDK into admission. Behavioral introspection of MCP servers before they're added.

setup redaction

Toggle privacy.disable_redaction on/off and inspect status. The right way to manage the redaction kill-switch.

Interactive vs non-interactive — global matrix

Every verb in the setup family exposes both a fully-interactive walkthrough and a --non-interactive flag for CI. The table below is the canonical mapping.

Verb	Interactive	Non-interactive	Notes
`setup guardrail`	yes (default)	`--non-interactive` + flags	Wizard explains each prompt; non-interactive mode requires every required flag.
`setup mode <connector>`	yes	flags only	Reuses the existing guardrail config; only re-prompts when the integration scope changes.
`keys list` / `set` / `fill-missing` / `check`	yes (default)	`--value` + `--yes`	`keys set` prompts for the value (hidden) when `--value` is omitted.
`setup webhook add <type>`	yes (default)	`--non-interactive` + flags	URL and secret-env are prompt-or-flag; type is always positional.
`setup webhook test <name>`	n/a	n/a	Always non-interactive; safe to re-run.
`registry add <id>`	yes (default)	`--non-interactive` + flags	`wizard` is the friendly first-run alias.
`registry sync` / `entries` / `approve` / `reject`	n/a	flags only	Designed for cron / scripts.
`setup splunk`	yes	`--non-interactive` + flags	HEC token comes from `--hec-token <value>` or, if omitted, the `DEFENSECLAW_SPLUNK_HEC_TOKEN` env var.
`setup local-observability`	yes	flags + `--non-interactive`	One-shot bring-up; `--down` tears the stack back down.
`setup skill-scanner` / `setup mcp-scanner`	yes	`--non-interactive` + flags	Per-feature toggles; the underlying `cisco-ai-skill-scanner` / `cisco-ai-mcp-scanner` SDKs ship as hard dependencies of `defenseclaw`.
`setup redaction on` / `off` / `status`	n/a	flags only	Idempotent; status exits 0/1 for CI.

See it for yourself

The interactive flow for the central command is replayed end-to-end on the Setup guardrail page. Every other verb follows the same prompt-or-flag rhythm.

What gets written where

Every setup verb writes to ~/.defenseclaw/:

~/.defenseclaw/
  config.yaml          # the canonical configuration (every verb edits this)
  .env                 # secret values — never committed, never logged
  audit.db             # SQLite audit store (configuration changes land here too)
  gateway.jsonl        # rolling decision/event JSONL
  registries/<id>/     # cached manifest + scanner verdicts for each registry source

Next steps: defenseclaw setup guardrail is the right starting point if you have not run it yet. Already running? defenseclaw keys set DEFENSECLAW_LLM_KEY is the most common follow-up — it unlocks the LLM judge and the LLM-backed scanners. The full guided workflow lives at Unified LLM key.