Overview
defenseclaw-gateway policy — Manage and inspect OPA policies.
Reference
Synopsis
policy
Subcommands
| Subcommand | Description |
|---|---|
domains | List firewall domain allowlist and blocklist from active policy |
evaluate | Dry-run the admission policy for a given input |
evaluate-firewall | Dry-run the firewall policy for a given destination |
reload | Tell the running sidecar daemon to reload OPA policies |
show | Display the current OPA data.json policy configuration |
validate | Compile-check all Rego modules and validate data.json |
Description
Validate, inspect, evaluate, and reload DefenseClaw OPA policies.
defenseclaw-gateway policy domains
Synopsis
domains
Description
List firewall domain allowlist and blocklist from active policy
defenseclaw-gateway policy evaluate
Synopsis
evaluate
Description
Dry-run the admission policy for a given input
Flags
| Flag | Type | Default | Description |
|---|---|---|---|
--findings | int | 0 | Number of findings |
--severity | string | — | Max severity of scan result (empty = pre-scan) |
--target-name | string | — | Target name to evaluate |
--target-type | string | skill | Target type (skill, mcp, plugin) |
defenseclaw-gateway policy evaluate-firewall
Synopsis
evaluate-firewall
Description
Dry-run the firewall policy for a given destination
Flags
| Flag | Type | Default | Description |
|---|---|---|---|
--destination | string | — | Destination hostname or IP |
--port | int | 443 | Destination port |
--protocol | string | tcp | Protocol (tcp/udp) |
--target-type | string | skill | Target type context |
defenseclaw-gateway policy reload
Synopsis
reload
Description
Tell the running sidecar daemon to reload OPA policies
defenseclaw-gateway policy show
Synopsis
show
Description
Display the current OPA data.json policy configuration
defenseclaw-gateway policy validate
Synopsis
validate
Description
Compile-check all Rego modules and validate data.json
Usage
Concrete invocation recipes are added by the cli-commands subagents.
Pair this with the equivalent Python wrapper command under
Python CLI — most gateway operations are
also available one layer up.