Show HN: Claw Patrol, a security firewall for agents(github.com)

20 pointsby rough-sea7 hours ago2 comments

Apylon7775 hours ago
This is a really cool library to look at even if you aren't running openclaw directly.
Lots of good concepts to seek inspiration from.
1. process-scoped egress policy
2. policy-as-code
3. explicit approval classes
4. normalized network/ guardrail receipts.
5. structured guardrail outcomes
6. centralized decision rules
- rough-sea4 hours ago
  Thanks! Don't forget wire level protocol parsing - this is important because agents usually can spawn subprocesses and if they have postgres credentials, you're just one psql call away from disaster if you only have MCP/HTTP proxies in place.
pavelpilyak5 hours ago
Neat! Reading the docs - it's default-allow and ships with no rules? Any plans for a default rule set?
- rough-sea4 hours ago
  Yes default allow and no rules by default. Some sort of default policy would be a great feature - I've been considering it. No one wants agents to DROP tables.
  We have a big and detailed config file for our own internal use - but reluctant to release that exactly because it has information about our systems.
  There's an example config file here that might be helpful https://github.com/denoland/clawpatrol/blob/main/examples/ga... - we use agents to write the config by pointing it at https://clawpatrol.dev/llms-full.txt