Claw Patrol

Overview

denoland/clawpatrol is an open-source security firewall that sits between AI agents and the production systems they interact with. Built by the Deno team and released under MIT license, Claw Patrol parses agent traffic at the wire level — understanding SQL, Kubernetes API calls, HTTP requests — and enforces action-level security rules written in HCL before requests reach their destination.

Key Capabilities

Claw Patrol extracts wire-level facts from agent traffic: SQL verbs and table names, Kubernetes resource types and verbs and namespaces, HTTP methods and paths. Rules are declarative HCL — block destructive SQL (DROP, DELETE without WHERE), require human approval for kubectl delete pod, allow read-only access to production databases. The firewall supports credential injection so agents never see raw secrets, human-in-the-loop approval workflows, and LLM-based approvers for nuanced policy decisions.

Three deployment modes cover different operational models: clawpatrol run wraps a single agent’s process tree (simplest), clawpatrol join brings up a WireGuard tunnel routing the whole host through the firewall, and clawpatrol gateway runs a standalone proxy accepting clients via WireGuard or Tailscale.

Why It Matters

As agent skills proliferate — GitHub Trending is now a skills monoculture — the gap between what agents can do and what they should be allowed to do is growing. Static scanning (like SkillSpector) catches risks at install time; Claw Patrol enforces rules at execution time. The two are complementary: SkillSpector tells you whether a skill looks safe, Claw Patrol ensures it behaves safely in production regardless of what it tries to do.

Use Cases

Deploy Claw Patrol in front of any agent that touches production databases, Kubernetes clusters, or sensitive APIs. Use HCL rules to enforce least-privilege access patterns — read-only database access for analysis agents, namespace-scoped Kubernetes access for deployment agents, approved-endpoint-only HTTP for external API agents. The human-in-the-loop mode is particularly useful for high-stakes operations where you want agent automation with human gatekeeping on destructive actions.

Considerations

Claw Patrol adds a network hop between agents and their targets — latency-sensitive workloads should benchmark the overhead. HCL rules require understanding wire-level protocol details (SQL syntax, Kubernetes API structure). The WireGuard/Tailscale deployment modes require network infrastructure setup. Currently focused on SQL, Kubernetes, and HTTP protocols — agents using other wire protocols may not get deep inspection.

Who It’s For

Platform and DevOps teams deploying AI agents in production who need runtime security guarantees beyond what static scanning provides. Teams with compliance requirements that mandate audit trails and approval workflows for agent actions. Organizations using agents for database operations or Kubernetes management who want to prevent destructive actions without disabling agent autonomy entirely.