DashClaw
Govern AI agents before they act.
DashClaw is the governance layer for AI agents that touch real systems.
It sits between agents and the world, evaluates policy on every risky action,
routes human approval where it is required, records verifiable evidence,
and tracks terminal outcomes so a retried agent never silently double-executes.
Plugs into the agents you already run: Claude Code, Codex, Hermes Agent, OpenClaw, Claude Desktop, and Claude Managed Agents. Framework integrations for LangChain, CrewAI, AutoGen, LangGraph, and OpenAI Agents SDK. Any other runtime over MCP, the Node/Python SDK, or direct REST.
What DashClaw does
| |
|---|
| Intercept | Risky agent actions are evaluated before they execute. Block, warn, or hold for approval, by policy. |
| Verify identity | Agents authenticate with JWKS-verified OIDC bearer tokens (EdDSA / RSA / ECDSA). Replay protection rejects reused tokens; optional action binding scopes a token to one intended call. Cryptographic attribution, not self-assertion. |
| Enforce | Declarative policies (risk thresholds, deploy gates, capability access rules, semantic checks) run on every action. |
| Approve | Pending approvals route to a dashboard queue, the CLI inbox, a mobile PWA, Telegram, or Discord, with one-tap allow or deny. |
| Record | Every action becomes a replayable decision record: declared goal, reasoning, risk score, matched policies, assumptions, evidence. |
| Finalize | Terminal outcomes are one-shot and durable. Lost confirmations are swept and surfaced, so retries do not double-execute. |
| Govern external systems | The capability registry wraps real HTTP APIs with per-agent access rules, rate limits, and audit. Workflows compose these into multi-step governed runs. |
| Improve | Code Sessions ingests Claude Code transcripts (Stop-hook live or JSONL backfill), prices the spend, surfaces optimizer signals (stuck loops, cache crater, context gaps), and distills sessions into an Optimal Files bundle — root CLAUDE.md, path-scoped rules, hooks, and skill packs — applied locally via dashclaw code apply. |
Choose your integration path
DashClaw meets agents where they already are. Every path lands on the same governance primitives, audit ledger, and approval queue — pick the one closest to how your agent already runs.
Coverage at a glance
| If your agent is… | Use this path | Install |
|---|
| Claude Code | Plugin + hooks | npm run hooks:install |
| Codex | Plugin | dashclaw install codex --project <path> |
| Hermes Agent | Plugin (8 lifecycle hooks) | bash scripts/install-hermes-plugin.sh |
| OpenClaw | OpenClaw plugin | npm install @dashclaw/openclaw-plugin |
| Claude Desktop, any MCP host | MCP server (stdio) | npx @dashclaw/mcp-server |
| Claude Managed Agents | MCP server (Streamable HTTP) | Point at /api/mcp |
| LangChain | Python SDK callback handler | pip install dashclaw |
| CrewAI | Python SDK task callback / agent wrapper | pip install dashclaw |
| AutoGen | Python SDK instrumentation | pip install dashclaw |
| LangGraph, OpenAI Agents SDK | Node or Python SDK | npm install dashclaw |
| Custom / framework-less | Node or Python SDK | npm install dashclaw |
| Anything HTTP | REST API + webhooks | OpenAPI spec |
