Claw Patrol: an open-source security firewall for agents
2 days ago
- #security
- #open-source
- #agents
- Claw Patrol is an open-source security firewall designed to securely manage agent access to production systems.
- It addresses the dilemma of balancing agent utility with safety by enforcing access rules and preventing dangerous actions like DROP TABLE in SQL or destructive kubectl commands.
- The solution operates outside the agent, routing traffic through a gateway that terminates TLS, parses protocols (e.g., HTTP, SQL, Kubernetes), injects credentials, and evaluates requests against HCL rules.
- Credentials are stored on the gateway, not the agent, reducing the risk of leakage from compromised agents.
- Rules can allow, deny, or chain approvers (e.g., LLM judges or human approvals) based on parsed protocol facets like SQL verbs or Kubernetes resources.
- Claw Patrol supports tunneling to networks the agent's host can't reach, such as through EKS or Cloud SQL proxies, filling gaps left by other solutions focused only on HTTP.
- Currently released as alpha software under the MIT license, it includes documentation for extending protocol support and encourages community contributions.