Decision Infrastructure for AI Agents
DashClaw intercepts agent actions before they reach the real world. Enforce policies, require human approval, and record verifiable evidence in one open source runtime.
Works with Claude Code, Codex, Hermes Agent, Claude Managed Agents, OpenAI, LangChain, CrewAI, AutoGen, Gemini CLI, and any custom agent.
For teams running AI agents where the cost of a bad action is real.
Live demo, real demo endpoints
Pick an action, hit Evaluate, and watch DashClaw enforce policy in real time. Every call hits the same governance runtime that ships to your instance.
await claw.guard({
agent_id: 'openai-deployer-1',
action_type: 'deploy',
risk_score: 85,
declared_goal: 'Deploy auth-service v2.1 to production with new session token rotation.',
});Pick an action and click Evaluate. The result will appear here, including the matched policy, the risk score, and what a human approver would see.
Guard decisions are live against the demo deployment. Approval clicks resolve locally so visitors can explore the flow without an account; your own instance routes them to /api/actions/:id/approve.
DashClaw governs the moment where agent intent becomes real-world action.
This interception is where trust is created.
await deleteFiles({
path: "/prod/data"
});
// No check. No record.
// No way back.const { decision } = await dc.guard({
action: "delete_files",
resource: "/prod/data"
});
if (decision === "allow") {
await deleteFiles({ path: "/prod/data" });
}Agents retain autonomy.
Organizations retain control.
DashClaw intercepts actions before they reach real-world systems.
Developers need governance over agent decisions.
Not just logs. Not just traces. A runtime that governs the decision itself.
DashClaw is built around five primitives that form a decision runtime for autonomous systems.
Agents declare what they want to do.
Evaluate policies before agents act.
Pause risky decisions for human review.
The governed decision is executed.
A signed replay is recorded for audit.
Governance logic belongs in the runtime, not hardcoded in your agents.
DashClaw is the governance layer for existing agent frameworks.
// Add to claude_desktop_config.json
// or .mcp.json for Claude Code
{
"mcpServers": {
"dashclaw": {
"command": "npx",
"args": ["@dashclaw/mcp-server"],
"env": {
"DASHCLAW_URL": "https://your-instance.vercel.app",
"DASHCLAW_API_KEY": "oc_live_..."
}
}
}
}
// 23 governance tools + 4 resources
// No SDK. No code changes.from dashclaw import DashClaw
import os
claw = DashClaw(
base_url=os.environ["DASHCLAW_BASE_URL"],
api_key=os.environ["DASHCLAW_API_KEY"],
agent_id="my-agent"
)
# Intercept tool execution
decision = claw.guard(
action_type="deploy",
risk_score=82
)
if decision == "allowed":
run_agent_tool()# Wrap sensitive agent tasks
decision = claw.guard(
action_type="external_api_call",
provider="stripe",
risk_score=88
)
if decision == "allowed":
crew.kickoff()import { DashClaw } from 'dashclaw'
const claw = new DashClaw({
baseUrl: process.env.DASHCLAW_BASE_URL,
apiKey: process.env.DASHCLAW_API_KEY,
agentId: 'my-agent'
})
// Guard before calling the tool
const { decision } = await claw.guard({
actionType: "deploy",
riskScore: 90
})
if (decision === 'allowed') {
await openai.chat.completions.create(...)
}# .claude/hooks/dashclaw_pretool.py
# Governs Bash, Edit, Write, MultiEdit
# No pip installs required
import json, sys, urllib.request, os
payload = json.loads(sys.stdin.read())
tool = payload.get("tool_name", "")
if tool not in ["Bash","Edit","Write","MultiEdit"]:
sys.exit(0) # not governed
# Guard check via DashClaw API
# block/approve/allow based on policy# One command wires it all into ~/.codex/config.toml $ dashclaw install codex --project . # Managed block written to ~/.codex/config.toml: approval_policy = "on-request" [mcp_servers.dashclaw] command = "python" args = [".../dashclaw-mcp.js", "--agent-id", "codex"] [[hooks.PreToolUse]] matcher = "Bash|Edit|Write|MultiEdit" [[hooks.PreToolUse.hooks]] type = "command" command = "python ~/.codex/hooks/dashclaw/dashclaw_pretool.py" # Same hooks. Same audit ledger. agent_id = codex.
# One install script wires 8 hooks into ~/.hermes/config.yaml $ bash scripts/install-hermes-plugin.sh # Managed block written to ~/.hermes/config.yaml: hooks: pre_tool_call: [...] # guard / block / require_approval post_tool_call: [...] # outcome recording pre_llm_call: [...] # per-turn policy + approval context injection post_llm_call: [...] # live ingest to /api/code-sessions/ingest-live on_session_start: [...] # cache warm on_session_end: [...] # finalize: true -> optimizer + alerts pass transform_tool_result: [...] # redact API keys, JWTs, PEM blocks subagent_stop: [...] # delegate_task ROI tracking # Per-turn cost attribution. agent_id = hermes.
Zero-dependency Node.js and Python clients. Adding governance requires only a small wrapper around risky actions.
Three patterns that come up in every production agent stack.
One approval before production, full audit trail after.
await claw.guard({
agent_id: 'deploy-bot',
action_type: 'deploy',
risk_score: 92,
declared_goal: 'Ship auth-service v2.1 to prod',
});Matched the production_deploy policy, paused the action, routed to the on-call engineer, recorded the approval.
Every governed action also lands in the evidence ledger, ready for compliance review without a separate audit pipeline.
Once decisions are governed, DashClaw provides the operational visibility required to run agent fleets at scale.
Live operational visibility for the agent fleet. See what is running, what was decided, and what is waiting on a human.
Semantic guardrails that decide allow, block, or require approval before the action reaches the real world.
Approvers resolve pending actions wherever they already work, against the same governance endpoint. Claude Code lifecycle hooks add an inline prompt path for terminal workflows.
Control-level gap analysis with remediation priorities.
Run tests against all active guard policies.
Generate audit-ready evidence from live behavior.
Automatic detection of autonomy breaches and logic drift.
Agent taking too many actions without human checkpoints
Critical actions without sufficient review
Same action type failing multiple times
Open loops unresolved past their expected timeline
Assumptions becoming stale or contradicted by outcomes
Assumptions not validated within expected timeframe
Actions stuck in running state for over 4 hours
Pick the surface that matches your stack. All five hit the same governance loop on the same instance.
Any MCP-compatible client (Claude Code, Claude Desktop, Managed Agents) gets governance via 23 tools and 4 resources. No SDK, no hooks.
npx @dashclaw/mcp-server --url ... --key ...
Instrument any agent runtime with the canonical governance loop: guard → createAction → waitForApproval → updateOutcome.
npm install dashclaw # pip install dashclaw
Native plugin for the OpenClaw agent framework. Intercepts PreToolUse / PostToolUse, runs guard / record / wait-for-approval automatically.
npm install @dashclaw/openclaw-plugin
Anthropic skill that teaches Managed Agents the MCP usage protocol: risk tiers, decision handling, recording rules, session lifecycle.
Pairs with @dashclaw/mcp-server
Two stdlib-only Python scripts for PreToolUse / PostToolUse. No pip install. Safe to ship even without DashClaw configured.
cp hooks/dashclaw_*.py .claude/hooks/
Approve or deny agent actions from any terminal. Same endpoint as the dashboard and mobile PWA, and decisions sync over Redis SSE in about 1s.
npm install -g @dashclaw/cli
Day-2 tools for the people running governance in production.
Diagnoses database, configuration, auth, deployment, SDK reachability, governance staleness, and shape drift. Auto-fixes safe issues.
dashclaw doctor
A PWA at /approve for approving high-risk actions from your phone. Same governance loop as the dashboard.
https://<instance>/approve
Pending actions fan out to an admin Telegram chat with inline Approve / Reject. One tap on your phone resolves the action against the same endpoint as the dashboard.
npm run telegram:setup
Hero stats with trend comparison, cost-trend and action-volume series, breakdowns by agent, action type, and model. Token usage by tier.
GET /api/analytics?days=7
How DashClaw compares
| Dimension | Tracing tools (LangSmith, Langfuse) | DashClaw |
|---|---|---|
| When it acts | After the action | Before the action |
| Core primitive | Log or trace | Guard and policy |
| Human in the loop | Add on | First class |
| Compliance evidence | Trace export | Action level, policy and approver bound |
| Self host | Available | Available, MIT, no paid tier required |
Tracing tools answer the question, what did my agent do. DashClaw answers the question, what is my agent allowed to do. Both have a place. Most teams will eventually run both.
DashClaw lets agents move fast without giving up control. Intercept risky actions. Require approval when needed. Prove every decision afterward.