Infrastructure●●●Banger
Open-source control layer for AI safely access production
Wire-protocol parsing means zero code changes—Teleport and StrongDM require agents.
WizardrySolve My ProblemSlick
luisfdias
201mo ago
Back to browse
GitHub Repository
Security firewall for agents
689 starsGo
Claw Patrol, a security firewall for agents
by rough-sea·Jun 9, 2026·92 points·26 comments
AI Analysis
●●●BangerBig BrainZero to OneSolve My Problem
Wire-protocol parsing gates agent actions before they hit production—no LLM gateway does this.
Strengths
- •Wire-level protocol parsing extracts facts for CEL expressions without relying on API-level controls
- •HCL rules block destructive SQL and pause kubectl deletes until human approval
- •WireGuard and Tailscale tunneling with per-process netns tunneling on Linux and macOS
Weaknesses
- •Go-based proxy adds deployment complexity to existing agent workflows
- •Protocol parsing coverage may not include all edge cases for every supported service
Category
Target Audience
DevOps engineers, platform teams running AI agents
Similar To
Tailscale · OpenPolicyAgent · HashiCorp Boundary
Post Description
At Deno we've been using OpenClaw and other agents increasingly for addressing production problems in Deno Deploy - when a PagerDuty alert fires, the agent starts researching the cause and making fixes.
In order to do this, the agent needs access to real production systems - postgres, kubernetes, gcp, clickhouse, github, etc. But this is dangerous to say the least - we want destructive actions to be reviewed by other LLMs, approved by humans, and logged appropriately.
Claw Patrol terminates TCP connections over WireGuard or Tailscale, then parses application protocols (eg http, postgres, ssh) to apply rules that allow you to deny/allow requests.
There are a few projects that sit as a proxy in front of agents to do secret injection or apply various guardrails, but none met our needs (LLM gateways, MCP proxies, sandboxes), particularly the need to handle low-level protocols, or handle complex real world situations like tunneling postgres through k8s.
Written in Go, configured in HCL, MIT licensed. Happy to answer any questions.
Similar Projects
Security●●●Banger
MCPSaaS – Security proxy for MCP agent protocols
IETF-backed security proxy for MCP agents when the protocol has none.
Big BrainSolve My ProblemBold Bet
AskCarX
102mo ago
Infrastructure●●Solid
Toq protocol – An open-source, agent-to-agent communication protocol
Agent-to-agent protocol with crypto auth and no cloud dependency, competing with Google's A2A.
Big BrainShip It
anshuldesai
202mo ago
Security●●●Banger
We're using LLMs to classify risk before execution in prod
Wire-protocol parsing blocks DROP TABLE before execution with zero code changes.
Solve My ProblemSlick
andriosr
201mo ago
Security●●Solid
AgentGuard – An open-source firewall to secure autonomous AI agents
Agent security is critical, but README admits features aren't fully implemented yet.
Bold BetShip It
millimercure
302mo ago
Developer Tools●●Solid
AutosClaw – security first *claw with live chat to any agent session
Claude orchestration with live dashboards and agent-spawning—well-built but competes with Anthropic, OpenAI infrastructure.
Ship ItWizardry
fbreuer
103mo ago