frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Show HN: Claw Patrol, a security firewall for agents

https://github.com/denoland/clawpatrol
44•rough-sea•2d ago
At Deno we've been using OpenClaw and other agents increasingly for addressing production problems in Deno Deploy - when a PagerDuty alert fires, the agent starts researching the cause and making fixes.

In order to do this, the agent needs access to real production systems - postgres, kubernetes, gcp, clickhouse, github, etc. But this is dangerous to say the least - we want destructive actions to be reviewed by other LLMs, approved by humans, and logged appropriately.

Claw Patrol terminates TCP connections over WireGuard or Tailscale, then parses application protocols (eg http, postgres, ssh) to apply rules that allow you to deny/allow requests.

There are a few projects that sit as a proxy in front of agents to do secret injection or apply various guardrails, but none met our needs (LLM gateways, MCP proxies, sandboxes), particularly the need to handle low-level protocols, or handle complex real world situations like tunneling postgres through k8s.

Written in Go, configured in HCL, MIT licensed. Happy to answer any questions.

https://clawpatrol.dev/

Comments

pavelpilyak•2d ago
Neat! Reading the docs - it's default-allow and ships with no rules? Any plans for a default rule set?
rough-sea•2d ago
Yes default allow and no rules by default. Some sort of default policy would be a great feature - I've been considering it. No one wants agents to DROP tables.

We have a big and detailed config file for our own internal use - but reluctant to release that exactly because it has information about our systems.

There's an example config file here that might be helpful https://github.com/denoland/clawpatrol/blob/main/examples/ga... - we use agents to write the config by pointing it at https://clawpatrol.dev/llms-full.txt

Apylon777•2d ago
This is a really cool library to look at even if you aren't running openclaw directly.

Lots of good concepts to seek inspiration from.

1. process-scoped egress policy

2. policy-as-code

3. explicit approval classes

4. normalized network/ guardrail receipts.

5. structured guardrail outcomes

6. centralized decision rules

rough-sea•2d ago
Thanks! Don't forget wire level protocol parsing - this is important because agents usually can spawn subprocesses and if they have postgres credentials, you're just one psql call away from disaster if you only have MCP/HTTP proxies in place.
Hans_Cui•5h ago
really interesting work! i am curious how you handle rule configuration for different protocols such as Postgres or ssh. Thanks for open-sourcing it under MIT.
rough-sea•1h ago
There's a plugin API https://clawpatrol.dev/docs/plugins/
Jayakumark•1h ago
How will credentials be injected via Gateway for each user ? If we have 5 users with one gateway, how it knows whose github credential to inject ?
rough-sea•1h ago
You can define different profiles that are associated with different credentials. Take a look here https://clawpatrol.dev/docs/credentials/#single-credential-t...
varmabudharaju•1h ago
This is very interesting. I build something like this but native to claude code and something that focus on just logging the violation. My question is if you are terminating a process with in the workflow will that about all other things that executed before. anyway would love your feed back on this https://github.com/varmabudharaju/agent-pd
varmabudharaju•1h ago
*abort
undefined_void•42m ago
claw patrol runs on the network level. There’s no process being terminated - HTTP/SQL/etc are rejected based on rules that you define. it’s resilient to the agent making changes to its own hooks or bypassing a local sandbox.
radku•45m ago
Nice work shipping this.

Disclosure: author of a related tool here. I have create agent-vault-proxy for a very similar reason. It also can help keep credentials out of the agent process. The agent gets a placeholder, the proxy swaps in the real secret in transit.

I read them as complementary: action firewall in front, credential broker behind. https://github.com/inflightsec/agent-vault-proxy

undefined_void•37m ago
That’s great! IIUC Agent vault is an HTTPS proxy whereas Clawpatrol is a WG/Tailscale exit node so it can handle other protocols like Postgres and SSH without processes co-operating via HTTP_PROXY
dhavd•39m ago
I did this
thatsit•16m ago
Seems like a more general solution to a Tesla API Firewall that i was thinking about. My idea was to use some kind of gateway/firewall LLM to check commands that another agent would send to the Tesla API.
jameslk•14m ago
I think this sounds very cool! It sounds similar to Agent Vault (github.com/Infisical/agent-vault) but with an added feature of having security policies for denial/human-in-the-loop of traffic based on the contents of requests?

The nice thing about Agent Vault is the encryption of credentials and other ways they handle making sure those don't leak from storage. I suppose you could potentially wrap the two in layers as well (agent -> Claw Patrol -> Agent Vault -> external network)

mmcclure•10m ago
The product looks great and I'm really interested in trying it out. But, more importantly, as a parent of young kids: this name made me laugh out loud. The OG image on the marketing site is a fun easter egg.

For those here without young kids in their life: https://en.wikipedia.org/wiki/Paw_Patrol

Show HN: Homebrew 6.0.0

https://brew.sh/2026/06/11/homebrew-6.0.0/
393•mikemcquaid•5h ago•91 comments

MiMo Code is now released and open-source

https://mimo.xiaomi.com/mimocode
294•apeters•4h ago•160 comments

The RCE that AMD wouldn't fix

https://mrbruh.com/amd2/
106•MrBruh•2h ago•33 comments

Petition to Withdraw Canada's Bill C-22

https://www.ourcommons.ca/petitions/en/Petition/Sign/e-7416
151•hmokiguess•3h ago•58 comments

Software Is Made Between Commits

https://zed.dev/blog/introducing-deltadb
94•jeremy_k•2h ago•61 comments

Emacs appearances in pop culture

https://ianyepan.github.io/posts/emacs-in-pop-culture/
113•ggcr•1d ago•13 comments

Waymo Premier

https://waymo.com/blog/2026/06/waymo-premier/
64•boulos•2h ago•116 comments

Lines of code got a better publicist

https://curlewis.co.nz/posts/lines-of-code-got-a-better-publicist/
293•RyeCombinator•6h ago•188 comments

Open Reproduction of DeepSeek-R1

https://github.com/huggingface/open-r1
143•yogthos•5h ago•15 comments

Pokémon Go Scans Trained the Navigation Tech for Military Drones

https://dronexl.co/2026/06/09/pokemon-go-scans-niantic-vantor-military-drone-navigation/
619•vrganj•12h ago•286 comments

Solar generates more energy in US than coal for first time

https://www.theguardian.com/us-news/2026/jun/11/solar-energy-us-coal
238•neilfrndes•2h ago•100 comments

macOS 27 Beta breaks the ability to boot Asahi Linux

https://www.phoronix.com/news/macOS-27-Beta-Breaks-Asahi
104•josephcsible•2d ago•38 comments

Developer gets Half-Life running at 30 FPS on a Nokia N95

https://www.tomshardware.com/video-games/handheld-gaming/developer-gets-half-life-running-at-30-f...
92•ljf•2d ago•27 comments

Discovery of Cold War-era rare Eastern Bloc computers in a German hangar

https://computerhistory.org/stories/explorers-of-the-lost-computers/
54•andrewstuart•4d ago•9 comments

Programming a GBA Game on an iPhone

https://blog.adamledoux.net/posts/2026-06-08-programming-a-gba-game-on-an-iphone.html
15•akkartik•1d ago•1 comments

Fully autonomous drones have killed human soldiers for the first time

https://www.newscientist.com/article/2529849-fully-autonomous-drones-have-killed-human-soldiers-f...
91•deadgopher•1d ago•64 comments

How Terry Tao became an evangelist for AI in math

https://www.quantamagazine.org/how-terry-tao-became-an-evangelist-for-ai-in-math-20260608/
69•Tomte•3d ago•36 comments

FPS.cob: A first person shooter in COBOL

https://github.com/icitry/FPS.cob
68•MBCook•3h ago•36 comments

Nextcloud Hub 26 Spring: Built together, designed for the future

https://nextcloud.com/blog/nextcloud-hub26-spring/
103•doener•4h ago•72 comments

Anthropic apologizes for invisible Claude Fable guardrails

https://www.theverge.com/ai-artificial-intelligence/948280/anthropic-claude-fable-invisible-disti...
187•rarisma•6h ago•196 comments

Show HN: Claw Patrol, a security firewall for agents

https://github.com/denoland/clawpatrol
45•rough-sea•2d ago•17 comments

Reading for pleasure is sharply down among schoolkids, report shows

https://www.nbcnews.com/data-graphics/kids-reading-less-lower-levels-department-education-study-r...
47•freejoe76•1d ago•39 comments

Vinyl succumbs to Loudness War: more than just collateral damage (2025)

https://magicvinyldigital.net/2025/04/27/vinyl-succumbs-to-loudness-war-more-than-just-collateral...
49•sneela•5d ago•24 comments

MapComplete: Maps about various topics which you can contribute to

https://mapcomplete.org/
152•GTP•4h ago•30 comments

SVG-Line: Better Status Bars for Emacs – Charlie Holland's Blog

https://www.chiply.dev/post-svg-line
59•rbanffy•2d ago•4 comments

Queues Don't Fix Overload (2014)

https://ferd.ca/queues-don-t-fix-overload.html
43•locknitpicker•2d ago•25 comments

A new era for software testing

https://antirez.com/news/168
65•Chrisszz•4d ago•16 comments

Show HN: A police department for your Claude Code agents

https://github.com/varmabudharaju/agent-pd/blob/master/README.md
5•softie123•1h ago•1 comments

Doing nothing at work

https://www.seangoedecke.com/doing-nothing-at-work/
211•Sukram21•3d ago•53 comments

Global population movements from 1990 to 2023

https://www.nature.com/articles/d41586-026-01796-y
80•tzury•7h ago•70 comments