{"slug": "show-hn-claw-patrol-a-security-firewall-for-agents", "title": "Show HN: Claw Patrol, a security firewall for agents", "summary": "Claw Patrol, a new open-source security firewall for AI agents, intercepts agent traffic at the network level and enforces rules written in HCL before requests reach production systems. The tool can block destructive SQL commands, pause dangerous Kubernetes operations for human approval, and supports multiple deployment modes including per-process tunnels and full-host WireGuard connections.", "body_md": "The security firewall for agents.\n\nClaw Patrol sits between your agents and prod, parses their traffic\nat the wire, and gates each action against rules you write in HCL.\nFor example, you can block destructive SQL, or pause `kubectl delete pod`\n\nuntil a human approves it before the request reaches Kubernetes.\n\nFor the full overview see [clawpatrol.dev](https://clawpatrol.dev).\n\n```\ncurl -fsSL https://clawpatrol.dev/install.sh | sh\n```\n\nFrom source: `make`\n\n(requires Go and Node.js).\n\nA real rule from our own production config:\n\n```\nrule \"k8s-no-secrets\" {\n  endpoint  = k8s-prod\n  condition = \"k8s.resource == 'secrets'\"\n  verdict   = \"deny\"\n  reason    = \"Secret values must not leave the cluster via the agent\"\n}\n```\n\nConditions are CEL expressions over wire-level facts the gateway\nextracts per protocol: SQL verbs and table names for Postgres /\nClickHouse, resource / verb / namespace for Kubernetes, method /\npath / headers / body for HTTP. The full set of facts lives in the\n[config reference](https://clawpatrol.dev/docs/config-reference).\n\nThree deployment shapes; pick whichever fits.\n\n```\nclawpatrol gateway config.hcl   # run the proxy itself\nclawpatrol join <gateway-url>   # join a gateway\nclawpatrol run claude           # wrap one agent's process tree\n```\n\n`clawpatrol run`\n\nopens a per-process tunnel on Linux (via netns) or\nmacOS (via NetworkExtension); only the wrapped command's traffic\ngoes through the gateway. `clawpatrol join`\n\nbrings up a WireGuard\ntunnel that routes the whole host. `clawpatrol gateway`\n\nis the\nproxy: a single binary that loads your HCL config and accepts\nclients tunneling in via WireGuard or Tailscale.\n\n[clawpatrol.dev/docs/getting-started](https://clawpatrol.dev/docs/getting-started)\nwalks through a first config end-to-end.\n[clawpatrol.dev/docs/config-reference](https://clawpatrol.dev/docs/config-reference)\nis the auto-generated field reference. See\n[ gateway.example.hcl](/denoland/clawpatrol/blob/main/examples/gateway.example.hcl) for an\nannotated starting template.\n\nMIT. See [LICENSE.md](/denoland/clawpatrol/blob/main/LICENSE.md).", "url": "https://wpnews.pro/news/show-hn-claw-patrol-a-security-firewall-for-agents", "canonical_source": "https://github.com/denoland/clawpatrol", "published_at": "2026-06-09 16:06:50+00:00", "updated_at": "2026-06-11 19:12:20.499892+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "ai-infrastructure", "ai-tools", "ai-products"], "entities": ["Claw Patrol", "HCL", "Kubernetes", "Postgres", "ClickHouse", "WireGuard", "Claude"], "alternates": {"html": "https://wpnews.pro/news/show-hn-claw-patrol-a-security-firewall-for-agents", "markdown": "https://wpnews.pro/news/show-hn-claw-patrol-a-security-firewall-for-agents.md", "text": "https://wpnews.pro/news/show-hn-claw-patrol-a-security-firewall-for-agents.txt", "jsonld": "https://wpnews.pro/news/show-hn-claw-patrol-a-security-firewall-for-agents.jsonld"}}