ClawSecure

Security monitoring and policy enforcement for OpenClaw operators.

ClawSecure gives you a local-first dashboard to track agent events, manage approval queues, enforce security policies, and audit artifact access — without shipping your data to a third party.

Built for small teams running OpenClaw agents in production who need real visibility into what their agents are doing and why.

---

What it does

• Event timeline — every agent action logged with status, severity, and source filters
• Approval queue — flag sensitive operations for human review before they execute
• Policy engine — write rules with priority ordering; higher priority wins
• Artifact visibility controls — redact sensitive references from operator view without deleting them
• Operator presets — ship balanced-default or strict-lockdown bundles, installable in one command
• Local emitter — pipe OpenClaw hook output directly into ClawSecure via stdin

---

Quick start

git clone https://github.com/jimmershere/clawsecure.git
cd clawsecure
npm install
npm start

Open:

• Dashboard: http://localhost:3188
• Health: http://localhost:3188/api/health

---

How policy rules work

Rules are evaluated by priority — higher wins.

# Create a rule
curl -X POST http://localhost:3188/api/rules \
  -H 'Content-Type: application/json' \
  -d '{"name":"Block root SSH","pattern":"ssh root@","action":"block","priority":250,"enabled":true}'

# Install a preset bundle
curl -X POST http://localhost:3188/api/bundles/strict-lockdown/apply

When two rules match, the higher-priority rule wins. Ties break by newest rule ID.

---

Connecting OpenClaw hooks

Use the included emitter to pipe OpenClaw events into ClawSecure:

# In your OpenClaw hook config:
openclaw-emitter.js < event.json

See HOOK_EXAMPLE.md for the full hook setup pattern.

---

API surface

Method	Path	What it does
GET	/api/health	Liveness check
GET	/api/dashboard	Summary stats
GET/POST	/api/events	List / log events
GET	/api/events/:id	Event detail with approvals + artifacts
POST	/api/evaluate	Evaluate a payload against active rules
GET/POST	/api/rules	List / create rules
PATCH/DELETE	/api/rules/:id	Update / remove a rule
GET/PATCH	/api/artifacts/:id	List artifacts / toggle redaction
GET/PATCH	/api/approvals/:id	List queue / resolve approvals
GET	/api/bundles	List presets
POST	/api/bundles/:key/apply	Install preset rules
DELETE	/api/bundles/:key/rules	Remove preset rules

---

Status

Alpha. Local-first operator tooling. Works in production on small teams. Not a full enforcement engine yet — current focus is visibility, triage, and policy management. Enforcement hooks are next.

---

Built with

• Node.js + Express
• SQLite (via better-sqlite3)
• Vanilla JS dashboard (no framework)

---

License

MIT