by ucsandman
π‘οΈThe governance runtime for AI agents. Intercept actions, enforce guard policies, require approvals, and produce audit-ready decision trails.
# Add to your Claude Code skills
git clone https://github.com/ucsandman/DashClawLast scanned: 6/11/2026
{
"issues": [
{
"file": ".claude/skills/dashclaw-agent/compliance-drift-evals/SKILL.md",
"line": 44,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
},
{
"file": ".claude/skills/dashclaw-agent/create-policies/SKILL.md",
"line": 104,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
},
{
"file": ".claude/skills/dashclaw-agent/create-policies/SKILL.md",
"line": 137,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
},
{
"file": ".claude/skills/dashclaw-agent/instrument-agent/SKILL.md",
"line": 62,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
},
{
"file": ".claude/skills/dashclaw-agent/manage-approvals/SKILL.md",
"line": 85,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
},
{
"file": ".claude/skills/dashclaw-agent/manage-approvals/SKILL.md",
"line": 91,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
},
{
"file": ".claude/skills/dashclaw-agent/register-on-dashclaw/SKILL.md",
"line": 17,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
},
{
"file": ".claude/skills/dashclaw-agent/register-on-dashclaw/SKILL.md",
"line": 70,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
},
{
"file": ".claude/skills/dashclaw-agent/register-on-dashclaw/SKILL.md",
"line": 129,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
},
{
"file": ".claude/skills/dashclaw-agent/register-on-dashclaw/SKILL.md",
"type": "secret-exfiltration",
"message": "β¦and 1 more similar match in this file",
"severity": "low"
}
],
"status": "PASSED",
"scannedAt": "2026-06-11T08:49:24.026Z",
"npmAuditRan": true,
"pipAuditRan": true,
"promptInjectionRan": true
}No comments yet. Be the first to share your thoughts!
30 days in the Featured rail Β· terms & refunds
npx dashclaw-demo. Expected proof: a simulated high-risk deployment is blocked and opens Decision Replay.npm run doctor locally or dashclaw doctor against the hosted URL. Expected proof: the doctor command exits 0 or names the blocking setup item.DASHCLAW_BASE_URL and DASHCLAW_API_KEY. Expected proof: one action appears in /decisions, any held action appears in /approvals, and /api/setup/live-proof can capture setup evidence for onboarding or CI.| Intercept | Risky agent actions are evaluated before they execute. Block, warn, or hold for approval, by policy. |
| Verify identity | Agents authenticate with JWKS-verified OIDC bearer tokens (EdDSA / RSA / ECDSA). Replay protection rejects reused tokens; optional action binding scopes a token to one intended call. Cryptographic attribution, not self-assertion. |
| Enforce | Declarative policies (risk thresholds, deploy gates, capability access rules, semantic checks) run on every action. |
| Approve | Pending approvals route to a dashboard queue, the CLI inbox, a mobile PWA, Telegram, or Discord, with one-tap allow or deny. |
| Record | Every action becomes a replayable decision record: declared goal, reasoning, risk score, matched policies, assumptions, evidence. |
| Finalize | Terminal outcomes are one-shot and durable. Lost confirmations are swept and surfaced, so retries do not double-execute. |
| Govern external systems | The capability registry wraps real HTTP APIs with per-agent access rules, rate limits, and audit. Workflows compose these into multi-step governed runs. |
| Improve | Code Sessions ingests Claude Code transcripts (Stop-hook live or JSONL backfill), prices the spend, surfaces optimizer signals (stuck loops, cache crater, context gaps), and distills sessions into an Optimal Files bundle β root CLAUDE.md, path-scoped rules, hooks, and skill packs β applied locally via dashclaw code apply. |
DashClaw meets agents where they already are. Every path lands on the same governance primitives, audit ledger, and approval queue β pick the one closest to how your agent already runs.
| If your agent is⦠| Use this path | Install |
|---|---|---|
| Claude Code | Plugin + hooks | npm i -g @dashclaw/cli && dashclaw install claude |
| Codex | Plugin | dashclaw install codex --project <path> |
| Hermes Agent | Plugin (8 lifecycle hooks) | bash scripts/install-hermes-plugin.sh |
| OpenClaw | OpenClaw plugin | npm install @dashclaw/openclaw-plugin |
| Claude Desktop, any MCP host | MCP server (stdio) | npx @dashclaw/mcp-server |
| Claude Managed Agents | MCP server (Streamable HTTP) | Point at /api/mcp |
| LangChain | Python SDK callback handler | pip install dashclaw |
| CrewAI | Python SDK task callback / agent wrapper | pip install dashclaw |
| AutoGen | Python SDK instrumentation | pip install dashclaw |
| LangGraph, OpenAI Agents SDK | Node or Python SDK | npm install dashclaw |
| Custom / framework-less | Node or Python SDK | npm install dashclaw |
| Anything HTTP | REST API + webhooks | OpenAPI spec |
Working end-to-end examples for each runtime live in examples/ β anthropic-governed-agent, autogen-governed, claude-code-review-agent, codex-review-agent, crewai-governed, langgraph-governed, managed-agent-governed, managed-agent-mcp, openai-agents-governed, and more.
One plugin source, three ecosystems. Distributed via plugins/dashclaw/. Each manifest ships the MCP server config, the dashclaw-governance protocol skill, the dashclaw-platform-intelligence reference skill, and a distinct agent_id so Mission Control separates sessions per host.
# Claude Code β no clone needed: the CLI downloads the hooks bundle from your
# instance, wires ~/.claude/settings.json, and defaults to observe mode
npm i -g @dashclaw/cli
dashclaw install claude # prompts for endpoint + API key
dashclaw install claude --trial # browser signup on a hosted instance, paste the key
# Codex β installer wires manifest, hooks, and AGENTS.md governance protocol
node cli/bin/dashclaw.js install codex --project /path/to/your/project
# Hermes Agent β 8 lifecycle hooks (pre/post tool, pre/post LLM, on-session
# start/end, secret redaction, subagent_stop ROI tracking)
bash scripts/install-hermes-plugin.sh # macOS / Linux
powershell -File scripts/install-hermes-plugin.ps1 # Windows
For Claude Code specifically, dashclaw install claude governs Bash, Edit, Write, MultiEdit, sub-agent spawns, and every mcp__* tool call with semantic classification, risk scoring, and per-turn token capture β no SDK calls in your agent code, no repo clone. It starts in observe mode (decisions logged, nothing blocked); flip to enforce by setting DASHCLAW_HOOK_MODE=enforce in ~/.dashclaw/claude-hooks/.env. Working from a checkout instead, npm run hooks:install does the same wiring. Full details in hooks/README.md.
Verify it fires: pipe a fake tool call through the hook β a clean exit (and a guard evaluation when DashClaw is reachable) confirms the wiring. Use python3 if your system has no python on PATH; the installer picks the right one automatically.
echo '{"tool_name":"Bash","tool_input":{"command":"echo hello"},"tool_use_id":"test_001","session_id":"smoke"}' | python .claude/hooks/dashclaw_pretool.py
@dashclaw/mcp-server exposes 30 governance MCP tools across 11 groups β core governance, optimal files, session continuity, credential hygiene, skill safety, open loops, learning + retrospection, agent inbox, agent identity, behavior learning, governance posture β plus 6 read-only resources (dashclaw://policies, dashclaw://capabilities, dashclaw://agent/{agent_id}/history, dashclaw://status, dashclaw://code-sessions/projects, dashclaw://code-sessions/sessions/{session_id}).
As of v2.0.0 the local stdio server also carries governed execution: provider tools for GitHub, Vercel, Neon, Stripe and ten more (each registering only when its credential env var is present), and stateful launch plans (create_launch_plan / get_launch_status / preflight_launch / verify_launch) that track the launch tail with reality-checked, never self-reported completion β every step through the same guard/policy/approval path. See mcp-server/README.md and mcp-server/docs/launch-plans.md.
Stdio (Claude Code, Claude Desktop, any stdio MCP client):
{
"mcpServers": {
"dashclaw": {
"command": "npx",
"args": ["@dashclaw/mcp-server"],
"env": {
"DASHCLAW_URL": "https://your-dashclaw.vercel.app",
"DASHCLAW_API_KEY": "oc_live_xxx"
}
}
}
}
Streamable HTTP (Claude Managed Agents, any remote MCP client): every DashClaw instance serves MCP at /api/mcp β no npm package, no client install.
agent = client.beta.agents.create(
name="Governed Agent",
model="claude-sonnet-4-6",
tools=[{"type": "agent_toolset_20260401"}],
mcp_servers=[{
"type": "url",
"url": "https://