2025-10-27 · Authensor

How to Use SafeClaw with Claude

Claude is one of the most capable AI agents available. Claude Code, Anthropic's coding agent, can write files, run shell commands, and make network requests on your behalf. That power requires guardrails.

SafeClaw provides action-level gating for AI agents, and it works with Claude out of the box. This guide covers the integration, how SafeClaw intercepts Claude's actions, and example policies tailored to typical Claude Code usage patterns.

Why Claude Needs SafeClaw

Claude Code is designed to be autonomous. It reads your codebase, proposes changes, writes files, runs tests, and iterates -- all without requiring approval for each individual action. This is what makes it productive.

But Clawdbot showed what happens when agents operate without guardrails: 1.5 million API keys leaked in under a month. The issue is not Claude's intent. The issue is that any sufficiently autonomous agent, operating on a real system with real credentials, can cause real damage through a single miscalibrated action.

SafeClaw sits between Claude and your system. Every action Claude attempts -- every file write, every shell command, every network request -- passes through SafeClaw's policy engine first. If the action matches an allow rule, it proceeds. If it does not, it is blocked. Deny-by-default.

Setting Up SafeClaw for Claude

Step 1: Install SafeClaw

npx @authensor/safeclaw

The browser dashboard opens automatically. Create a free account (no credit card, 7-day renewable keys) and select Claude as your agent framework in the setup wizard.

Step 2: How the Interception Works

SafeClaw operates as a local policy evaluation layer. When Claude Code attempts an action:

The action request (type, target, parameters) is captured before execution.
SafeClaw's engine evaluates the request against your policy rules, top-to-bottom, first-match-wins.
If the first matching rule has effect allow, the action proceeds.
If the first matching rule has effect deny, or no rule matches (deny-by-default), the action is blocked.
The decision is recorded in the tamper-proof audit trail (SHA-256 hash chain).

All evaluation happens locally on your machine. Sub-millisecond latency. No data leaves your system for policy evaluation.

Step 3: Configure Agent Identity

SafeClaw supports agent identity, letting you create policies scoped to specific agents. For Claude, set the agent identity in your configuration:

{
  "agentId": "claude-code",
  "framework": "claude"
}

This allows you to run multiple agents (Claude, OpenAI, custom agents) with different policies on the same machine.

Example Policies for Claude Code

Policy 1: General Development

This policy covers the typical Claude Code workflow -- editing source files, running tests, installing packages:

{
  "name": "claude-code-dev",
  "agentId": "claude-code",
  "rules": [
    {
      "action": "file_write",
      "effect": "deny",
      "pathPattern": "*/.env"
    },
    {
      "action": "file_write",
      "effect": "deny",
      "pathPattern": "/.ssh/"
    },
    {
      "action": "file_write",
      "effect": "deny",
      "pathPattern": "/.aws/"
    },
    {
      "action": "file_write",
      "effect": "deny",
      "pathPattern": "**/.npmrc"
    },
    {
      "action": "file_write",
      "effect": "allow",
      "pathPattern": "/home/user/project/src/**"
    },
    {
      "action": "file_write",
      "effect": "allow",
      "pathPattern": "/home/user/project/tests/**"
    },
    {
      "action": "file_write",
      "effect": "allow",
      "pathPattern": "/home/user/project/package.json"
    },
    {
      "action": "file_write",
      "effect": "allow",
      "pathPattern": "/home/user/project/tsconfig.json"
    },
    {
      "action": "shell_exec",
      "effect": "allow",
      "command": "npm install"
    },
    {
      "action": "shell_exec",
      "effect": "allow",
      "command": "npm test"
    },
    {
      "action": "shell_exec",
      "effect": "allow",
      "command": "npm run build"
    },
    {
      "action": "shell_exec",
      "effect": "allow",
      "command": "npx tsc --noEmit"
    },
    {
      "action": "shell_exec",
      "effect": "allow",
      "command": "git status"
    },
    {
      "action": "shell_exec",
      "effect": "allow",
      "command": "git diff"
    },
    {
      "action": "network",
      "effect": "allow",
      "destination": "registry.npmjs.org"
    },
    {
      "action": "network",
      "effect": "allow",
      "destination": "api.anthropic.com"
    }
  ]
}

This gives Claude Code what it needs for a standard TypeScript project: write access to source and test directories, standard npm and git commands, and network access for package downloads and Anthropic API calls. Everything else is denied.

Policy 2: Code Review Only (Read-Heavy, Write-Light)

When using Claude for code review rather than active development, restrict write access further:

{
  "name": "claude-code-review",
  "agentId": "claude-code",
  "rules": [
    {
      "action": "file_write",
      "effect": "deny",
      "pathPattern": "**"
    },
    {
      "action": "shell_exec",
      "effect": "allow",
      "command": "git log"
    },
    {
      "action": "shell_exec",
      "effect": "allow",
      "command": "git diff"
    },
    {
      "action": "shell_exec",
      "effect": "allow",
      "command": "npm test"
    },
    {
      "action": "network",
      "effect": "deny",
      "destination": "*"
    }
  ]
}

No file writes at all. Only git inspection and test execution. No network access. Claude can read and analyze but cannot modify.

Policy 3: Full-Stack with Database

For Claude Code working on a full-stack project with database migrations:

{
  "name": "claude-fullstack",
  "agentId": "claude-code",
  "rules": [
    {
      "action": "file_write",
      "effect": "deny",
      "pathPattern": "*/.env"
    },
    {
      "action": "file_write",
      "effect": "deny",
      "pathPattern": "/credentials/"
    },
    {
      "action": "file_write",
      "effect": "allow",
      "pathPattern": "/home/user/project/src/**"
    },
    {
      "action": "file_write",
      "effect": "allow",
      "pathPattern": "/home/user/project/migrations/**"
    },
    {
      "action": "file_write",
      "effect": "allow",
      "pathPattern": "/home/user/project/tests/**"
    },
    {
      "action": "file_write",
      "effect": "allow",
      "pathPattern": "/home/user/project/public/**"
    },
    {
      "action": "shell_exec",
      "effect": "allow",
      "command": "npm *"
    },
    {
      "action": "shell_exec",
      "effect": "allow",
      "command": "npx prisma migrate dev"
    },
    {
      "action": "shell_exec",
      "effect": "allow",
      "command": "npx prisma generate"
    },
    {
      "action": "network",
      "effect": "allow",
      "destination": "registry.npmjs.org"
    },
    {
      "action": "network",
      "effect": "allow",
      "destination": "localhost"
    }
  ]
}

This adds migration file writes, Prisma commands, and localhost network access for local database connections.

Claude Code Usage Patterns to Watch For

Claude Code's autonomy means it may attempt actions you have not anticipated. Here are patterns to monitor in your audit logs:

Package installation. Claude frequently runs npm install to add dependencies. Your shell_exec rules should account for this. Allowing npm install without specifying packages lets Claude install anything. Decide if that is acceptable for your use case.

Config file modifications. Claude often updates tsconfig.json, eslint.config.js, or package.json. If you want Claude to iterate on configuration, include these in your allow rules. If not, they are denied by default.

Git operations. Claude Code uses git for context (diff, log, blame). Read-only git commands are generally safe to allow. Write operations (commit, push) require more thought -- decide if you want Claude committing on your behalf.

File creation outside known paths. Claude may create new directories or files in locations you did not anticipate. Review your audit log for denied file_write actions to identify these patterns and decide whether to expand your rules.

Testing Your Claude Policy

Before enforcing, enable simulation mode in the SafeClaw dashboard. Run Claude Code through a typical task -- let it edit files, run tests, install packages. Review the simulation log:

"Would deny" on legitimate actions? Your allow rules need expansion.
"Would allow" on concerning actions? Your rules are too permissive.

Iterate until the simulation matches your expectations. Then switch to enforcement.

Performance Impact

SafeClaw evaluates policies locally with sub-millisecond latency. Claude Code will not feel slower. The evaluation engine is built in TypeScript with strict mode, 446 tests, and zero dependencies. It adds negligible overhead to Claude's workflow.

Getting Started

npx @authensor/safeclaw

Free tier. No credit card. 7-day renewable keys. Works with Claude, OpenAI, and LangChain. Built on the Authensor framework, 100% open source client.

Claude Code is powerful. SafeClaw makes it safe. Every action gated, every decision logged, every audit trail tamper-proof. Visit safeclaw.onrender.com for full documentation.

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw