SafeClaw by Authensor ships with a complete set of agent safety features out of the box: a deny-by-default policy engine, hash-chained audit trails, a monitoring dashboard, container mode, budget controls, action scheduling, human approval workflows, and real-time notifications. Install the full feature set with a single command: npx @authensor/safeclaw. No external dependencies, no API keys, no cloud services required.

Policy Engine

The policy engine is SafeClaw's core. It evaluates every action request against a set of rules before allowing execution.

Deny-by-default model. Any action not explicitly permitted by a rule is denied. You define what the agent can do, not what it cannot do.

First-match-wins evaluation. Rules are evaluated in order. The first matching rule determines the outcome. This makes policy behavior predictable and debuggable.

Declarative YAML policies. Rules are defined in YAML files that are human-readable, version-controllable, and reviewable in pull requests.

Action type coverage. Policies cover file reads, file writes, file deletes, shell command execution, network requests, API calls, database operations, and custom action types.

Pattern matching. Rules support glob patterns for paths, regex patterns for commands, and wildcard matching for hosts and parameters.

446 tests. The policy engine is validated by a comprehensive test suite covering rule matching, edge cases, precedence, and error handling.

Hash-Chained Audit Trail

Every action that passes through SafeClaw is recorded in a tamper-evident audit trail.

Hash chaining. Each audit entry includes a cryptographic hash of the previous entry. Modifying or deleting any record breaks the chain, making tampering immediately detectable.

Complete action records. Each entry includes: timestamp, agent ID, action type, action parameters, policy rule matched, decision (allow/deny/approve), and execution outcome.

Export capability. Audit logs can be exported in structured formats for compliance reporting, incident investigation, and analytics.

Local storage. Audit data is stored locally with no external service dependency. You control your audit data completely.

Monitoring Dashboard

SafeClaw includes a built-in dashboard for real-time visibility into agent behavior.

Action feed. Live view of all action requests, decisions, and outcomes across all agents.

Policy metrics. See which rules are matching most frequently, which actions are being denied, and where policy gaps may exist.

Agent overview. Per-agent summary of actions, denials, approvals, and audit integrity.

Alerting. Configurable alerts for unusual patterns: high denial rates, repeated attempts at blocked actions, or audit chain integrity violations.

Container Mode

SafeClaw can operate inside Docker containers for layered security.

In-container gating. Install SafeClaw inside your container to control what the agent does within the sandbox, complementing Docker's environmental isolation.

Volume protection. Gate access to mounted volumes, preventing agents from accessing or modifying shared data outside their permitted scope.

Zero-dependency operation. SafeClaw's zero-dependency architecture means no additional packages need to be installed in the container.

Budget Controls

Prevent runaway costs from autonomous agent operations.

Token budget. Set maximum token consumption limits per agent, per session, or per time period.

Action budget. Limit the total number of actions an agent can perform in a given timeframe.

Cost tracking. Monitor accumulated costs and automatically pause agent operation when budget thresholds are reached.

Action Scheduler

Control when agents can perform certain actions.

Time-based rules. Allow certain actions only during business hours or maintenance windows.

Rate limiting. Restrict how frequently an agent can perform specific action types.

Cooldown periods. Require minimum intervals between high-risk actions.

Human Approval Workflows

Require human sign-off for sensitive actions.

Configurable approval rules. Define which actions require human approval based on action type, parameters, risk level, or agent ID.

Multi-approver support. Require approval from specific roles or multiple approvers for the highest-risk actions.

Approval timeout. Actions that are not approved within a configurable timeout are automatically denied.

Approval audit. All approval requests, responses, and timeouts are recorded in the hash-chained audit trail.

Real-Time Notifications

Stay informed about agent behavior without watching the dashboard.

Configurable channels. Receive notifications via webhook, email, or integration with messaging platforms.

Event-based triggers. Notify on denied actions, approval requests, budget thresholds, audit integrity violations, or custom events.

Severity levels. Configure notification urgency based on the event type and risk level.

Provider Agnosticism

SafeClaw works across model providers and agent frameworks.

Claude and OpenAI support. Works with both major providers out of the box.

Framework compatibility. Integrates with LangChain, CrewAI, Claude Agent SDK, OpenAI Assistants, Vercel AI SDK, and custom frameworks.

Unified safety layer. The same policies, audit trails, and approval workflows apply regardless of the underlying model or framework.

Simulation Mode

Test and validate policies without blocking agent operations.

Observation mode. Run SafeClaw with no policy to observe all agent actions and build a complete action surface map.

Policy testing. Apply policies in simulation mode to see what would be allowed and denied without affecting agent behavior.

Migration support. Safely transition from no safety to deny-by-default with confidence that legitimate actions will not be blocked.

Zero Dependencies

SafeClaw has no external runtime dependencies.

Self-contained. No npm packages, no cloud services, no API keys required beyond SafeClaw itself.

Supply chain security. Zero dependencies means zero supply chain attack surface in the safety layer.

Predictable behavior. No external dependency can change SafeClaw's behavior through updates or compromises.

MIT License

SafeClaw is open source under the MIT license.

Full source access. Read, audit, and verify every line of code that controls your agent's permissions.

No vendor lock-in. Fork, modify, and distribute without restriction.

Commercial use. Use in commercial products without licensing fees or obligations beyond attribution.

Related reading:

• Get Started with SafeClaw in 5 Minutes


• The Complete Guide to AI Agent Safety (2026)


• SafeClaw Compared: How It Stacks Up Against Every Alternative


• Migration Guide: Adding SafeClaw to an Existing AI Agent