How to Add AI Agent Safety to Emacs

SafeClaw by Authensor brings deny-by-default AI agent safety to Emacs, protecting you from unintended actions by AI agents like gptel, ellama, or any custom LLM integration. Every agent action is intercepted, checked against your policy, and logged to a hash-chained audit trail. SafeClaw supports Claude and OpenAI providers and ships with 446 tests.

Prerequisites

• Emacs 29+ (for native JSON parsing and tree-sitter support)
• Node.js 18+
• A package manager (use-package, straight.el, or similar)

Step 1: Install SafeClaw

Open an Emacs terminal buffer (M-x term or M-x vterm) and run:

npx @authensor/safeclaw

This creates the .safeclaw/ directory with a deny-all default policy and initializes the hash-chained audit log.

Step 2: Create Your Policy File

Write .safeclaw/policy.yaml in your project root:

version: 1
default: deny

rules:
  - action: file.read
    paths:
      - "src/**"
      - "lisp/**"
      - "test/**"
    decision: allow

- action: file.write
    paths:
      - "src/**"
      - "lisp/**"
    decision: prompt

- action: shell.execute
    commands:
      - "make"
      - "make test"
      - "cask install"
    decision: allow

- action: shell.execute
    decision: deny

- action: network.request
    domains:
      - "api.openai.com"
      - "api.anthropic.com"
    decision: allow

Step 3: Add Elisp Functions for SafeClaw

Add the following to your ~/.emacs.d/init.el or ~/.emacs:

(defgroup safeclaw nil
  "SafeClaw AI agent safety integration."
  :group 'tools)

(defun safeclaw-audit-tail ()
  "Show the last 10 SafeClaw audit entries."
  (interactive)
  (let ((default-directory (project-root (project-current t))))
    (compile "npx @authensor/safeclaw audit --tail 10")))

(defun safeclaw-audit-verify ()
  "Verify the SafeClaw audit hash chain."
  (interactive)
  (let ((default-directory (project-root (project-current t))))
    (compile "npx @authensor/safeclaw audit --verify")))

(defun safeclaw-status ()
  "Show SafeClaw status summary."
  (interactive)
  (let ((default-directory (project-root (project-current t))))
    (compile "npx @authensor/safeclaw status")))

(defun safeclaw-policy-validate ()
  "Validate the SafeClaw policy file."
  (interactive)
  (let ((default-directory (project-root (project-current t))))
    (compile "npx @authensor/safeclaw policy --validate")))

Step 4: Bind Keys

Add keybindings under a SafeClaw prefix:

(define-prefix-command 'safeclaw-map)
(global-set-key (kbd "C-c s") 'safeclaw-map)

(define-key safeclaw-map (kbd "a") 'safeclaw-audit-tail)
(define-key safeclaw-map (kbd "v") 'safeclaw-audit-verify)
(define-key safeclaw-map (kbd "s") 'safeclaw-status)
(define-key safeclaw-map (kbd "p") 'safeclaw-policy-validate)

Now C-c s a shows the audit tail, C-c s v verifies the chain, C-c s s shows status, and C-c s p validates your policy.

Step 5: Integrate with Existing AI Packages

If you use gptel or a similar package, configure the process to route through SafeClaw:

(setq gptel-backend
  (gptel-make-openai "safeclaw-openai"
    :host "localhost:9741"
    :key 'gptel-api-key
    :models '("gpt-4o")))

Run SafeClaw as a local proxy:

npx @authensor/safeclaw proxy --port 9741 --upstream https://api.openai.com

This routes all API calls through SafeClaw's policy engine, applying your rules to every request and response.

Step 6: Test

Trigger an AI agent action from Emacs. SafeClaw should intercept it and apply your policy. Verify:

npx @authensor/safeclaw audit --tail 5

Or from Emacs: C-c s a.

Summary

SafeClaw integrates into Emacs through Elisp functions, keybindings, and proxy mode. The deny-by-default approach constrains AI agents to exactly what your policy permits. Hash-chained audit logs provide tamper-evident records. SafeClaw is MIT licensed and open source.

Related Guides

• How to Add AI Agent Safety to Neovim
• How to Run AI Agents Safely from the Terminal
• How to Add AI Agent Safety to VS Code
• How to Send AI Agent Safety Alerts to Discord