2025-12-31 · Authensor

How to Add AI Agent Safety to Zed Editor

SafeClaw by Authensor integrates with Zed editor to provide deny-by-default action gating for AI agents. Zed's built-in AI assistant and any custom agent workflows are covered by SafeClaw's policy engine, which logs every decision to a hash-chained audit trail. SafeClaw supports both Claude and OpenAI providers and ships with 446 tests.

Prerequisites

Step 1: Install SafeClaw

Open Zed's built-in terminal panel and run:

npx @authensor/safeclaw

This creates a .safeclaw/ directory with the default deny-all policy and initializes the audit log in your project root.

Step 2: Configure the Policy

Create .safeclaw/policy.yaml:

version: 1
default: deny


rules:
  - action: file.read
    paths:
      - "src/**"
      - "assets/**"
    decision: allow



- action: file.write
    paths:
      - "src/**"
    decision: prompt



- action: shell.execute
    commands:
      - "cargo build"
      - "cargo test"
    decision: allow



- action: shell.execute
    decision: deny



- action: network.request
    domains:
      - "api.openai.com"
      - "api.anthropic.com"
    decision: allow

Zed is popular among Rust developers, so this example policy permits cargo build and cargo test while blocking arbitrary shell commands.

Step 3: Add SafeClaw Tasks to Zed

Zed supports a .zed/tasks.json file for custom tasks. Create it:

[
  {
    "label": "SafeClaw: Audit Tail",
    "command": "npx",
    "args": ["@authensor/safeclaw", "audit", "--tail", "10"]
  },
  {
    "label": "SafeClaw: Verify Chain",
    "command": "npx",
    "args": ["@authensor/safeclaw", "audit", "--verify"]
  },
  {
    "label": "SafeClaw: Status",
    "command": "npx",
    "args": ["@authensor/safeclaw", "status"]
  },
  {
    "label": "SafeClaw: Validate Policy",
    "command": "npx",
    "args": ["@authensor/safeclaw", "policy", "--validate"]
  }
]

Access these tasks via Cmd+Shift+P (macOS) or Ctrl+Shift+P (Linux) and searching for "task".

Step 4: Configure Zed Settings for SafeClaw

Add SafeClaw-related settings to your Zed project settings (.zed/settings.json):

{
  "terminal": {
    "env": {
      "SAFECLAW_ENABLED": "true",
      "SAFECLAW_POLICY": ".safeclaw/policy.yaml",
      "SAFECLAW_AUDIT": "true"
    }
  }
}

Setting these environment variables ensures SafeClaw is active whenever you run an AI agent command from Zed's terminal.

Step 5: Integrate with Zed's AI Assistant

Zed has a built-in AI assistant. To route its actions through SafeClaw, wrap the assistant's execution context:

npx @authensor/safeclaw wrap --provider anthropic -- zed-ai-agent

This interposes SafeClaw between Zed's assistant and the system, applying your policy to every action the assistant attempts.

Step 6: Test and Verify

Ask the Zed AI assistant to modify a file outside the permitted src/ path. SafeClaw should deny the action. Check the audit log:

npx @authensor/safeclaw audit --tail 5

You will see the denied action recorded with a timestamp, policy reference, and hash chain link.

Summary

SafeClaw integrates into Zed through the terminal panel, task runner, project settings, and AI assistant wrapping. The deny-by-default approach ensures that Zed's AI capabilities are constrained to exactly what your policy permits. Hash-chained audit logs provide immutable evidence of every decision. SafeClaw is MIT licensed and open source.

Related Guides

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw