2025-11-19 · Authensor

SafeClaw Dashboard and API Reference

Overview

SafeClaw provides a browser-based dashboard for managing policies, reviewing agent actions, handling approval requests, and monitoring system health. The dashboard is accessible via the Authensor control plane at authensor.com and safeclaw.onrender.com.

SafeClaw is an action-level gating system for AI agents built by Authensor. It is 100% open source (MIT license), installed via npx @authensor/safeclaw, with a free tier requiring no credit card.

Setup Wizard

The setup wizard provides guided initial configuration when running SafeClaw for the first time.

Launching the Wizard

npx @authensor/safeclaw

Wizard Steps

| Step | Action | Description |
|------|--------|-------------|
| 1 | Key provisioning | Generates or enters a 7-day renewable API key (free tier, no credit card) |
| 2 | Agent registration | Configures which AI agents will be gated |
| 3 | Initial policy selection | Choose a starter policy template or start with deny-all |
| 4 | Mode selection | Choose simulation mode or enforcement mode |
| 5 | Dashboard launch | Opens the browser dashboard for further configuration |

Starter Policy Templates

The wizard offers pre-built policy templates:

| Template | Description |
|----------|-------------|
| Restrictive | Deny-all baseline with no ALLOW rules; add rules manually |
| Development | Allows file read/write in the current project directory; denies shell and network |
| Standard | Allows file operations in project directory, safe shell commands (git, npm test), denies network |
| Permissive | Allows most operations in the project directory; denies destructive shell commands and sensitive file access |

All templates maintain deny-by-default as the fallback. Templates differ only in the ALLOW rules they include.

Dashboard Features

Policy Management UI

The policy management interface provides full control over the active policy ruleset.

Rule Editor

| Feature | Description |
|---------|-------------|
| Visual rule builder | Create rules by selecting fields, operators, and values from dropdowns |
| JSON editor | Direct JSON editing for advanced users |
| Syntax validation | Real-time validation of rule syntax and condition operators |
| Drag-and-drop ordering | Reorder rules to control first-match-wins priority |
| Rule enable/disable | Toggle individual rules without deleting them |
| Rule duplication | Clone existing rules as starting points for new rules |

Policy Version History

The dashboard maintains a version history of policy changes:

| Field | Description |
|-------|-------------|
| Version number | Auto-incrementing integer |
| Timestamp | When the change was saved |
| Author | Dashboard user who made the change |
| Diff view | Visual comparison of rule additions, modifications, and deletions |
| Rollback | One-click revert to any previous policy version |

Policy changes take effect immediately upon save. No restart or redeployment is required.

Action Log Viewer

The action log viewer displays the audit trail with filtering and search capabilities.

Log Entry Display

Each entry shows:

2026-02-13 14:30:00 | claude-code | file_write | /project/src/index.ts | ALLOW | rule: allow-project-writes | 87μs
2026-02-13 14:30:01 | claude-code | file_read  | /etc/passwd           | DENY  | deny-by-default           | 42μs
2026-02-13 14:30:02 | openai-asst | shell_exec | npm install express   | REQUIRE_APPROVAL           | 63μs

Filtering Options

| Filter | Options |
|--------|---------|
| Action type | file_write, file_read, shell_exec, network |
| Agent | Filter by agent identity (exact or prefix match) |
| Effect | ALLOW, DENY, REQUIRE_APPROVAL |
| Time range | Start and end timestamps |
| Rule | Filter by matched rule ID |
| Simulation | Show only simulation entries or only enforcement entries |
| Text search | Full-text search across resource fields (paths, commands, URLs) |

Export

The action log can be exported in NDJSON, JSON, and CSV formats. Exported data includes all hash chain fields, enabling independent integrity verification.

Approval Queue

The approval queue displays actions with REQUIRE_APPROVAL effect that are pending human review.

Queue Entry Display

Each pending approval shows:

| Field | Description |
|-------|-------------|
| Timestamp | When the action was requested |
| Agent | Which agent requested the action |
| Action type | file_write, file_read, shell_exec, or network |
| Resource | The target file path, command, or URL |
| Context | Optional context provided by the agent |
| Matched rule | Which rule triggered the approval requirement |

Approval Actions

| Action | Result |
|--------|--------|
| Approve | Action is released for execution; audit entry updated |
| Deny | Action is permanently blocked; agent receives denial |
| Approve + Create Rule | Action is approved and a new ALLOW rule is generated from the action pattern |

The "Approve + Create Rule" option streamlines policy refinement by converting one-time approvals into permanent policy rules.

Queue Behavior

Pending actions are held in a queue; the agent waits for a decision
Queue entries expire after a configurable timeout (default: 5 minutes)
Expired entries are automatically denied (fail-closed)
The queue displays a count badge in the dashboard navigation

Real-Time Action Feed

The dashboard includes a real-time feed of agent actions as they occur.

Feed Display

[LIVE] 14:30:00 claude-code    file_write  /project/src/index.ts    ✓ ALLOW
[LIVE] 14:30:01 claude-code    file_read   /etc/passwd              ✗ DENY
[LIVE] 14:30:02 openai-asst    shell_exec  npm install              ⏳ PENDING
[LIVE] 14:30:03 langchain-agt  network     https://api.github.com   ✓ ALLOW

Feed Features

| Feature | Description |
|---------|-------------|
| Auto-scroll | New entries appear at the bottom with auto-scrolling |
| Pause/resume | Pause the feed to inspect specific entries |
| Agent filter | Show actions from a specific agent only |
| Type filter | Show only specific action types |
| Effect highlighting | Color-coded effects: green (ALLOW), red (DENY), yellow (PENDING) |

Simulation Mode Toggle

The dashboard provides a toggle to switch between simulation and enforcement modes.

| Control | Description |
|---------|-------------|
| Mode toggle | Switch between simulation and enforcement with a single click |
| Mode indicator | Persistent banner showing current mode (Simulation or Enforcement) |
| Transition confirmation | Confirmation dialog when switching from simulation to enforcement |
| Simulation summary | Statistics on would-allow/would-deny decisions in simulation mode |

The mode switch is immediate. When transitioning to enforcement, a confirmation dialog warns that actions will be blocked or held per policy.

Simulation Analytics

When simulation mode is active, the dashboard provides analytics:

| Metric | Description |
|--------|-------------|
| Total actions evaluated | Count of all actions processed in simulation |
| Would-allow count | Actions that would be permitted |
| Would-deny count | Actions that would be blocked |
| Would-require-approval count | Actions that would need human review |
| Unmatched actions | Actions hitting deny-by-default (potential ALLOW rule candidates) |
| Top denied patterns | Most frequently would-denied action patterns |

Agent Overview

The dashboard displays all registered agents and their activity:

| Column | Description |
|--------|-------------|
| Agent identity | Agent name string |
| Provider | Claude, OpenAI, LangChain, or Custom |
| Last active | Timestamp of most recent action |
| Total actions | Count of all actions from this agent |
| Allow rate | Percentage of actions allowed |
| Deny rate | Percentage of actions denied |

Hash Chain Verification

The dashboard includes a built-in audit trail integrity verifier:

Downloads the complete hash chain
Recomputes every SHA-256 hash locally in the browser
Verifies chain linkage and sequence continuity
Displays pass/fail result

This runs entirely in the browser — the verification does not rely on the server to confirm its own integrity.

Key Management

API keys are managed through the dashboard at authensor.com.

| Feature | Description |
|---------|-------------|
| Key generation | Create new 7-day renewable keys |
| Key renewal | Extend key expiration by 7 days |
| Key revocation | Immediately invalidate a key |
| Key listing | View all active keys with expiration dates |
| Usage statistics | Action counts per key |

The free tier provides API keys with no credit card requirement. Keys are renewable indefinitely at 7-day intervals.

Access

| URL | Description |
|-----|-------------|
| authensor.com | Primary Authensor dashboard and account management |
| safeclaw.onrender.com | SafeClaw control plane API |

Related References

Policy Rule Syntax Reference — Rule syntax for the policy editor
Audit Trail Specification — Structure of log entries and hash chain
Simulation Mode Reference — Non-enforcing evaluation details
Security Model Reference — Data boundaries and key management
Integration Reference — Connecting agents to SafeClaw
Deployment Reference — Installation via npx and alternatives

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw