Your agents act. You stay in control.
The gatekeeper between your AI agents and the APIs they act on.
Get Started · CLI · Agent Integration · Dashboard · Services · Runtime Proxy · Security
[!WARNING] Use at your own risk. Clawvisor is experimental software under active development. It has not been audited for security. LLMs are inherently nondeterministic — we make no guarantees that policies or safety checks will behave as expected in every case. Do not use Clawvisor as your sole safeguard for sensitive data or critical systems.
AI agents are getting good at doing things. The problem is letting them — safely. Give an agent your Gmail credentials and it can read, send, and delete anything. Refuse, and it can't help you at all.
Clawvisor sits in the middle. Agents never hold credentials. Instead, they declare tasks describing what they need to do, the user approves the scope, and Clawvisor handles credential injection, execution, and audit logging for every request under that task.
The typical flow: a user asks their agent to triage their inbox. The agent creates a Clawvisor task declaring what it needs — read emails, but ask before sending. The user approves the scope once, and the agent makes as many requests as it needs within that scope without further interruption. Actions outside the scope go to the user for per-request approval. Restrictions can hard-block specific actions entirely.
Approve a purpose, not a permission. Clawvisor enforces it on every request.
The fastest way to try Clawvisor is hosted: sign up at clawvisor.com. No installation required — connect services and agents directly from the dashboard.
Prefer to run Clawvisor yourself? Install the daemon:
curl -fsSL https://clawvisor.com/install.sh | sh
[!WARNING] Run your agent in a separate environment from Clawvisor — a sandboxed container, separate machine, or cloud VM. If the agent shares a host with Clawvisor, it can bypass the gateway by reading the database or process environment directly.
This downloads the latest binary, adds it to your PATH, and starts an interactive setup wizard that walks you through configuration — database, LLM provider for intent verification, Google OAuth, and more. No Go, Node, or Docker required.
Once setup completes, the daemon opens the web dashboard in your browser automatically.
With Clawvisor running (hosted or self-hosted), connect your agent:
clawvisor-server connect-agent
This auto-detects installed agents (Claude Code, Claude Desktop) and walks you through connecting them. You can also target a specific agent directly:
clawvisor-server connect-agent claude-code # install skill + env vars for Claude Code
clawvisor-server connect-agent claude-desktop # configure MCP for Claude Desktop
For manual setup or other agents, see the integration guides: Claude Code · Claude Desktop (MCP) · OpenClaw · Any HTTP agent
From source (Go + Node)
git clone https://github.com/clawvisor/clawvisor.git
cd clawvisor
make setup # interactive config wizard
make run # start server (SQLite, magic link auth)
make tui # terminal dashboard (separate terminal)
make setup generates config.yaml and a vault.key (database, Google OAuth, intent verification). make run starts the server, creates an admin@local user, and opens the dashboard via a magic link. make tui auto-authenticates using the local session file.
Requires Go 1.25+ and Node.js 18+. See docs/SETUP_LOCAL.md for details.
Docker
git clone https://github.com/clawvisor/clawvisor.git
cd clawvisor
make up # docker compose (app + postgres)
See docs/SETUP_DOCKER.md for details.
Cloud / remote server
See docs/SETUP_CLOUD.md for deploying to a VPS, container platform, or Cloud Run.
For the complete agent API protocol, see skills/clawvisor/SKILL.md.
The clawvisor-server CLI is the primary interface for managing Clawvisor. Run clawvisor-server install on a fresh machine for a guided walkthrough that runs setup, services, connect-agent, and dashboard in sequence.
| Command | Description |
|---|---|
clawvisor-server install |
Guided first-run: configure, install as system service, start, connect services and agents, and open the dashboard. Use --pair to also pair a mobile device. |
clawvisor-server setup |
Interactive configuration wizard — LLM provider, relay, telemetry. Run this to reconfigure an existing install. |
clawvisor-server update |
Update to the latest release (or --version <tag> for a specific version). |
clawvisor-server uninstall |
Remove the system service. |
| Command | Description |
|---|---|
clawvisor-server start |
Start the daemon as a background service. Use --foreground to run in the foreground. |
clawvisor-server stop |
Stop the running daemon. |
clawvisor-server restart |
Restart the daemon. |
clawvisor-server status |
Show whether the daemon is running. |
| Command | Description |
|---|---|
clawvisor-server services |
Interactive picker to connect downstream services (Gmail, GitHub, Slack, etc.). |
clawvisor-server services list |
List available and connected services. Use --json for machine-readable output. |
clawvisor-server services add [service] |
Connect a service by ID or name. Omit the argument for an interactive picker. |
clawvisor-server services remove <service> |
Disconnect a service. |
| Command | Description |
|---|---|
clawvisor-server connect-agent |
Auto-detect installed agents and walk through connecting them. |
clawvisor-server connect-agent claude-code |
Install the /clawvisor-setup slash command and optionally add auto-approve rules. |
clawvisor-server connect-agent claude-desktop |
Configure the MCP connection for Claude Desktop. |
| Command | Description |
|---|---|
clawvisor-server agent create <name> |
Create an agent and print its bearer token. Use --with-callback-secret to generate a callback signing secret, --replace to overwrite an existing agent. |
clawvisor-server agent list |
List all agents. |
clawvisor-server agent delete <name-or-id> |
Delete an agent. |
| Command | Description |
|---|---|
clawvisor-server dashboard |
Open the web dashboard in your browser. Use --no-open to print the URL only. |
clawvisor-server tui |
Launch the terminal dashboard. Supports --url and --token overrides. |
clawvisor-server pair |
Pair a mobile device via QR code. |
| Command | Description |
|---|---|
clawvisor-server server |
Start the API server directly (used internally by start). Use --open to open the magic link on startup. |
clawvisor-server healthcheck |
Check if the server is ready — queries /ready on localhost. Used by Docker HEALTHCHECK. |
Clawvisor loads config.yaml from the working directory (override with CONFIG_FILE env var). Most settings have env var overrides:
| Setting | Env var | Notes |
|---|---|---|
| Database driver | DATABASE_DRIVER |
postgres or sqlite (auto-selects sqlite locally) |
| Postgres URL | DATABASE_URL |
Required for postgres driver |
| JWT secret | JWT_SECRET |
Auto-generated locally; required in prod |
| Vault key | VAULT_KEY |
Base64-encoded 32-byte key; alternative to vault.key file |
| Auth mode | AUTH_MODE |
magic_link (default locally) or password |
| Allowed emails | ALLOWED_EMAILS |
Comma-separated emails allowed to register |
| Google OAuth | GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET |
Needed for Google services |
| Public URL | PUBLIC_URL |
Used in Telegram notification links |
| LLM config | CLAWVISOR_LLM_* |
Shared provider, model, API key for all LLM features |
| Intent verification | CLAWVISOR_LLM_VERIFICATION_* |
Optional LLM check that request params match task purpose |
| Task risk assessment | CLAWVISOR_LLM_TASK_RISK_* |
Optional LLM risk assessment when tasks are created |
| Chain context | CLAWVISOR_LLM_CHAIN_CONTEXT_* |
Optional LLM extraction of facts from results for multi-step verification |
| Approval timeout | APPROVAL_TIMEOUT |
Seconds before pending approvals expire (default 300) |
| Rate limits | RATE_LIMIT_* |
Per-agent gateway, per-user OAuth, policy API, and review limits |
| MCP timeout | MCP_APPROVAL_TIMEOUT |
Seconds MCP blocks waiting for approval (default 240) |
| Telemetry | TELEMETRY_ENABLED |
Opt-in anonymous usage telemetry |
See config.example.yaml for the full configuration reference.
Agent Clawvisor External API
│ │ │
├── POST /api/tasks ─────►│ (declare scope, wait for user) │
│◄── task approved ───────┤ │
│ │ │
├── POST /api/gateway ───►│ │
│ (with task_id) ├─ Check restrictions │
│ ├─ Check task scope │
│ ├─ Auto-execute or queue approval │
│ │ │
│ │ ┌─ On execute: ──────────────┐ │
│ │ │ Inject credentials │ │
│ │ │ Call adapter ────────────────►│
│ │ │ Format response ◄────────────┤
│ │ │ Intent verification │ │
│ │ │ Audit log │ │
│ │ └────────────────────────────┘ │
│◄── Response ────────────┤ │
Every gateway request passes through three authorization layers, checked in order:
auto_execute: false (e.g. sending emails).When a task is created, Clawvisor can optionally run an LLM-powered risk assessment that evaluates the scope breadth, purpose-scope coherence, and internal consistency of the task. The assessment produces a risk level (low, medium, high, critical) shown in the dashboard to help inform your approval decision. High and critical risk tasks require a confirmation step before approval.
For multi-step tasks, chain context verification tracks structural facts (IDs, email addresses, phone numbers) extracted from adapter results and feeds them into subsequent verification prompts. This prevents a compromised agent from reading an inbox and then targeting an entity not present in the results. Chain context is activated by passing a consistent session_id across related gateway requests.
All three LLM subsystems (intent verification, chain context extraction, and task risk assessment) are covered by eval suites totaling 249 cases. See docs/eval-results.md for accuracy breakdowns and failure analysis.
| Service ID | Service | Actions |
|---|---|---|
google.gmail |
Gmail | list_messages, get_message, send_message |
google.calendar |
Google Calendar | list_events, get_event, create_event, update_event, delete_event, list_calendars |
google.drive |
Google Drive | list_files, get_file, create_file, update_file, search_files |
google.contacts |
Google Contacts | list_contacts, get_contact, search_contacts |
microsoft.outlook |
Outlook | list_messages, get_message, send_message, list_events, get_event, create_event |
microsoft.onedrive |
OneDrive | list_files, get_file, download_file, upload_file, search_files |
github |
GitHub | list_issues, get_issue, create_issue, comment_issue, list_prs, get_pr, list_repos, search_code |
slack |
Slack | list_channels, get_channel, list_messages, send_message, search_messages, list_users |
notion |
Notion | search |
$ claude mcp add clawvisor \
-- python -m otcore.mcp_server <graph>