MCPcopy Index your code
hub / github.com/clawvisor/clawvisor

github.com/clawvisor/clawvisor @v0.9.10

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.9.10 ↗ · + Follow
10,984 symbols 44,390 edges 1,006 files 4,526 documented · 41%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Clawvisor

Clawvisor

Your agents act. You stay in control.

The gatekeeper between your AI agents and the APIs they act on.

Get Started · CLI · Agent Integration · Dashboard · Services · Runtime Proxy · Security


[!WARNING] Use at your own risk. Clawvisor is experimental software under active development. It has not been audited for security. LLMs are inherently nondeterministic — we make no guarantees that policies or safety checks will behave as expected in every case. Do not use Clawvisor as your sole safeguard for sensitive data or critical systems.


AI agents are getting good at doing things. The problem is letting them — safely. Give an agent your Gmail credentials and it can read, send, and delete anything. Refuse, and it can't help you at all.

Clawvisor sits in the middle. Agents never hold credentials. Instead, they declare tasks describing what they need to do, the user approves the scope, and Clawvisor handles credential injection, execution, and audit logging for every request under that task.

The typical flow: a user asks their agent to triage their inbox. The agent creates a Clawvisor task declaring what it needs — read emails, but ask before sending. The user approves the scope once, and the agent makes as many requests as it needs within that scope without further interruption. Actions outside the scope go to the user for per-request approval. Restrictions can hard-block specific actions entirely.

Approve a purpose, not a permission. Clawvisor enforces it on every request.

Get Started

Sign up (recommended)

The fastest way to try Clawvisor is hosted: sign up at clawvisor.com. No installation required — connect services and agents directly from the dashboard.

Self-host

Prefer to run Clawvisor yourself? Install the daemon:

curl -fsSL https://clawvisor.com/install.sh | sh

[!WARNING] Run your agent in a separate environment from Clawvisor — a sandboxed container, separate machine, or cloud VM. If the agent shares a host with Clawvisor, it can bypass the gateway by reading the database or process environment directly.

This downloads the latest binary, adds it to your PATH, and starts an interactive setup wizard that walks you through configuration — database, LLM provider for intent verification, Google OAuth, and more. No Go, Node, or Docker required.

Once setup completes, the daemon opens the web dashboard in your browser automatically.

Connect your agent

With Clawvisor running (hosted or self-hosted), connect your agent:

clawvisor-server connect-agent

This auto-detects installed agents (Claude Code, Claude Desktop) and walks you through connecting them. You can also target a specific agent directly:

clawvisor-server connect-agent claude-code      # install skill + env vars for Claude Code
clawvisor-server connect-agent claude-desktop   # configure MCP for Claude Desktop

For manual setup or other agents, see the integration guides: Claude Code · Claude Desktop (MCP) · OpenClaw · Any HTTP agent

Other self-host options

From source (Go + Node)

git clone https://github.com/clawvisor/clawvisor.git
cd clawvisor
make setup    # interactive config wizard
make run      # start server (SQLite, magic link auth)
make tui      # terminal dashboard (separate terminal)

make setup generates config.yaml and a vault.key (database, Google OAuth, intent verification). make run starts the server, creates an admin@local user, and opens the dashboard via a magic link. make tui auto-authenticates using the local session file.

Requires Go 1.25+ and Node.js 18+. See docs/SETUP_LOCAL.md for details.

Docker

git clone https://github.com/clawvisor/clawvisor.git
cd clawvisor
make up       # docker compose (app + postgres)

See docs/SETUP_DOCKER.md for details.

Cloud / remote server

See docs/SETUP_CLOUD.md for deploying to a VPS, container platform, or Cloud Run.

For the complete agent API protocol, see skills/clawvisor/SKILL.md.

CLI Reference

The clawvisor-server CLI is the primary interface for managing Clawvisor. Run clawvisor-server install on a fresh machine for a guided walkthrough that runs setup, services, connect-agent, and dashboard in sequence.

Setup & installation

Command Description
clawvisor-server install Guided first-run: configure, install as system service, start, connect services and agents, and open the dashboard. Use --pair to also pair a mobile device.
clawvisor-server setup Interactive configuration wizard — LLM provider, relay, telemetry. Run this to reconfigure an existing install.
clawvisor-server update Update to the latest release (or --version <tag> for a specific version).
clawvisor-server uninstall Remove the system service.

Daemon lifecycle

Command Description
clawvisor-server start Start the daemon as a background service. Use --foreground to run in the foreground.
clawvisor-server stop Stop the running daemon.
clawvisor-server restart Restart the daemon.
clawvisor-server status Show whether the daemon is running.

Services

Command Description
clawvisor-server services Interactive picker to connect downstream services (Gmail, GitHub, Slack, etc.).
clawvisor-server services list List available and connected services. Use --json for machine-readable output.
clawvisor-server services add [service] Connect a service by ID or name. Omit the argument for an interactive picker.
clawvisor-server services remove <service> Disconnect a service.

Agent connection

Command Description
clawvisor-server connect-agent Auto-detect installed agents and walk through connecting them.
clawvisor-server connect-agent claude-code Install the /clawvisor-setup slash command and optionally add auto-approve rules.
clawvisor-server connect-agent claude-desktop Configure the MCP connection for Claude Desktop.

Agent management

Command Description
clawvisor-server agent create <name> Create an agent and print its bearer token. Use --with-callback-secret to generate a callback signing secret, --replace to overwrite an existing agent.
clawvisor-server agent list List all agents.
clawvisor-server agent delete <name-or-id> Delete an agent.

Dashboard & UI

Command Description
clawvisor-server dashboard Open the web dashboard in your browser. Use --no-open to print the URL only.
clawvisor-server tui Launch the terminal dashboard. Supports --url and --token overrides.
clawvisor-server pair Pair a mobile device via QR code.

Other

Command Description
clawvisor-server server Start the API server directly (used internally by start). Use --open to open the magic link on startup.
clawvisor-server healthcheck Check if the server is ready — queries /ready on localhost. Used by Docker HEALTHCHECK.

Configuration

Clawvisor loads config.yaml from the working directory (override with CONFIG_FILE env var). Most settings have env var overrides:

Setting Env var Notes
Database driver DATABASE_DRIVER postgres or sqlite (auto-selects sqlite locally)
Postgres URL DATABASE_URL Required for postgres driver
JWT secret JWT_SECRET Auto-generated locally; required in prod
Vault key VAULT_KEY Base64-encoded 32-byte key; alternative to vault.key file
Auth mode AUTH_MODE magic_link (default locally) or password
Allowed emails ALLOWED_EMAILS Comma-separated emails allowed to register
Google OAuth GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET Needed for Google services
Public URL PUBLIC_URL Used in Telegram notification links
LLM config CLAWVISOR_LLM_* Shared provider, model, API key for all LLM features
Intent verification CLAWVISOR_LLM_VERIFICATION_* Optional LLM check that request params match task purpose
Task risk assessment CLAWVISOR_LLM_TASK_RISK_* Optional LLM risk assessment when tasks are created
Chain context CLAWVISOR_LLM_CHAIN_CONTEXT_* Optional LLM extraction of facts from results for multi-step verification
Approval timeout APPROVAL_TIMEOUT Seconds before pending approvals expire (default 300)
Rate limits RATE_LIMIT_* Per-agent gateway, per-user OAuth, policy API, and review limits
MCP timeout MCP_APPROVAL_TIMEOUT Seconds MCP blocks waiting for approval (default 240)
Telemetry TELEMETRY_ENABLED Opt-in anonymous usage telemetry

See config.example.yaml for the full configuration reference.

How It Works

Agent                    Clawvisor                         External API
  │                         │                                   │
  ├── POST /api/tasks ─────►│  (declare scope, wait for user)   │
  │◄── task approved ───────┤                                   │
  │                         │                                   │
  ├── POST /api/gateway ───►│                                   │
  │   (with task_id)        ├─ Check restrictions               │
  │                         ├─ Check task scope                 │
  │                         ├─ Auto-execute or queue approval   │
  │                         │                                   │
  │                         │  ┌─ On execute: ──────────────┐   │
  │                         │  │  Inject credentials        │   │
  │                         │  │  Call adapter ────────────────►│
  │                         │  │  Format response  ◄────────────┤
  │                         │  │  Intent verification       │   │
  │                         │  │  Audit log                 │   │
  │                         │  └────────────────────────────┘   │
  │◄── Response ────────────┤                                   │

Every gateway request passes through three authorization layers, checked in order:

  1. Restrictions — hard blocks you configure on specific service/action pairs. If a restriction matches, the request is denied immediately. Use these for actions you never want any agent to take (e.g. "no agent can delete calendar events").
  2. Task scopes — the primary mechanism. When an agent needs to do something, it creates a task declaring the purpose and which service/action pairs it needs. You review and approve the scope once. After that, requests under that task execute without further interruption — you approved the purpose, not each individual call. Tasks can be session-scoped (expire after a TTL) or standing (persist until you revoke them).
  3. Per-request approval — the fallback. Any request that isn't covered by a task scope goes to the approval queue, and you're notified via the dashboard, Telegram, or push notification to your phone. This is the default for actions the agent didn't declare upfront, or for task actions marked auto_execute: false (e.g. sending emails).

When a task is created, Clawvisor can optionally run an LLM-powered risk assessment that evaluates the scope breadth, purpose-scope coherence, and internal consistency of the task. The assessment produces a risk level (low, medium, high, critical) shown in the dashboard to help inform your approval decision. High and critical risk tasks require a confirmation step before approval.

For multi-step tasks, chain context verification tracks structural facts (IDs, email addresses, phone numbers) extracted from adapter results and feeds them into subsequent verification prompts. This prevents a compromised agent from reading an inbox and then targeting an entity not present in the results. Chain context is activated by passing a consistent session_id across related gateway requests.

All three LLM subsystems (intent verification, chain context extraction, and task risk assessment) are covered by eval suites totaling 249 cases. See docs/eval-results.md for accuracy breakdowns and failure analysis.

Supported Services

Service ID Service Actions
google.gmail Gmail list_messages, get_message, send_message
google.calendar Google Calendar list_events, get_event, create_event, update_event, delete_event, list_calendars
google.drive Google Drive list_files, get_file, create_file, update_file, search_files
google.contacts Google Contacts list_contacts, get_contact, search_contacts
microsoft.outlook Outlook list_messages, get_message, send_message, list_events, get_event, create_event
microsoft.onedrive OneDrive list_files, get_file, download_file, upload_file, search_files
github GitHub list_issues, get_issue, create_issue, comment_issue, list_prs, get_pr, list_repos, search_code
slack Slack list_channels, get_channel, list_messages, send_message, search_messages, list_users
notion Notion search

Extension points exported contracts — how you extend this code

Vault (Interface)
Vault stores and retrieves encrypted service credentials. Credentials are scoped per-user per-service. The agent never i [9 …
pkg/vault/vault.go
MetadataProvider (Interface)
── Metadata types ────────────────────────────────────────────────────────── MetadataProvider is an optional interface a [7 …
pkg/adapters/adapters.go
LocalServiceExecutor (Interface)
LocalServiceExecutor routes agent gateway requests to local daemons. Implemented by the cloud layer; nil in self-hosted [22 …
pkg/clawvisor/options.go
ScreenModel (Interface)
ScreenModel is the interface every screen must implement. [6 implementers]
internal/tui/screen.go
Verifier (Interface)
Verifier checks whether a gateway request is consistent with the approved task. [18 implementers]
internal/intent/verifier.go
LocalServiceExecutor (Interface)
LocalServiceExecutor handles execution of local daemon service requests. Implemented by the cloud layer; nil in self-hos [22 …
internal/api/handlers/gateway.go
InlineTaskCreator (Interface)
InlineTaskCreator is the lite-proxy's contract for creating an inline-approved task. The handlers package implements thi [7 …
internal/runtime/llmproxy/release.go
MagicTokenStore (Interface)
MagicTokenStore manages single-use magic link tokens. The open-source in-memory implementation lives in internal/auth. C [4 …
pkg/auth/auth.go

Core symbols most depended-on inside this repo

String
called by 798
internal/tui/screen.go
writeError
called by 671
internal/api/handlers/health.go
Set
called by 613
internal/api/handlers/pairing_store.go
Close
called by 416
internal/events/hub.go
Error
called by 331
internal/api/handlers/proxy_resolver.go
Add
called by 326
internal/notify/telegram/groups_redis.go
Is
called by 297
internal/runtime/llmproxy/script_session.go
writeJSON
called by 234
internal/api/handlers/health.go

Shape

Function 6,004
Method 3,255
Struct 1,394
Interface 231
TypeAlias 51
FuncType 41
Class 8

Languages

Go95%
TypeScript5%
Python1%

Modules by API surface

pkg/store/store.go248 symbols
pkg/store/postgres/store.go219 symbols
pkg/store/sqlite/store.go218 symbols
web/src/api/client.ts113 symbols
internal/api/handlers/llm_endpoint.go111 symbols
internal/api/handlers/tasks.go86 symbols
internal/runtime/llmproxy/controltool/control.go76 symbols
internal/api/handlers/local_service_test.go71 symbols
internal/runtime/conversation/openai_response.go68 symbols
pkg/adapters/adapters.go67 symbols
internal/tui/client/client.go66 symbols
internal/api/handlers/services.go66 symbols

Datastores touched

(mysql)Database · 1 repos
clawvisorDatabase · 1 repos
dbDatabase · 1 repos
dbDatabase · 1 repos
mydbDatabase · 1 repos
testdbDatabase · 1 repos

For agents

$ claude mcp add clawvisor \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact