Claw Patrol: an open-source security firewall for agents
Deno has introduced Claw Patrol, an open-source security firewall designed for agents managing production systems. This tool aims to balance the need for agent access with security by controlling outbound requests and credential management. Claw Patrol allows for customizable rules to ensure safe interactions with various services while minimizing risks associated with agent operations.
- ▪Claw Patrol routes agent traffic through a secure tunnel to a gateway that evaluates requests against user-defined rules.
- ▪The solution allows agents to access production systems while preventing unauthorized actions, such as deleting databases or accessing sensitive information.
- ▪Claw Patrol is currently in alpha and is open-sourced under the MIT license, with documentation available for further development.
Opening excerpt (first ~120 words) tap to expand
Claw Patrol: an open-source security firewall for agentsMay 21, 2026Ryan DahlBert BelderDivy SrivastavaArnau OrriolsYusuke TanakaProduct UpdateAt Deno, we run Deno Deploy, JSR, and a handful of other production services. We’re increasingly using agents to help with operations: triage PagerDuty alerts, check dashboards, query logs, run kubectl, roll back a bad deploy, and so on. That means giving the agents access to many of the production systems an engineer has: AWS, GCP, Postgres, Kubernetes, ClickHouse, GitHub, Slack, Grafana. This requires extreme care, and presents a dilemma. An agent with limited access isn’t very useful. But the more access it has, the more dangerous it is: kubectl delete namespace prod and psql -c 'DROP TABLE users' are both one tool call away.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Deno Blog.
Discussion
0 commentsMore from Deno Blog
