SidClaw
Approve, deny, and audit AI agent tool calls.
Works with MCP, LangChain, OpenAI Agents, Claude Agent SDK, and 15+ more.
<a href="https://sidclaw.com" target="_blank">Website</a> · <a href="https://docs.sidclaw.com" target="_blank">Documentation</a> · <a href="https://demo.sidclaw.com" target="_blank">Live Demo</a> · <a href="https://www.npmjs.com/package/@sidclaw/sdk" target="_blank">SDK on npm</a> · <a href="https://pypi.org/project/sidclaw/" target="_blank">SDK on PyPI</a>
</div>Your agents call tools without oversight. SidClaw intercepts every tool call, checks it against your policies, and holds risky actions for human review before they execute.
Try it locally (self-contained, no install)
Clone and run:
git clone https://github.com/sidclawhq/platform
cd platform/packages/sidclaw-demo && node cli.mjsOpens a local governance dashboard at http://localhost:3030 with four pre-loaded scenarios (Claude Code rm -rf, fintech trade, DevOps scale-to-zero, clinical lab order). No signup, no Docker, no API key — just the approval card UX running in your browser.
Coming to npm soon:
npx sidclaw-demoone-liner will be published alongside the next SDK release. Until then, the clone-and-run path above is the canonical way to see the demo.
See it in action
Agent wants to send an email → policy flags it → reviewer sees full context → approves or denies → trace recorded.
Works With Your Stack
<div align="center">
SidClaw integrates with 18+ frameworks and platforms — including OpenClaw (329K+ users), LangChain, OpenAI, MCP, Claude Agent SDK, Google ADK, NemoClaw, Copilot Studio, GitHub Copilot, and more. Add governance in one line of code. <a href="https://docs.sidclaw.com/docs/integrations" target="_blank">See all integrations →</a>
See It In Action
Customer Support Agent (Financial Services)
An AI agent wants to send a customer email. Policy flags it for review. The reviewer sees full context — who, what, why — and approves with one click. Every step is traced.
Infrastructure Automation (DevOps)
An AI agent wants to scale production services. High-risk deployments require human approval. Read-only monitoring is allowed instantly.
Clinical Decision Support (Healthcare)
An AI assistant recommends lab orders. The physician reviews the clinical context and approves. Medication prescribing is blocked by policy — only physicians can prescribe.
How It Works
Agent wants to act → SidClaw evaluates → Policy decides → Human approves (if needed) → Action executes → Trace recordedFour primitives govern every agent action:
┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐
│ Identity │ → │ Policy │ → │ Approval │ → │ Trace │
│ │ │ │ │ │ │ │
│ Every │ │ Every │ │ High-risk│ │ Every │
│ agent │ │ action │ │ actions │ │ decision │
│ has an │ │ evaluated│ │ get human│ │ creates │
│ owner & │ │ against │ │ review │ │ tamper- │
│ scoped │ │ explicit │ │ with rich│ │ proof │
│ perms │ │ rules │ │ context │ │ audit │
└──────────┘ └──────────┘ └──────────┘ └──────────┘- allow → action executes immediately, trace recorded
- approval_required → human sees context card, approves/denies, trace recorded
- deny → blocked before execution, no data accessed, trace recorded
Deploy your own SidClaw instance ($0)
Railway is the recommended one-click deploy — it spins up Postgres + API + Dashboard together. Vercel hosts only the Next.js dashboard; pair it with a hosted API.
https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Fsidclawhq%2Fplatform&root-directory=apps%2Fdashboard&env=NEXT_PUBLIC_API_URL&envDescription=Your%20SidClaw%20API%20base%20URL%20(e.g.%20https%3A%2F%2Fapi.sidclaw.com)Vercel can only host the dashboard (Next.js). The API is Fastify — deploy it to Railway, Fly, Render, or run via Docker. Set NEXT_PUBLIC_API_URL on the dashboard project to point at it.
Under 3 minutes to a working instance on Railway.
Quick Start — Pick What Fits
Option 1: Claude Code Hooks (zero code)
For Claude Code users. Every Bash, Write, Agent, mcp__* tool call is governed by SidClaw:
# In the SidClaw platform repo
npm run hooks:install
# Then set two env vars
export SIDCLAW_BASE_URL=https://api.sidclaw.com
export SIDCLAW_API_KEY=ai_your_key_hereRestart Claude Code. rm -rf pauses for approval, git push --force gets flagged, every tool call is traced with a hash-chained audit trail. See hooks/README.md.
Option 2: create-sidclaw-app (interactive scaffold)
npx create-sidclaw-app my-agent
cd my-agent
npm startOption 3: MCP Governance Proxy (zero code, wraps any MCP server)
Jump to the MCP Governance Proxy section below.
Option 4: SDK wrapper (one line per tool)
// Before: the agent decides, nobody reviews
await sendEmail({ to: "customer@example.com", subject: "Follow-up", body: "..." });
// After: wrap with SidClaw — now policies apply
const sendEmail = withGovernance(client, {
operation: 'send_email',
data_classification: 'confidential',
}, sendEmailFn);
await sendEmail({ to: "customer@example.com", subject: "Follow-up", body: "..." });
// → allow (executes) | approval_required (human reviews) | deny (blocked)@with_governance(client, GovernanceConfig(
operation="send_email",
data_classification="confidential",
))
def send_email(to, subject, body):
email_service.send(to=to, subject=subject, body=body)npm install @sidclaw/sdkimport { AgentIdentityClient, withGovernance } from '@sidclaw/sdk';
const client = new AgentIdentityClient({
apiKey: process.env.SIDCLAW_API_KEY,
apiUrl: 'https://api.sidclaw.com',
agentId: process.env.SIDCLAW_AGENT_ID,
});
const sendEmail = withGovernance(client, {
operation: 'send_email',
target_integration: 'email_service',
resource_scope: 'customer_emails',
data_classification: 'confidential',
}, async (to, subject, body) => {
await emailService.send({ to, subject, body });
});
await sendEmail('customer@example.com', 'Follow-up', 'Hello...');
// allow → executes | approval_required → waits for human | deny → throwspip install sidclawimport os
from sidclaw import SidClaw
from sidclaw.middleware.generic import with_governance, GovernanceConfig
client = SidClaw(
api_key=os.environ["SIDCLAW_API_KEY"],
agent_id=os.environ["SIDCLAW_AGENT_ID"],
)
@with_governance(client, GovernanceConfig(
operation="send_email",
target_integration="email_service",
data_classification="confidential",
))
def send_email(to, subject, body):
email_service.send(to=to, subject=subject, body=body)MCP Governance Proxy
Wrap any MCP server with policy evaluation and approval workflows. Works with Claude Desktop, Cursor, VS Code, GitHub Copilot — any MCP client. Listed on the <a href="https://registry.modelcontextprotocol.io" target="_blank">official MCP Registry</a>.
Add to your .mcp.json:
{
"mcpServers": {
"postgres-governed": {
"command": "npx",
"args": ["-y", "@sidclaw/sdk", "sidclaw-mcp-proxy", "--transport", "stdio"],
"env": {
"SIDCLAW_API_KEY": "ai_your_key",
"SIDCLAW_AGENT_ID": "your-agent-id",
"SIDCLAW_UPSTREAM_CMD": "npx",
"SIDCLAW_UPSTREAM_ARGS": "-y,@modelcontextprotocol/server-postgres,postgresql://localhost/mydb"
}
}
}
}SELECT * FROM customers→ allowed (~50ms overhead)DELETE FROM customers WHERE id = 5→ held for human approvalDROP TABLE customers→ denied by policy
<a href="https://docs.sidclaw.com/docs/integrations/claude-code" target="_blank">Full MCP governance docs →</a>
Why not just auth / sandboxing / logging?
| Approach | What it solves | What it doesn't solve |
|---|---|---|
| Auth (Okta, OAuth) | Who is this agent? | Should this specific action execute right now? |
| Sandboxing (Docker, WASM) | Blast radius if something goes wrong | Whether the action should happen at all |
| Logging (Langfuse, LangSmith) | What happened after the fact | Intercepting actions before they execute |
| Policy engines (OPA) | General-purpose policy evaluation | Approval workflows, agent-specific context, audit trails |
| SidClaw | All of the above, plus the Approval primitive | — |
SidClaw sits at the tool-call layer: the moment an agent decides to act in the real world.
Integrations
SidClaw wraps your existing agent tools — no changes to your agent logic.
Agent Frameworks
| TypeScript | Python | |
|---|---|---|
| Core client | @sidclaw/sdk | sidclaw |
| MCP proxy | @sidclaw/sdk/mcp | sidclaw.mcp |
| LangChain | @sidclaw/sdk/langchain | sidclaw.middleware.langchain |
| OpenAI Agents | @sidclaw/sdk/openai-agents | sidclaw.middleware.openai_agents |
| CrewAI | @sidclaw/sdk/crewai | sidclaw.middleware.crewai |
| Vercel AI | @sidclaw/sdk/vercel-ai | — |
| Pydantic AI | — | sidclaw.middleware.pydantic_ai |
| Claude Agent SDK | @sidclaw/sdk/claude-agent-sdk | sidclaw.middleware.claude_agent_sdk |
| Google ADK | @sidclaw/sdk/google-adk | sidclaw.middleware.google_adk |
| LlamaIndex | @sidclaw/sdk/llamaindex | sidclaw.middleware.llamaindex |
| Composio | @sidclaw/sdk/composio | sidclaw.middleware.composio |
| NemoClaw | @sidclaw/sdk/nemoclaw | sidclaw.middleware.nemoclaw |
| Webhooks | @sidclaw/sdk/webhooks | sidclaw.webhooks |
Platform Integrations
| Integration | Description |
|---|---|
| Claude Code | Govern any MCP server in Claude Code. Add a .mcp.json entry — zero code changes. <a href="https://docs.sidclaw.com/docs/integrations/claude-code" target="_blank">Guide →</a> |
| OpenClaw | Governance proxy for OpenClaw skills. Published as sidclaw-governance on ClawHub. <a href="https://docs.sidclaw.com/docs/integrations/openclaw" target="_blank">Guide →</a> |
…