Skip to content
/
Tier A A11 Governance

DashClaw

dashclaw · ucsandman/DashClaw · ★ 268 · last commit 2026-05-25

Full-stack AI agent governance platform: pre-action policy enforcement, multi-channel human approval routing, durable finality, audit trails, and Code Sessions optimizer.

Best whenGovernance must be durable — retried agents silently double-executing is as dangerous as the original unsafe action.
Skip ifagent double-execution on retry, approval workflows limited to a single channel
vs seeds
kirois a closed IDE product; DashClaw governs any agent framework …
Primitive shape 28 total
Skills 2 Hooks 3 MCP tools 23
00

Summary

DashClaw — Summary

DashClaw is a full-stack governance infrastructure for AI agents: a Next.js/Neon-backed platform that intercepts agent actions, evaluates declarative policies, routes human approvals, records verifiable decision trails, and tracks terminal outcomes to prevent double-execution on retry. It provides three integration paths — Claude Code hooks (3 Python scripts: PreToolUse, PostToolUse, Stop), an MCP server with 23 tools, and Node.js/Python SDKs — targeting Claude Code, Codex, Hermes Agent, OpenClaw, Claude Desktop, LangChain, CrewAI, AutoGen, LangGraph, and OpenAI Agents SDK. The platform includes a web dashboard (Next.js), approval routing to dashboard/CLI/mobile PWA/Telegram/Discord, a Code Sessions feature that ingests Claude Code transcripts and distills "Optimal Files" bundles (CLAUDE.md + hooks + skills), and a capability registry that wraps external HTTP APIs with per-agent access rules. Compared to seeds: DashClaw is the only framework in Batch 31 with a cloud-hosted dashboard, multi-channel approval routing, and a built-in code session optimizer — combining the governance of Sponsio with the audit logging of clauder plus an active approval-queue workflow not seen in any seed.

01

Overview

DashClaw — Overview

Origin

Repo: ucsandman/DashClaw. Created February 2026, JavaScript (Next.js), MIT. 268 stars. Website: dashclaw.io. NPM: dashclaw (v2.18.0). PyPI: dashclaw. 5 contributors.

Philosophy

From README:

"Govern AI agents before they act."

"DashClaw is the governance layer for AI agents that touch real systems. It sits between agents and the world, evaluates policy on every risky action, routes human approval where it is required, records verifiable evidence, and tracks terminal outcomes so a retried agent never silently double-executes."

The key innovation beyond simple hook-based blocking: durable finality — when an agent completes a destructive action (deletes a file, sends a payment), DashClaw records a terminal outcome so that if the agent retries due to a connectivity issue, it won't execute the same action twice.

Design Principles

  • Govern before act: policy evaluation before execution, not audit after
  • Durable finality: terminal outcomes are one-shot — lost confirmations are swept and surfaced
  • Multi-channel approval: human approval routes to wherever the human is (dashboard, CLI, mobile, Telegram, Discord)
  • Code Sessions intelligence: not just governance — DashClaw also analyzes Claude Code sessions to produce optimized CLAUDE.md + hooks + skill packs
  • Zero-code integration: Claude Code plugin + hooks require no agent code changes

Key Innovation: Code Sessions

The Code Sessions feature ingests Claude Code transcripts:

  • Prices the spend per session
  • Surfaces optimizer signals (stuck loops, cache crater, context gaps)
  • Distills sessions into an "Optimal Files" bundle:
    • Root CLAUDE.md
    • Path-scoped rules
    • Hooks
    • Skill packs
  • Applied locally via dashclaw code apply
02

Architecture

DashClaw — Architecture

Distribution

  • npm: npm install dashclaw (Node 18+)
  • pip: pip install dashclaw (Python 3.7+)
  • MCP server: npx @dashclaw/mcp-server
  • Demo: npx dashclaw-demo
  • Platform: self-hosted or Vercel+Neon deployment

Install / Deploy

# Self-hosted deployment
vercel deploy   # with Neon database
# or Docker
docker-compose up

# Connect Claude Code
npm run hooks:install
ln -s "$(pwd)/plugins/dashclaw" ~/.claude/plugins/dashclaw

# Connect Codex
node cli/bin/dashclaw.js install codex --project /path/to/project

Platform Architecture

DashClaw Platform (Next.js + Neon PostgreSQL)
├── app/                     Next.js pages
│   ├── dashboard/           Main dashboard
│   ├── approvals/           Approval queue
│   ├── audit-log/           Audit trail
│   ├── capabilities/        API registry
│   ├── code-sessions/       Claude Code session analyzer
│   ├── api/                 REST API + MCP endpoint
│   └── ...
├── hooks/                   Claude Code hook scripts
│   ├── settings.json        Hook wiring (PreToolUse, PostToolUse, Stop)
│   ├── dashclaw_pretool.py  Governs 40+ tool types
│   ├── dashclaw_posttool.py PostToolUse logging
│   ├── dashclaw_stop.py     Session end reporting
│   └── dashclaw_agent_intel/ Classification module
├── mcp-server/              @dashclaw/mcp-server (23 tools)
├── plugins/dashclaw/        Claude Code / Codex / Hermes plugins
│   ├── .claude-plugin/
│   ├── .codex-plugin/
│   └── .hermes-plugin/
├── sdk/                     Node.js SDK
├── sdk-python/              Python SDK
├── agents/                  Agent definitions
├── cli/                     CLI binary
└── scripts/                 Installer scripts

Required Runtime

  • Node 18+ (platform + Node SDK)
  • Python 3.7+ (Python SDK, hooks)
  • Neon PostgreSQL (for platform persistence)
  • Vercel (for deployment) or Docker

Target AI Tools

Claude Code, Codex, Hermes Agent, OpenClaw, Claude Desktop, LangChain, CrewAI, AutoGen, LangGraph, OpenAI Agents SDK, any MCP host, custom REST.

03

Components

DashClaw — Components

Hooks (Claude Code)

3 hook scripts wired via hooks/settings.json:

Hook Script Event Matchers Purpose
dashclaw_pretool.py PreToolUse Bash, Edit, Write, MultiEdit Policy evaluation for 40+ tool types, semantic classification, risk scoring
dashclaw_posttool.py PostToolUse Bash, Edit, Write, MultiEdit Action logging, outcome recording
dashclaw_stop.py Stop (none) Session end reporting, Code Sessions ingestion

MCP Server: 23 Tools

@dashclaw/mcp-server organized in 7 groups:

Group Tools
Core governance dashclaw_guard, dashclaw_record, dashclaw_invoke, dashclaw_capabilities_list, dashclaw_policies_list, dashclaw_wait_for_approval
Session continuity dashclaw_session_start, dashclaw_session_end
Optimal files dashclaw_optimal_files_preview, dashclaw_optimal_files_manifest
Handoffs dashclaw_handoff_create, dashclaw_handoff_latest, dashclaw_handoff_consume
Credential hygiene dashclaw_secret_list, dashclaw_secret_due, dashclaw_secret_mark_rotated
Skill safety dashclaw_skill_scan
Open loops / learning dashclaw_loop_add, dashclaw_loop_list, dashclaw_loop_close, dashclaw_learning_log, dashclaw_learning_query, dashclaw_decisions_recent

Plus 4 read-only resources: dashclaw://policies, dashclaw://capabilities, dashclaw://agent/{agent_id}/history, dashclaw://status.

SDK

  • Node.js SDK: 87 methods (core governance, durable finality, scoring, analytics, messaging, handoffs, security scanning, threads, sessions, workflows, knowledge collections, capability runtime)
  • Python SDK: 235 methods including LangChain, CrewAI, AutoGen integrations

CLI

cli/bin/dashclaw.js:

  • dashclaw install codex --project <path>
  • dashclaw code apply

Plugins (3 ecosystems)

Plugin Target
.claude-plugin/ Claude Code (SKILL.md + MCP config)
.codex-plugin/ Codex CLI
.hermes-plugin/ Hermes Agent (8 lifecycle hooks)

Skills

Two Claude Code skills bundled in plugin:

  • dashclaw-governance — governance protocol
  • dashclaw-platform-intelligence — platform reference

Dashboard

Next.js web application with: approval queue, audit log, capabilities registry, code sessions analyzer, agent monitoring, policy management.

05

Prompts

DashClaw — Prompts

Verbatim Excerpt 1: dashclaw_pretool.py (PreToolUse Hook)

"""
DashClaw PreToolUse Hook v2 for Claude Code.

Evaluates all 40+ agent tool calls against DashClaw guard policies
using the dashclaw_agent_intel module for semantic classification.

Exit codes:
  0 - Allow the tool to proceed
  2 - Block the tool (Claude Code shows stderr to user)
"""

Technique: exit-code based blocking — Claude Code's hook protocol uses exit code 2 to block the tool call and display stderr to the user. DashClaw returns the block reason as stderr, giving the agent a signal to self-correct.

Verbatim Excerpt 2: hooks/settings.json (Hook Wiring)

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash|Edit|Write|MultiEdit",
        "hooks": [
          {
            "type": "command",
            "command": "python \"$CLAUDE_PROJECT_DIR/.claude/hooks/dashclaw_pretool.py\"",
            "timeout": 3600000
          }
        ]
      }
    ],
    "PostToolUse": [
      {
        "matcher": "Bash|Edit|Write|MultiEdit",
        "hooks": [
          {
            "type": "command",
            "command": "python \"$CLAUDE_PROJECT_DIR/.claude/hooks/dashclaw_posttool.py\""
          }
        ]
      }
    ],
    "Stop": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "python \"$CLAUDE_PROJECT_DIR/.claude/hooks/dashclaw_stop.py\""
          }
        ]
      }
    ]
  }
}

Technique: minimal hook surface — DashClaw uses only 3 hooks (vs clauder's 14). The PreToolUse has a 3600000ms (1 hour) timeout, indicating it may wait for human approval input. The Stop hook triggers the session analysis pipeline.

Verbatim Excerpt 3: README (Governance Table)

| | |
|---|---|
| **Intercept** | Risky agent actions are evaluated before they execute. Block, warn, or hold for approval, by policy. |
| **Enforce** | Declarative policies (risk thresholds, deploy gates, capability access rules, semantic checks) run on every action. |
| **Approve** | Pending approvals route to a dashboard queue, the CLI inbox, a mobile PWA, Telegram, or Discord. |
| **Record** | Every action becomes a replayable decision record: declared goal, reasoning, risk score, matched policies, assumptions, evidence. |
| **Finalize** | Terminal outcomes are one-shot and durable. Lost confirmations are swept and surfaced. |

Technique: capability matrix framing — DashClaw presents its value as a 5-verb framework (Intercept, Enforce, Approve, Record, Finalize), making the governance model immediately scannable.

09

Uniqueness

DashClaw — Uniqueness & Positioning

Differs from Seeds

DashClaw has no close analog among the 11 seeds. The closest is kiro (which has IDE-native governance and hook events), but kiro is a closed IDE product; DashClaw is an open framework for governing any AI agent. The governance scope closest in the seeds is spec-kit (18 hooks, CI integration) but spec-kit enforces a development workflow, not action-level policy. DashClaw's distinguishing innovations: (1) Durable finality — no seed prevents double-execution on retry; (2) Multi-channel approval routing (dashboard + CLI + mobile PWA + Telegram + Discord) — no seed has approval routing to messaging platforms; (3) Code Sessions optimizer that ingests Claude Code transcripts and produces optimized CLAUDE.md + hooks + skills — this feedback loop from usage data to configuration is unique; (4) Capability registry wrapping external HTTP APIs with per-agent access rules; (5) Full Next.js + Neon PostgreSQL platform deployable on Vercel — all seeds ship files/configs, DashClaw ships a full web application.

Positioning

Signal type: multi-tier governance (pre-action blocking + human approval + audit + session optimization) Intervention point: PreToolUse (blocking/routing) + PostToolUse (recording) + Stop (session analysis) Unique features: durable finality, multi-channel approval routing, Code Sessions optimizer, capability registry, full web platform Target user: teams running production AI agents who need audit trails, human approval workflows, and session optimization

Observable Failure Modes

  • Requires full Vercel+Neon deployment — much higher setup friction than hook-only frameworks
  • PreToolUse 1-hour timeout means Claude Code waits for human approval — blocks agent if human is unavailable
  • v2.18.0 is actively developed but dashclaw-platform npm package with no bin entries is unusual
  • Multi-channel routing (Telegram/Discord) adds operational dependencies
  • 268 stars — significant adoption but not yet mainstream

Relationship to Batch 31

DashClaw is the most full-featured governance platform in the batch. It's the only one with a cloud-hosted dashboard, approval routing to messaging apps, and a session optimization feedback loop. Sponsio (also in this batch) is a lighter-weight in-process enforcement library; DashClaw is an external governance service.

04

Workflow

DashClaw — Workflow

Integration Phases

Phase Description Artifact
Deploy platform vercel deploy + Neon DB DashClaw platform URL
Connect agent Install hooks / MCP / SDK Governed agent
Policy configuration Define policies in dashboard Policy rules
Active governance Hooks evaluate every tool call Decision records, approval queue items
Human approval Route to dashboard/CLI/Telegram/Discord Approval decision
Session analysis Code Sessions ingests Stop-hook data Optimal Files bundle
Apply optimization dashclaw code apply Updated CLAUDE.md + hooks + skills

Per-Action Governance Flow

Agent wants to execute action
         ↓
PreToolUse hook: dashclaw_pretool.py
         ↓
Semantic classification + risk scoring (dashclaw_agent_intel module)
         ↓
Policy evaluation (match policies, check risk threshold)
         ↓
Decision: Allow / Block / Hold-for-approval
         ↓
If "Hold": routes to approval queue (dashboard/CLI/mobile/Telegram/Discord)
         ↓
Human: Allow / Deny (one-tap)
         ↓
PostToolUse: record outcome

Durable Finality

Terminal action executes
         ↓
PostToolUse records outcome as "finalized"
         ↓
If agent retries: pre-tool check detects "already finalized"
         ↓
Block double-execution, return original result

Approval Gates

Gate Channel Type
Dashboard queue Web UI yes-no
CLI inbox dashclaw code apply yes-no
Mobile PWA Mobile web yes-no
Telegram Bot yes-no
Discord Bot yes-no

Code Sessions Optimization

Session completes (Stop hook fires)
         ↓
dashclaw_stop.py ingests transcript JSONL
         ↓
Spend priced, optimizer signals computed
         ↓
Optimal Files bundle distilled
         ↓
dashclaw code apply → writes CLAUDE.md + hooks + skills
06

Memory Context

DashClaw — Memory & Context

State Storage

Store Tech Content
Platform DB Neon PostgreSQL Decision records, policies, capabilities, approvals, audit log, sessions
Drizzle ORM drizzle/, schema/ DB schema management
Agent handoffs MCP tools Cross-session context handoffs

Durable Finality

The key memory primitive: terminal outcome records prevent double-execution:

  • dashclaw_record stores that action X was finalized
  • On retry: dashclaw_guard detects the prior finalization and returns the original result
  • PostgreSQL transaction guarantees atomicity

Cross-Session Handoffs

Three MCP tools for session handoffs:

  • dashclaw_handoff_create — store context for next agent/session
  • dashclaw_handoff_latest — retrieve latest handoff for agent
  • dashclaw_handoff_consume — mark handoff as consumed

Code Sessions Memory

Claude Code session transcripts are persisted and analyzed:

  • Stop hook ingests JSONL transcripts
  • Sessions searchable in dashboard
  • Optimal Files distilled and stored per project

Open Loops

  • dashclaw_loop_add — register an "open loop" (pending task)
  • dashclaw_loop_list — enumerate open loops
  • dashclaw_loop_close — mark loop as resolved

Learning

  • dashclaw_learning_log — record what the agent learned
  • dashclaw_learning_query — query learning history
  • dashclaw_decisions_recent — recent decision history

Compaction

Not addressed in public documentation.

07

Orchestration

DashClaw — Orchestration

Multi-Agent

Partial — DashClaw assigns distinct agent_id per host (Claude Code, Codex, Hermes) to separate sessions in Mission Control. Not a multi-agent orchestrator, but supports multiple governed agents.

Orchestration Pattern

None (DashClaw governs agents, doesn't orchestrate them).

Isolation Mechanism

Behavioral isolation via policies and capability registry. Not filesystem isolation.

Execution Mode

Event-driven — hooks fire synchronously on every tool call. PreToolUse has 1-hour timeout for human approval routing.

Multi-Model

No explicit multi-model routing. Works with any model via SDK/hooks.

Cross-Tool Portability

High — 3 integration paths cover:

  • Native hooks: Claude Code
  • Plugin: Claude Code, Codex, Hermes Agent
  • MCP: any MCP host (Claude Desktop, Managed Agents, etc.)
  • SDK: LangChain, CrewAI, AutoGen, LangGraph, OpenAI Agents
  • REST: any HTTP API

Consensus

None.

Prompt Chaining

Partial — dashclaw_handoff_* enables one agent session's context to feed the next.

08

Ui Cli Surface

DashClaw — UI & CLI Surface

CLI Binary

Exists: yes Name: dashclaw (via cli/bin/dashclaw.js) Package: dashclaw-platform v2.18.0 Key subcommands:

  • dashclaw install codex --project <path>
  • dashclaw code apply

Web Dashboard

Exists: yes Type: web-dashboard (full Next.js application) Port: configurable (self-hosted or Vercel deployment) Tech stack: Next.js + Neon PostgreSQL + Drizzle ORM + Tailwind CSS Features:

  • Approval queue (pending agent actions)
  • Audit log (replayable decision records)
  • Capabilities registry (external API wrapper rules)
  • Code Sessions analyzer (Claude Code session ingestion + optimization)
  • Agent monitoring
  • Policy management
  • Open loops tracker
  • Learning history

Mobile PWA

Exists: yes — approval routing to mobile PWA for one-tap allow/deny

Messaging Integrations

  • Telegram bot for approval routing
  • Discord bot for approval routing

MCP Server

Exists: yes Name: @dashclaw/mcp-server Install: npx @dashclaw/mcp-server Tools: 23 tools Protocol: stdio (local) or Streamable HTTP (/api/mcp on platform)

IDE Integration

Claude Code plugin at ~/.claude/plugins/dashclaw + hooks via npm run hooks:install.

REST API

Full OpenAPI spec at docs/openapi/critical-stable.openapi.json.

Demo

npx dashclaw-demo    # 10-second demo

Related frameworks

same archetype · same primary tool · same memory type

OpenHarness ★ 13k
A11 Governance

Open-source Python agent runtime providing complete harness infrastructure: tools, memory, governance, swarm coordination, and…

Trae Agent ★ 12k
A11 Governance

Research-friendly open-source CLI coding agent by ByteDance, designed for academic ablation studies and modular LLM provider…

Sweep AI ★ 7.7k
A11 Governance

Autonomous GitHub bot that converts issues to pull requests using a sequential multi-agent pipeline.

Agent Governance Toolkit (microsoft) ★ 2.3k
A11 Governance

Enterprise-grade AI agent governance: YAML policy enforcement, 12-vector prompt injection defense, zero-trust identity,…

TDD Guard ★ 2.1k
A11 Governance

Mechanically enforces the Red-Green-Refactor TDD cycle by blocking file writes that violate TDD principles via a PreToolUse hook…

Agentic Coding Flywheel Setup (ACFS) ★ 1.5k
A11 Governance

Take a complete beginner from laptop to three AI coding agents running on a VPS in 30 minutes via an idempotent manifest-driven…