Claw Patrol, an open‑source firewall for autonomous agents, is now available from Deno.
The project intercepts TCP streams over WireGuard or Tailscale, parses protocols like HTTP, PostgreSQL and SSH, and enforces allow/deny rules. Built in Go and configured with HCL, it runs as a proxy that can block destructive commands, require human approval, and log activity. Deno created it to protect the agents that automatically respond to PagerDuty alerts and modify production resources such as Kubernetes, GCP and ClickHouse.
The tool matters because existing proxies either focus on secret injection or lack deep protocol awareness, leaving a gap for teams that let LLM‑driven agents act on live systems. By inserting a granular guardrail, Claw Patrol reduces the risk of accidental data loss or service disruption while keeping automation fast.
It’s another piece of the emerging “LLM ops” stack, and it will be interesting to see if it gains traction beyond Deno’s internal workflows.