Enterprise open source

Agentic firewalling that keeps autonomy safe.

Clawgress is a purpose‑built network control plane for AI agents. It delivers DNS + egress enforcement, policy orchestration, and enterprise‑grade observability so autonomous systems can run safely in production.

Get ClawgressView Features
ISO / OVA / QCOW2Policy + API + CLILTS support available
Policy in motion
Agent
Clawgress
Allowed APIs
{ "version": 1, "allow": { "domains": ["api.openai.com"], "ports": [53, 80, 443] }, "labels": {"api.openai.com": "llm-provider"} }
Product

Built for agentic systems, not retrofitted.

Traditional firewalls assume humans at the keyboard. Clawgress assumes autonomous agents. It provides deterministic egress policy, DNS‑level enforcement, and a clean control plane for AI runtime safety.

Policy‑first egress

Allowlist domains, ports, and IPs with a single JSON policy.

DNS enforcement

RPZ‑backed DNS control with explicit deny reason logging.

Observability

Visibility into denies, labels, and applied policy state.

Features

Clawgress capability set.

VyOS‑based hardened appliance
bind9 RPZ enforcement
Policy engine + CLI/API
Forced DNS + egress firewall (53/80/443)
Logging + deny‑reason mapping
ISO / OVA / QCOW2 artifacts
Proxy/SNI allowlist mode
Per‑host policies
Agent telemetry (usage/denies/cache)
mTLS between gateways/agents
Rate limiting / shaping
Policy signing + approval workflow
Alerting + dashboards
Time‑based policy windows
Data exfiltration caps
Orchestration control plane (time‑boxed overrides)
Agent identity attestation
Dynamic tool‑permission broker
Policy simulation + drift detection
Per‑agent behavioral baselines
Capability‑scoped egress policies
Task‑bound egress sessions (auto‑expire)
Agent fleet policy templates
Policy change provenance + explainability
Agent network intent verification
Cross‑agent coordination guardrails
Adaptive egress throttling on anomaly
Multi‑model policy enforcement
Data classification‑aware egress
Human‑in‑the‑loop escalation gates
Federated policy sync (multi‑site)
Compromise response mode (kill‑switch)
API/CLI parity audit + gap workarounds
RBAC + scoped admin roles
IdP integration (SAML/OIDC)
API token lifecycle (expiry/rotation)
Centralized logging (syslog + SIEM JSON)
Audit report generator
Immutable audit log export (WORM/S3/GCS)
Alerting + incident hooks (SIEM/SOAR)
Per‑agent policy inheritance + overrides
Fleet‑aware identity model
Agent attestation + registration flow
Multi‑agent‑on‑VM mapping
HA pair + failover
Config backup/restore snapshots
SIEM connectors (Splunk/Sentinel/QRadar)
Compliance evidence pack (NIST/CIS)
Fed/State hardening guide (STIG/CIS)
FIPS‑ready crypto profile
Zero‑Trust defaults + continuous verification
JIT access controls (time‑boxed grants)
…and more!
Agentic Firewalling

Why agents need a firewall.

Agents can call tools, reach APIs, and explore the web. That power requires containment. Clawgress provides the missing layer of control: deterministic, auditable egress built for autonomous systems.

Least‑privilege by default

Ship with a strict baseline policy and expand only when required.

Explainable enforcement

Each deny is labeled so operators can reason about intent and risk.

Ops‑friendly

Standard Linux tooling with predictable network behavior.

Get Started

Deploy in minutes.

1

Download the ISO/OVA/QCOW2 image.

2

Boot and apply a minimal policy.

3

Route agent egress through Clawgress.

Download artifacts

Latest release assets (ISO / OVA / QCOW2):

Release downloadsSource repo
Support

LTS support built for enterprise + agentic AI teams.

Silver

Business‑hours support, security updates, and LTS patches.

Gold

Faster response SLAs, prioritized fixes, upgrade assistance.

Platinum

24/7 response, dedicated escalation, custom hardening.

Agentic AI Feed

Raw data streams of fixes, CVEs, and policy updates for real‑time agent integration.

Contact

Let’s talk.

General inquiries:

hello@clawgress.io

Security & responsible disclosure:

security@clawgress.io

Press:

press@clawgress.io