Introduction
ClawNex is an AI Agent Fleet Security Operations Center (SOC) — a real-time dashboard that monitors, scans, and secures AI agent fleets. It sits between AI agents and their LLM providers, scanning every prompt and response through ClawNex Shield Rules and surfacing fleet-wide visibility in a single pane of glass.
Public alpha: v0.15.0-alpha | License: Apache 2.0 | Domain: clawnexai.com
Key Capabilities
- ClawNex Shield Rules — 163 built-in rules across 10 categories covering secrets, commands, jailbreaks, C2, steganography, encoding attacks, cognitive tampering, trust exploitation, sensitive paths, and financial data
- Operator Dashboard — organized into Command, Security, Defense, Activity, Governance, Performance, Operations, Compliance, and System groups
- 5 Operator Roles — Admin, Security Manager, Operator, Viewer, Auditor with 32 granular permissions
- Multi-Provider Sign-In — operator login via passkeys (WebAuthn), GitHub OAuth, magic-link email, plus a local-password break-glass fallback
- Three-layer Detection — pre-call scan (blocks), post-call scan (detects), retroactive session analysis (catches gaps)
- MCP Server — Model Context Protocol integration for AI assistants like Claude Code
- Public REST API — API key-authenticated endpoints for automations, CI/CD, and SIEM integrations
- OpenAI-compatible Endpoint — drop-in replacement with automatic shield scanning
Architecture
ClawNex runs two services on a single host:
| Service | Technology | Port | Role |
|---|---|---|---|
| ClawNex Dashboard | Next.js 16 / Node.js | 5001 | Web UI, API backend, shield engine, session watcher |
| LiteLLM Proxy | Python 3.10+ / LiteLLM 1.83.0 | 4001 | LLM traffic proxy with pre-call blocking |
Both services share a single SQLite database and communicate via HTTP on localhost.