Skip to main content
Clawb is an agent control plane for production systems. When an agent asks your system to do something sensitive (refund money, deploy to prod, call a paid API), your backend uses Clawb’s control plane to verify identity and enforce a policy decision:
  • allow → proceed
  • challenge → require extra proof (human approval, 2FA, business-hours rule, telemetry threshold, etc.)
  • deny → block

What Clawb controls at runtime

  • Identity verification: verify signed agent requests (/v1/verify).
  • Policy decisioning: evaluate action context and return allow | challenge | deny (/v1/check).
  • Bounded credentials: mint short-lived credentials for follow-on provider calls.
  • Audit + incident response: query/export evidence and use kill switch controls during incidents.

60-second integration path

  1. Create and attest an agent passport (agent_id + key).
  2. Verify inbound signed requests in your backend service or gateway.
  3. Call /v1/check immediately before sensitive actions.
  4. Enforce allow | challenge | deny in code.
  5. Capture trace/audit signals and wire incident controls.

Decision semantics

DecisionWhat your service should do
allowExecute the action (and enforce any returned constraints).
challengePause execution and route to an approval/step-up workflow.
denyBlock execution and return a safe error response.

Who this is for

Backend integrators, enterprise backend teams, and platform/security teams shipping agent-powered production systems.

Start here