Supported Agents
GuardClaw works with 7 major coding agents out of the box.
| Agent | Integration | Pre-tool blocking | Approval flow |
|---|---|---|---|
| Claude Code | HTTP hooks | ✅ | ✅ |
| Codex CLI | Command hooks | ✅ | ✅ |
| Gemini CLI | HTTP hooks | ✅ | ✅ |
| OpenCode | HTTP hooks | ✅ | ✅ |
| OpenClaw | WebSocket plugin | ✅ | ✅ |
| Cursor | Shell hooks | ⚠️ shell only | ✅ |
| GitHub Copilot CLI | HTTP hooks | ✅ | ✅ |
Cursor note: File operations (read/write/edit) are not intercepted — only shell commands.
How Hooks Work
HTTP hooks (Claude Code, Gemini CLI, OpenCode, GitHub Copilot CLI)
GuardClaw registers as an HTTP hook handler. Before each tool call, the agent POSTs to localhost:3002/api/cc/pre-tool. GuardClaw scores the call and returns allow or block.
Install:
node scripts/install-claude-code.jsUninstall:
node scripts/install-claude-code.js --uninstallOpenClaw WebSocket plugin
The guardclaw-interceptor plugin hooks before_tool_call directly in the OpenClaw gateway. This enables pre-execution blocking of all tool types.
Install:
guardclaw plugin install
openclaw gateway restartCommand hooks (Codex CLI, Cursor)
GuardClaw wraps shell command execution. Shell commands are intercepted; file read/write operations are not.
Installing Hooks
The setup wizard (guardclaw setup) auto-detects installed agents and installs hooks with one confirm. You can also install manually per agent using the commands above.
After installing hooks, restart the target agent to activate them.