원클릭으로
setup-dashclaw
Set up a DashClaw instance, install the CLI tool, and configure Claude Code hooks
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Set up a DashClaw instance, install the CLI tool, and configure Claude Code hooks
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
The single command that gets a DashClaw change ON MAIN AND LIVE — it resolves everything blocking production, never defers, and never hands back a checklist. Lands feature branches on main (rebase, gate, merge, push so Vercel deploys), bumps the unified platform+SDK version, and realigns every *description* of the system with the live code: README, PROJECT_DETAILS, SDK READMEs, /docs, generated artifacts (API inventory, OpenAPI, download bundles), plugins/skills/hooks/MCP, marketing/landing pages, the drift-prone hardcoded counts (routes, SDK methods, MCP tools/resources, guard policies) and stale freshness date-stamps. The one step it can't finish itself is the credential-gated SDK publish (`npm run release:sdks`). Use whenever the user wants to ship, land, or finish a change — get it on main, make it live, cut a release, bump the version, refresh all the docs, make everything accurate, fix wrong counts or old dates. Not for building or debugging the feature itself.
Governance behavior for AI agents governed by DashClaw. Teaches the governance protocol: when to call guard (risk thresholds), how to interpret decisions (allow/warn/block/require_approval), when to record actions, how to wait for approvals, and session lifecycle management. Loads org-specific policies and capabilities from MCP resources at session start. Use with @dashclaw/mcp-server. Trigger on: governed agent, dashclaw governance, guard policy, approval wait, governed capability, risk threshold, action recording, session lifecycle.
Human-in-the-loop approval workflows for governed agent actions
Governance behavior for AI agents governed by DashClaw. Teaches the governance protocol: when to call guard (risk thresholds), how to interpret decisions (allow/warn/block/require_approval), when to record actions, how to wait for approvals, and session lifecycle management. Loads org-specific policies and capabilities from MCP resources at session start. Use with @dashclaw/mcp-server. Trigger on: governed agent, dashclaw governance, guard policy, approval wait, governed capability, risk threshold, action recording, session lifecycle.
Use when the user needs to run GitNexus CLI commands like analyze/index a repo, check status, clean the index, generate a wiki, or list indexed repos. Examples: "Index this repo", "Reanalyze the codebase", "Generate a wiki"
Use when the user asks about GitNexus itself — available tools, how to query the knowledge graph, MCP resources, graph schema, or workflow reference. Examples: "What GitNexus tools are available?", "How do I use GitNexus?"
| name | setup-dashclaw |
| description | Set up a DashClaw instance, install the CLI tool, and configure Claude Code hooks |
| license | MIT |
| metadata | {"author":"ucsandman","version":"1.0.0","category":"setup"} |
Three ways to get DashClaw running, plus CLI and Claude Code hook setup.
# Clone the repo
git clone git@github.com:ucsandman/DashClaw.git
cd DashClaw
# Install dependencies
npm install
# Run interactive setup (creates .env, initializes database)
node scripts/setup.mjs
# Start dev server
npm run dev
# → http://localhost:3000
Required environment variables (.env):
DATABASE_URL=postgresql://user:pass@localhost:5432/dashclaw
ENCRYPTION_KEY=<32-char-random-string>
NEXTAUTH_URL=http://localhost:3000
NEXTAUTH_SECRET=<32-char-random-string>
DASHCLAW_API_KEY=<your-api-key>
DASHCLAW_MODE=self_host
DATABASE_URL in Vercel environment variablesnode scripts/setup.mjs locally pointing to your cloud instancenpx dashclaw-demo
# Runs a local demo instance with fixture data
# Opens Decision Replay automatically
# Agent attempts risky deployment, DashClaw blocks it
Demo mode is read-only — no writes allowed. Good for exploring the UI.
# Health check
curl http://localhost:3000/api/health
# Expected response:
# { "status": "ok", "database": "connected", "version": "2.x.x" }
Visit http://localhost:3000/setup for the instance readiness verification page.
The @dashclaw/cli provides terminal-based approval workflows.
npm install -g @dashclaw/cli
export DASHCLAW_BASE_URL=http://localhost:3000
export DASHCLAW_API_KEY=your-api-key
# Optional: export DASHCLAW_AGENT_ID=cli-operator
# Interactive approval inbox (TUI with live updates)
dashclaw approvals
# Approve a specific action
dashclaw approve act_abc123 --reason "Reviewed and safe"
# Deny a specific action
dashclaw deny act_abc123 --reason "Risk too high for current sprint"
# Help
dashclaw help
| Key | Action |
|---|---|
↑/↓ | Navigate approvals |
A | Approve selected |
D | Deny selected |
R | Refresh list |
O | Open replay link in browser |
Q | Quit |
Risk scores are color-coded: green (<40), yellow (40-70), red (70+).
DashClaw provides pre/post tool hooks for Claude Code that create a policy-enforced execution pipeline. Hooks v2 govern 40+ tool types (not just Bash/Edit/Write/MultiEdit) with semantic classification via the bundled dashclaw_agent_intel module.
Claude Code Tool Call (Bash/Edit/Write/MultiEdit)
↓
[PreToolUse: dashclaw_pretool.py]
→ Classify action (type, risk, systems)
→ POST to /api/guard
→ Allow / Warn / Block / Require Approval
→ Store action_id in temp file
↓
[Tool Executes] (unless blocked)
↓
[PostToolUse: dashclaw_posttool.py]
→ Read action_id from temp file
→ Determine outcome (completed/failed)
→ PATCH /api/actions/:id with result
↓
Full audit trail in DashClaw dashboard
Recommended: use the one-command installer from your DashClaw checkout:
node /path/to/DashClaw/scripts/install-hooks.mjs --target=.
This copies all three governance hooks (dashclaw_pretool.py, dashclaw_posttool.py, dashclaw_stop.py) and the dashclaw_agent_intel/ Python module into .claude/hooks/, then merges the PreToolUse / PostToolUse / Stop blocks into .claude/settings.json. Idempotent — safe to re-run after each git pull.
Manual install (if you need to control file placement):
.claude/hooks/ directory:mkdir -p .claude/hooks
cp /path/to/DashClaw/hooks/dashclaw_pretool.py .claude/hooks/
cp /path/to/DashClaw/hooks/dashclaw_posttool.py .claude/hooks/
cp /path/to/DashClaw/hooks/dashclaw_stop.py .claude/hooks/
cp -r /path/to/DashClaw/hooks/dashclaw_agent_intel .claude/hooks/
The dashclaw_agent_intel/ module is required — dashclaw_pretool.py imports it for semantic tool classification, so omitting it raises ImportError on the first governed tool call.
.claude/settings.json — three entries are needed: PreToolUse (governance gate), PostToolUse (outcome recorder), and Stop (LLM token + cost capture, plus auto-close fallback for any actions that PostToolUse missed):{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash|Edit|Write|MultiEdit",
"hooks": [
{
"type": "command",
"command": "python .claude/hooks/dashclaw_pretool.py",
"timeout": 3660
}
]
}
],
"PostToolUse": [
{
"matcher": "Bash|Edit|Write|MultiEdit",
"hooks": [
{
"type": "command",
"command": "python .claude/hooks/dashclaw_posttool.py"
}
]
}
],
"Stop": [
{
"hooks": [
{
"type": "command",
"command": "python .claude/hooks/dashclaw_stop.py"
}
]
}
]
}
}
export DASHCLAW_BASE_URL=http://localhost:3000
export DASHCLAW_API_KEY=your-api-key
export DASHCLAW_AGENT_ID=claude-code
export DASHCLAW_HOOK_MODE=observe # Start with observe, switch to enforce later
export DASHCLAW_RISK_THRESHOLD=60 # Default risk threshold
export DASHCLAW_GOVERNED_CATEGORIES=all # Comma-separated tool categories or "all"
export DASHCLAW_PERMISSION_MODE=standard # standard | elevated | admin
observe — Logs all decisions but never blocks. Use this first to understand what would be caught.enforce — Blocks tool execution when guard returns block or approval is denied/times out.The pretool automatically classifies tool calls:
Bash commands:
| Pattern | Action Type | Risk | Reversible |
|---|---|---|---|
git push, git merge, git rebase | deploy | 80 | false |
npm run deploy, vercel deploy | deploy | 75-85 | false |
terraform apply | deploy | 85 | false |
rm -rf, DROP TABLE | security | 90 | false |
.env, secret, key file access | security | 85 | false |
npm install, pip install | build | 30 | true |
curl, wget | api | 40 | true |
File operations (Edit/Write/MultiEdit):
| File Pattern | Action Type | Risk |
|---|---|---|
.env, secrets, credentials | security | 85 |
migration, schema | migrate | 70 |
auth, middleware | security | 75 |
| Other files | file_write | 15 |
When the guard returns require_approval, the pretool polls for 30 seconds. If no decision is made, the tool is blocked (enforce mode) or allowed (observe mode).
Use dashclaw approvals in another terminal to approve in real-time.
If DashClaw is unreachable (missing env vars, server down, network error), hooks exit 0 and allow tool execution. The hooks never break your development workflow.
Hooks v2 emit 4 additional signal types during guard evaluation:
permission_escalation — triggered when the action requires elevated permissionsgreen_contract — triggered when test verification is required before executionbranch_freshness — triggered when the target branch is stale relative to its remoterecovery_recipe — returned with blocked decisions, providing actionable remediation stepsMonitor these signals in the DashClaw dashboard or via the /api/signals endpoint.
For long-running Claude Code sessions, create a session to enable lifecycle tracking and recovery:
# Sessions are created automatically by hooks when DASHCLAW_SESSION_TRACKING=true
export DASHCLAW_SESSION_TRACKING=true
Session tracking is optional. When enabled, the pretool hook creates a session on first invocation and reports status updates throughout the session. If a session is interrupted, DashClaw records the last checkpoint for recovery.