Ask HN: "Claws" and Human-in-the-Loop Safety

Hi all-

I built Sandclaw (https://github.com/qix/sandclaw) to test an idea of having a human in the loop on any write path that the agent might do. The core agent has access to read anything, but other than to the LLM provider that information is securely firewalled off.

Over time I can loosen the firewall, and allow safer actions (i.e. adding a task to my todo list is always safe), and perhaps build smarter checks to allow more autonomy. But the `DEFAULT DENY` to sending/deleting emails, browsing untrusted websites, or running shell commands.

Is there any project that actually does this? I've been searching but it looks like all the options focus on letting the agent handle when to ask, which feels... problematic.

1 points | by qixxiq 1 hour ago

1 comments

  • r_thambapillai 1 hour ago
    Credal.ai actually does this for Enterprise usecases today (disclaimer: i am the founder). We use mostly the MCP framework, but you can set rules for human in the loop (HITL) based on the arguments for a tool call. (e.g. sending an email to yourself or your team is ok without HITL, but if anyone else is in to, cc or bcc then HITL is needed)