/products

Pick the surface that fits where you are.

Clampd ships as a suite. App devs wrap a client in one line. AI-coding-tool users drop in a hook. Security teams run the dashboard; ops lives in the CLI. All of them share the same gateway and the same 287 detection rules underneath.

★ Quickstart bundle

The starter bundle: SDK + dashboard + hosted gateway, in one signup.

If you want a turnkey on-ramp instead of picking individual products: sign in to app.clampd.dev, install the Python or TypeScript SDK with one line, get a free agent slot, and you're guarded. No infra to run, no Redis or Postgres to configure. Free under 25 agents and 500k tool calls/month. Upgrade only when you need OIDC SSO, compliance reports, or higher volume.

Start free → Self-host instead
# 1. Sign in to get an agent + secret # 2. Install pip install clampd # or npm install @clampd/sdk # 3. Wrap your client client = clampd.openai( OpenAI(), agent_id="my-agent", ) # Done.
Individual products
Picking the right integration path

There are five integration paths into the Clampd gateway, plus operational, testing, and reporting surfaces. Pick by where the AI lives in your stack:

Static analysis (CI, pre-merge)clampd-discover
Code you controlSDK (Python, TypeScript)
IDE coding agentsclampd-guard (Claude Code, Cursor)
AI coding agents in CI/CDclampd-action (Claude Code)
MCP servers (any transport)MCP proxy
Network edge (no code change)clampd-wire
Operations and auditDashboard, CLI, reports, replay
Security regressionclampd-redteam

SDK and clampd-wire are alternatives, not substitutes. Most enterprises end up running both: SDK for code they own, wire for shadow AI and unwrapped traffic. Discover ties them together by mapping every AI surface in the codebase.

SDK

App developers

One line to wrap your OpenAI / Anthropic / LangChain / CrewAI / Google ADK / MCP client. Every tool call goes through the gateway: 287 rules, scope tokens, behavioural baseline.

Languages: Python · TypeScript  (Go, Java planned)
Install: pip install clampd
Can't ship SDK changes? See clampd-wire below for code-free network-edge governance.
Read the SDK page →

clampd-guard

Claude Code · Cursor users

Pre/post tool-call hook for Claude Code (and Cursor, beta). No code changes in the IDE; install with cargo binstall. Every Bash, Read, Write, WebFetch verified before execution.

Targets: Claude Code · Cursor (beta)
Install: cargo binstall clampd-guard
Read the clampd-guard page →

MCP Proxy

Claude Desktop · MCP clients

Sits between LLM client and downstream MCP server. Every tools/list and tools/call routed through the gateway. Maps to OWASP MCP Top 10 (MCP02, MCP03, MCP05, MCP06, MCP10).

Modes: stdio proxy · TS proxy
Install: python -m clampd.mcp_server
For non-MCP HTTPS LLM traffic, see clampd-wire below.
Read the MCP page →

Dashboard

Security teams · Operators

17 pages: agents, kill switch, audit trail, policy editor with Monaco, custom rules, thresholds, tool descriptors, delegation graph, compliance reports, RBAC. Hosted at app.clampd.dev or self-hosted.

Stack: Next.js 16 · Fastify 5 · Drizzle · Postgres
Hosted: app.clampd.dev
Read the dashboard page →

clampd-cli

SREs · Security ops · Founders

Single binary. Manage agents, run policy imports, query the audit trail, drive emergency kills, manage API keys, run red-team test suites, and the live watch TUI dashboard (built with ratatui) for real-time risk monitoring from your terminal.

Commands: agent · audit · kill · policy · risk · watch (TUI) · test_suite
Build: cargo build -p clampd-cli --features tui
CLI docs →

clampd-redteam

Security testers · Vendor evaluators

556-payload regression corpus against the live Clampd gateway. 15 categories (SQL injection, RCE, LFI, prompt injection, exfil, encoding, XSS, SSRF, plus 40 deliberately safe inputs for FP testing). Public, runnable, no signup, results stream as Server-Sent Events.

Live at: redteam.clampd.dev
Today's score: 97.5% TPR · 5% FPR · ~60µs/payload
Run the suite →

clampd-action NEW

CI/CD · AI coding agents

Firewall for AI coding agents that run inside your pipeline. When Claude Code runs as a CI step, every tool call it makes (Bash, Read, Write, WebFetch) is routed through the gateway and verified before it executes. One secret, no infra to run, built on clampd-guard.

Runtimes: Claude Code
Install: uses: clampd/clampd-action@v1

clampd-discover PLANNED

Security · Platform · CISO inventory

Clampd Discover: shadow AI inventory. A command-line scanner that maps your AI surface in seconds. clampd scan <path> walks any repo, monorepo, or directory and finds every place an LLM SDK, framework, or agent runtime is used: OpenAI, Anthropic, Gemini, Bedrock, Vertex, Mistral, Cohere, LangChain, LangGraph, LlamaIndex, AutoGen, CrewAI, Semantic Kernel, Ollama, Transformers, vLLM, llama.cpp, and MCP servers (Cursor, Claude Code, Continue, Aider). For each finding, Discover names the model, identifies whether the call is already wrapped with Clampd or running as shadow AI, and recommends a Clampd bundle that would govern it. Output is JSON, SARIF (GitHub Code Scanning), or human-readable.

What it covers: 15+ LLM SDKs · 6 agent frameworks · MCP discovery via claude_desktop_config.json, .cursor/mcp.json, .continue/config.json · IDE-agent configs (.cursorrules, CLAUDE.md, .aider.conf.yml) · local-model use (Ollama, vLLM, llama.cpp).
CI-ready: SARIF + exit codes + baseline diff + GitHub Action wrapper. Privacy-safe: local-only by default; uploads send structured findings, never source.
Pairs with clampd-wire: auto-route every discovered agent through governance, no code change.

clampd-wire PLANNED

Security · Compliance · Platform teams

Wire Mode: catch every LLM call at the network edge, no SDK. Intercept every LLM call leaving your environment at the network edge. No SDK wrap, no code changes. Set HTTPS_PROXY once, install the per-org Clampd CA cert, and every prompt, tool call, and response from OpenAI, Anthropic, Gemini, Bedrock, Vertex, or self-hosted models passes through your governance pipeline. Same rules, same Cedar policies, same bundles as the SDK path. Streaming responses re-encoded in flight without buffering. This is how you cover shadow AI: agents Discover finds get routed through the same enforcement as the ones you wrapped by hand.

Phase 1 (shipping first): HTTPS_PROXY + CA · OpenAI & Anthropic parsers · streaming.
Roadmap: k8s sidecar (Envoy) · iptables NAT + TLS terminate · MDM-pushed config (Intune, Jamf) · browser extension · VPN endpoint · CASB integration (Zscaler, Netskope, Palo Alto).

clampd-reports PLANNED · PREMIUM

GRC · Compliance · Governance teams

Maintained compliance evidence: HIPAA, GDPR, SOC 2, PCI-DSS templates kept current as the regulations evolve. Scheduled monthly/quarterly delivery. Activity inventory: agents observed, tool descriptors observed, MCP endpoints with traffic, policy violations grouped by agent/time/category. The raw audit data lives in your own ClickHouse on every tier and is queryable directly. clampd-reports is the maintained alternative for teams who don't want to keep their templates current as compliance frameworks evolve.

You always own the data. Free tier: raw queryable audit trail in your storage.
Enterprise: maintained templates, scheduled delivery, exportable PDF/CSV, signed evidence packets.

clampd-replay PLANNED · PREMIUM

Forensics · Insurance · Regulators · Post-incident review

Pick any historical agent decision and reconstruct the full call: tool descriptors, params, matched rules, session-pattern flags, scope token issued, LLM-as-Judge verdict (if fired), final policy decision, downstream response. When an alert fires (kill, repeated denials, behavioural anomaly), Clampd auto-assembles every related decision, agent activity, scope grant, and delegation hop into a single timestamped, signed incident packet ready for legal hand-off, insurance claims, or regulator review. Multi-cluster federation across distributed deployments. Long-term retention beyond dashboard defaults. The underlying ClickHouse audit data is yours on every tier; clampd-replay is the templated workflow plus chain-of-custody signing infrastructure on top.

You always own the data. Free tier: raw audit data + manual reconstruction.
Enterprise: auto-packet generation, signed chain-of-custody, federation, long-term retention.

Deployment modes

The gateway behind every product runs in your environment of choice. Same code, same feature parity. Pick the operational fit:

Hosted SaaS · app.clampd.dev (zero infra) Docker Compose · 5 compose files (single, proxy, control, deploy, full) Kubernetes · Helm charts (planned) Air-gapped · on-prem, no telemetry Single binary · single-process gateway for low-volume / dev

See the setup page for the deployment-mode-specific install steps.

Licensing

What's open source, what's licensed

We publish a real subset of the code and ship the detection core as a licensed binary. Every tier runs the full security pipeline, we never gate whether an attack gets blocked. Here's exactly what's open, what's source-available, and what's proprietary.

Apache-2.0 · open source

Use it freely

OSI-approved, no usage restrictions. Wrap your agent and read every line.

  • Python SDK
  • TypeScript SDK
  • gRPC API definitions (proto)
BSL-1.1 · source-available

Read it, run it, audit it

Full source + tests published. Your security team can review every line before deploying.

  • ag-gateway, 9-stage request pipeline
  • ag-shadow, audit pipeline + PII masking
  • clampd-guard, Claude Code / Cursor hook
Proprietary · licensed

The detection core

Ships as licensed binaries. Free on the Design Partner tier; the license unlocks scale and governance.

  • ag-engine, 287 rules + rule packs
  • Policy, risk / anomaly, kill cascade
  • Scope tokens, intent, registry
  • Dashboard control plane + CLI

The license gates scale and governance, agent count, SSO/RBAC, multi-tenant, support, never detection. Browse the published code at github.com/clampd/clampd.