/products

Pick the surface that fits where you are.

Clampd ships as a suite. Each surface targets a different audience: app developers wrap a client; AI coding tool users install a hook; security teams operate a dashboard; ops uses a CLI. All share the same gateway and the same 264 detection rules underneath.

★ Quickstart bundle

The starter bundle: SDK + dashboard + hosted gateway, in one signup.

If you want a turnkey on-ramp instead of picking individual products: sign in to app.clampd.dev, install the Python or TypeScript SDK with one line, get a free agent slot, and you're guarded. No infra to run, no Redis or Postgres to configure. Free under 25 agents and 500k tool calls/month. Upgrade only when you need OIDC SSO, compliance reports, or higher volume.

Start free → Self-host instead
# 1. Sign in to get an agent + secret # 2. Install pip install clampd # or npm install @clampd/sdk # 3. Wrap your client client = clampd.openai( OpenAI(), agent_id="my-agent", ) # Done.
Individual products
Picking the right integration path

There are five integration paths into the Clampd gateway, plus operational, testing, and reporting surfaces. Pick by where the AI lives in your stack:

Static analysis (CI, pre-merge)clampd-discover
Code you controlSDK (Python, TypeScript)
IDE coding agentsclampd-guard (Claude Code, Cursor)
MCP servers (any transport)MCP proxy
Network edge (no code change)clampd-wire
Operations and auditDashboard, CLI, reports, replay
Security regressionclampd-redteam, clampd-actions

SDK and clampd-wire are alternatives, not substitutes. Most enterprises end up running both: SDK for code they own, wire for shadow AI and unwrapped traffic. Discover ties them together by mapping every AI surface in the codebase.

SDK

App developers

One line to wrap your OpenAI / Anthropic / LangChain / CrewAI / Google ADK / MCP client. Every tool call goes through the gateway: 264 rules, scope tokens, behavioural baseline.

Languages: Python · TypeScript  (Go, Java planned)
Install: pip install clampd
Can't ship SDK changes? See clampd-wire below for code-free network-edge governance.
Read the SDK page →

clampd-guard

Claude Code · Cursor users

Pre/post tool-call hook for Claude Code and Cursor. No code changes in the IDE; install with cargo binstall. Every Bash, Read, Write, WebFetch verified before execution.

Targets: Claude Code · Cursor
Install: cargo binstall clampd-guard
Read the clampd-guard page →

MCP Proxy

Claude Desktop · MCP clients

Sits between LLM client and downstream MCP server. Every tools/list and tools/call routed through the gateway. Maps to OWASP MCP Top 10 (MCP02, MCP03, MCP05, MCP06, MCP10).

Modes: stdio proxy · TS proxy
Install: python -m clampd.mcp_server
For non-MCP HTTPS LLM traffic, see clampd-wire below.
Read the MCP page →

Dashboard

Security teams · Operators

17 pages: agents, kill switch, audit trail, policy editor with Monaco, custom rules, thresholds, tool descriptors, delegation graph, compliance reports, RBAC. Hosted at app.clampd.dev or self-hosted.

Stack: Next.js 16 · Fastify 5 · Drizzle · Postgres
Hosted: app.clampd.dev
Read the dashboard page →

clampd-cli

SREs · Security ops · Founders

Single binary. Manage agents, run policy imports, query the audit trail, drive emergency kills, manage API keys, run red-team test suites, and the live watch TUI dashboard (built with ratatui) for real-time risk monitoring from your terminal.

Commands: agent · audit · kill · policy · risk · watch (TUI) · test_suite
Build: cargo build -p clampd-cli --features tui
CLI docs →

clampd-redteam

Security testers · Vendor evaluators

556-payload regression corpus against the live Clampd gateway. 15 categories (SQL injection, RCE, LFI, prompt injection, exfil, encoding, XSS, SSRF, plus 40 deliberately safe inputs for FP testing). Public, runnable, no signup, results stream as Server-Sent Events.

Live at: redteam.clampd.dev
Today's score: 97.5% TPR · 5% FPR · ~60µs/payload
Run the suite →

clampd-actions PLANNED

CI/CD · DevOps

GitHub Action / GitLab CI runner that fires the 556-payload regression corpus against your agent code on every PR. Snyk-shaped product for AI agent security testing in CI. Coming after the launch wave.

Status: Planned for v0.18+
Targets: GitHub Actions, GitLab CI, CircleCI

clampd-discover PLANNED

Security · Platform · CISO inventory

Clampd Discover: shadow AI inventory. A command-line scanner that maps your AI surface in seconds. clampd scan <path> walks any repo, monorepo, or directory and finds every place an LLM SDK, framework, or agent runtime is used: OpenAI, Anthropic, Gemini, Bedrock, Vertex, Mistral, Cohere, LangChain, LangGraph, LlamaIndex, AutoGen, CrewAI, Semantic Kernel, Ollama, Transformers, vLLM, llama.cpp, and MCP servers (Cursor, Claude Code, Continue, Aider). For each finding, Discover names the model, identifies whether the call is already wrapped with Clampd or running as shadow AI, and recommends a Clampd bundle that would govern it. Output is JSON, SARIF (GitHub Code Scanning), or human-readable.

What it covers: 15+ LLM SDKs · 6 agent frameworks · MCP discovery via claude_desktop_config.json, .cursor/mcp.json, .continue/config.json · IDE-agent configs (.cursorrules, CLAUDE.md, .aider.conf.yml) · local-model use (Ollama, vLLM, llama.cpp).
CI-ready: SARIF + exit codes + baseline diff + GitHub Action wrapper. Privacy-safe: local-only by default; uploads send structured findings, never source.
Pairs with clampd-wire: auto-route every discovered agent through governance, no code change. Discover what's there. Govern what matters.
Status: ~14 days from customer-signal validation.

clampd-wire PLANNED

Security · Compliance · Platform teams

Wire Mode: Universal AI Egress Governance. Intercept every LLM call leaving your environment at the network edge. No SDK wrap, no code changes. Set HTTPS_PROXY once, install the per-org Clampd CA cert, and every prompt, tool call, and response from OpenAI, Anthropic, Gemini, Bedrock, Vertex, or self-hosted models passes through your governance pipeline. Same rules, same Cedar policies, same bundles as the SDK path. Streaming responses re-encoded in flight without buffering. The defence against shadow AI: discovered ungoverned agents auto-flow through the same enforcement that governs your wrapped ones.

Deployment modes: HTTPS_PROXY + CA · k8s sidecar (Envoy) · iptables NAT + TLS terminate · MDM-pushed config (Intune, Jamf) · browser extension · VPN endpoint · CASB integration (Zscaler, Netskope, Palo Alto).
Status: 5-phase rollout. Phase 1 MVP (HTTPS_PROXY + OpenAI/Anthropic parsers + streaming) follows the launch wave; later phases add k8s, MDM/browser, additional providers, and TLS 1.3 ECH adaptation.

clampd-reports PLANNED · PREMIUM

GRC · Compliance · Governance teams

Maintained compliance evidence: HIPAA, GDPR, SOC 2, PCI-DSS templates kept current as the regulations evolve. Scheduled monthly/quarterly delivery. Activity inventory: agents observed, tool descriptors observed, MCP endpoints with traffic, policy violations grouped by agent/time/category. Source-available under BSL-1.1. The raw audit data lives in your own ClickHouse on every tier and is queryable directly. clampd-reports is the maintained alternative for teams who don't want to keep their templates current as compliance frameworks evolve.

You always own the data. Free tier: raw queryable audit trail in your storage.
Enterprise: maintained templates, scheduled delivery, exportable PDF/CSV, signed evidence packets.

clampd-replay PLANNED · PREMIUM

Forensics · Insurance · Regulators · Post-incident review

Pick any historical agent decision and reconstruct the full call: tool descriptors, params, matched rules, session-pattern flags, scope token issued, LLM-as-Judge verdict (if fired), final policy decision, downstream response. When an alert fires (kill, repeated denials, behavioural anomaly), Clampd auto-assembles every related decision, agent activity, scope grant, and delegation hop into a single timestamped, signed incident packet ready for legal hand-off, insurance claims, or regulator review. Multi-cluster federation across distributed deployments. Long-term retention beyond dashboard defaults. Source-available under BSL-1.1. The underlying ClickHouse audit data is yours on every tier; clampd-replay is the templated workflow plus chain-of-custody signing infrastructure on top.

You always own the data. Free tier: raw audit data + manual reconstruction.
Enterprise: auto-packet generation, signed chain-of-custody, federation, long-term retention.

Deployment modes

The gateway behind every product runs in your environment of choice. Same code, same feature parity. Pick the operational fit:

Hosted SaaS · app.clampd.dev (zero infra) Docker Compose · 5 compose files (single, proxy, control, deploy, full) Kubernetes · Helm charts (planned) Air-gapped · on-prem, no telemetry Single binary · single-process gateway for low-volume / dev

See the setup page for the deployment-mode-specific install steps.