Deploy Clampd on your infra

One Docker Compose command. All services + dashboard + infrastructure. Self-hosted. Your data never leaves your network.

Quick Start

Get Started in 3 Steps

Sign up, install the SDK, guard your agent's tool calls.

1

Sign up and get your API key

Create a free account on the dashboard. Register your agent and get your API key and agent secret immediately.

Sign Up Free

No credit card. No sales call. Free tier available.

2

Install the SDK

bash
# Python pip install clampd # TypeScript / Node.js npm install @clampd/sdk
3

Guard your agent

python
import clampd from openai import OpenAI # Initialize with your credentials from the dashboard clampd.init( agent_id="your-agent-id", gateway_url="https://gateway.clampd.dev", api_key="ag_your_api_key", secret="ags_your_secret", ) # Wrap your OpenAI client - all tool calls now go through Clampd client = clampd.openai(OpenAI()) # Works with Anthropic, LangChain, Google ADK too # client = clampd.anthropic(Anthropic())

Agent credentials are created in the Dashboard. Configure scopes, policies, and boundaries there.

Deployment

Deployment Options

Available now: Hosted platform at app.clampd.dev - sign up, register agents, install the SDK, and start guarding tool calls immediately. No infrastructure to manage.

OptionStatusDescription
Hosted PlatformAvailable nowDashboard + gateway hosted by Clampd. Sign up and start in minutes. Design Partner: 25 agents, 500K req/mo.
Docker ComposeAvailable nowSelf-hosted deployment with hardened Docker images. Full stack: 10 Rust services + Postgres + Redis + NATS. Compose files
Helm / KubernetesComing soonProduction-grade Kubernetes deployment with Ingress, TLS, external database support, and cert-manager integration.

Self-Hosted (Docker Compose)

Run the full stack on your own infrastructure. Zero data egress, fully air-gapped capable after one-time activation.

Setup
# 1. Get your license key https://license.clampd.dev # 2. Download compose files curl -fsSL https://raw.githubusercontent.com/clampd/clampd/main/docker/docker-compose.proxy.yml -o docker-compose.proxy.yml curl -fsSL https://raw.githubusercontent.com/clampd/clampd/main/docker/docker-compose.control.yml -o docker-compose.control.yml curl -fsSL https://raw.githubusercontent.com/clampd/clampd/main/docker/.env.example -o .env # 3. Configure (fill in your license key and generate secrets) nano .env # 4. Start services docker compose -f docker-compose.proxy.yml up -d docker compose -f docker-compose.control.yml up -d # 5. Activate license (one-time) clampd license activate --license "$CLAMPD_LICENSE_KEY"

Compose files: github.com/clampd/clampd/docker · Env template: .env.example

Licensing

How Licensing Works

Every Clampd service validates your license key on startup. No phone-home required - your key never leaves your network.

Design Partner access available. Sign up at license.clampd.dev to get your license key. SaaS dashboard at app.clampd.dev.

Design Partner License

LimitValue
DurationNo time limit
AgentsUp to 25
Requests500,000 / month
API keysUp to 5
IncludesAll features: 9-stage pipeline, 263 rules, anomaly detection, kill switch, PII masking, compliance reports, CLI, SDKs, dashboard, A2A, scope tokens, SSO
SupportEmail (support@clampd.dev)

Enterprise License

LimitValue
DurationAnnual (renewable), 30-day grace period
AgentsLicense-configured
RequestsLicense-configured
Retention90+ days
IncludesEverything in Design Partner + RBAC + SSO + multi-tenant isolation
SupportEmail (support@clampd.dev)

Security

License validation is fully offline - your key never leaves your network. No SaaS dependency, no phone-home. If a license check fails, the service refuses to start. No dev mode. No bypass flags.

Configuration

Environment Variables

All services read configuration from environment variables. Set them in your .env file or pass directly.

Required (.env)

.env
# License (required - from https://clampd.dev/setup) CLAMPD_LICENSE_KEY=your_license_key_here # Security - all required. Generate with: openssl rand -hex 32 JWT_SECRET=$(openssl rand -hex 32) AG_INTERNAL_SECRET=$(openssl rand -hex 64) NATS_TOKEN=$(openssl rand -hex 32) # Database & cache POSTGRES_PASSWORD=$(openssl rand -hex 16) REDIS_PASSWORD=$(openssl rand -hex 16)

Full configuration reference is included in the deployment package.

Activation

License Activation

One-time activation required. Clampd binds your license to your installation on first startup. After activation, all services run fully offline - no network calls to clampd.dev.

Outbound connection: https://license.clampd.dev/v1/activate (HTTPS, port 443, one-time only)

Online Activation

bash
# Get your license key from license.clampd.dev clampd license activate --license "your_license_jwt" # Verify clampd license status

Air-Gapped Activation

For environments that cannot make outbound connections:

  1. Run clampd license fingerprint on the target machine
  2. Copy the output to the license portal at license.clampd.dev (or email to support@clampd.dev)
  3. Download the activation token
  4. Transfer the token file to the target machine
  5. Run clampd license activate-offline --activation-token "$(cat activation_token.json)" --license "$CLAMPD_LICENSE_KEY"
bash
Machine Fingerprint: Hash: a1b2c3d4e5f6... Installation ID: a1b2c3d4-e5f6-... Hostname: prod-host-01 Copy this to the license portal for air-gapped activation.

Migration

To move your license to a new machine:

bash
# On the old machine clampd license deactivate # On the new machine clampd license activate --license "your_license_jwt"
CLI

CLI Tool

The clampd CLI connects to your cluster for agent management, policy control, kill switch, compliance reports, and real-time monitoring. Multi-context support - switch between local, staging, and production like kubectl.

Download (v0.9.0)

PlatformArchitectureCLIGuard
Linuxx86_64clampd-linux-amd64.tar.gzclampd-guard-linux-amd64.tar.gz
LinuxARM64clampd-linux-arm64.tar.gzclampd-guard-linux-arm64.tar.gz
Windowsx86_64clampd-windows-amd64.zipclampd-guard-windows-amd64.zip
macOSApple SiliconBuild from source: cargo install --git https://github.com/clampd/clampd --path src/clampd-guard

SHA256 checksums

Quick Install

bash
# CLI curl -fsSL https://clampd.dev/install.sh | sh # Claude Code / Cursor guard curl -fsSL https://clampd.dev/install-guard.sh | sh # Verify clampd --version

Setup

bash
# Activate with your license (from app.clampd.dev signup) clampd activate --license "your_license_jwt" # Or configure manually clampd context set local --field dashboard_url --value https://api.clampd.dev clampd context set local --field gateway_url --value https://gateway.clampd.dev # Verify connection clampd cluster status

Commands

CommandDescription
agent list|get|register|suspend|killAgent lifecycle management
agent link|graph|lock-graphA2A delegation control
policy list|create|rulesPolicy and rule management (Cedar + Sigma import)
keyword list|add|import-csvCustom keyword dictionary
kill agent|all|listEmergency kill switch
compliance run --framework soc2SOC2/HIPAA/GDPR compliance reports
audit list|exportAudit trail queries and export
test --verboseRed team test suite (24 attack vectors)
context add|use|listMulti-cluster context switching
apikey create|revokeAPI key management
license fingerprintMachine fingerprint for air-gapped activation
license activate-machine|activate-offlineLicense activation (online or air-gapped)
license status|deactivateLicense status and migration
Need Help?

Support

Support: support@clampd.dev
Sales: sales@clampd.dev