dashclaw
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| DASHCLAW_URL | Yes | The URL of your DashClaw instance (e.g., https://your-dashclaw.vercel.app). | |
| DASHCLAW_API_KEY | Yes | Your DashClaw API key (e.g., oc_live_xxx). |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| resources | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| dashclaw_guardA | Evaluate DashClaw governance policies before taking a risky action. Call this BEFORE any action that modifies external systems, deploys code, sends messages, or touches production data. Returns a decision: "allow" (proceed), "warn" (proceed with caution), "block" (stop), or "require_approval" (wait for human in Mission Control). If the decision is "block", do NOT proceed with the action. |
| dashclaw_recordA | Record a governed action in DashClaw's audit trail. Use this to log significant decisions, completed tasks, or notable outcomes. Every important action the agent takes should be recorded for governance visibility in Mission Control and the Decisions ledger. |
| dashclaw_invokeA | Invoke a DashClaw-governed capability (external API). The capability is guarded (policy check), executed (HTTP call), and recorded (audit trail) automatically. Use this instead of making direct HTTP calls when the target API is registered as a DashClaw capability. Call dashclaw_capabilities_list first to discover available capability IDs. |
| dashclaw_capabilities_listA | List available capabilities registered in DashClaw. Use this to discover what external APIs and tools are available before invoking them. Returns capability IDs, names, health status, and risk levels. Filter by category, risk level, or search term. |
| dashclaw_policies_listA | List active governance policies. Use this to understand what rules govern your actions before taking them. Helps calibrate risk scores and know which action types require approval. Optionally filter to policies applying to a specific agent. |
| dashclaw_wait_for_approvalA | Wait for a human to approve or deny a pending action in DashClaw Mission Control. Call this after a guard decision returns "require_approval" or after recording an action with status "pending_approval". Polls the action status until it changes. Default timeout is 300 seconds (5 minutes). |
| dashclaw_session_startA | Register this agent session with DashClaw. Creates a session record that groups all subsequent actions for tracking and observability. Call this at the beginning of a task to establish a governance boundary. |
| dashclaw_session_endA | Close a DashClaw session and update its status. Call this when the task is complete or if the session needs to be marked as failed. Provides a clean lifecycle boundary for governance reporting in Mission Control. |
| dashclaw_optimal_files_previewA | Preview the Optimal Files bundle DashClaw Code Sessions would generate for a given session. Returns the per-file plan with confidence, secret-scan, and overwrite-risk flags. Read-only — does NOT write to disk; pair with dashclaw_optimal_files_manifest to persist a chosen subset. |
| dashclaw_optimal_files_manifestA | Persist a write plan for selected Optimal Files entries. Returns { manifest_id, expires_at, apply_command }. The local CLI invokes |
| dashclaw_handoff_createA | Create a session handoff bundle for the next session of this agent to consume on start. Call this when wrapping up — include a 1-2 sentence summary, any open loops, decisions made, and freeform state you want the next session to see. |
| dashclaw_handoff_latestB | Fetch the latest unconsumed session handoff for this agent (+ project, optional). Call this on session start to pick up where the last session left off. Returns null if no handoff is waiting. |
| dashclaw_handoff_consumeA | Mark a handoff as consumed. Call after dashclaw_handoff_latest returns a bundle and you have processed it. Idempotent. |
| dashclaw_secret_listA | List tracked secrets (metadata only — no values). Returns each entry with name, rotation interval, last_rotated_at, and computed next_rotation_due. |
| dashclaw_secret_dueA | List secrets coming due for rotation. Call this BEFORE acting on credentials. If a credential you would use is in the result, flag the operator rather than proceeding. |
| dashclaw_secret_mark_rotatedA | Mark a tracked secret as rotated (sets last_rotated_at = now). Agents only call this if the operator instructs; secret registration is an operator task. |
| dashclaw_skill_scanA | Run a static safety scan against the contents of an untrusted skill before loading it. Returns findings (severity, file, line) and a passed boolean. If passed=false, do NOT load the skill — show the findings to the operator. |
| dashclaw_loop_addA | Register an open loop on a parent action — a commitment made in conversation that needs follow-up. Use when you say "I will X later" so the loop is tracked outside of context. Loops are action-scoped; action_id is required. |
| dashclaw_loop_listB | List open (or resolved) loops with optional filters. Use on session start to remember what you promised to follow up on. |
| dashclaw_loop_closeA | Resolve an open loop. Call when the followed-up-on item is complete. Requires the loop_id and a short resolution note. |
| dashclaw_assumption_recordA | Record an assumption you are acting on — something you treat as true but have not verified (e.g. "staging tests passed", "no active legal hold on this record"). Attach it to the action whose decision rests on it so operators can later validate or refute it and staleness drift is tracked. Call right after the action that depends on the belief. |
| dashclaw_learning_logA | Log a decision + outcome to the learning database. Use after making a non-obvious decision so future sessions can recall the reasoning and outcome. |
| dashclaw_learning_queryA | Query the learning database for prior decisions and lessons. Use BEFORE making a decision similar to one you might have made before. |
| dashclaw_decisions_recentB | Query the guardrail decisions ledger for recent governed actions. Filter by agent, action type, decision verdict, or time window. Use for in-session retrospection — "what have I done recently?" |
| dashclaw_behavior_suggestionsA | List DashClaw Policy Coach suggestions — evidence-backed, observe-only policy suggestions the analyzer learned from this agent's locally-recorded behavior (destructive commands, protected-path writes, repeated reloads, failed loops, model/task mismatches, and the safe operating envelope). Read-only: each suggestion carries confidence, sample size, evidence, and expected effect. Review, simulate, and adopt them from the Policy Coach UI — nothing is enforced automatically. |
| dashclaw_inbox_listA | List this agent's DashClaw inbox messages and unread count. Use at the start of a session, or when notified, to see governance messages, lessons, questions, and status updates addressed to you before deciding what to do next. Each message includes an is_read flag; the response also carries the total unread_count. Pair with dashclaw_messages_mark_read once you have processed them. |
| dashclaw_messages_mark_readA | Mark one or more DashClaw inbox messages as read for this agent. Call after processing messages from dashclaw_inbox_list so they stop reappearing as unread. Direct messages are marked read for the target agent; broadcasts record this agent in read_by. Returns { updated: }. |
| dashclaw_pairA | Enroll this agent's cryptographic identity with DashClaw (operator pairing requests in your inbox ask for exactly this). Generates an RSA-2048 keypair locally, stores the PRIVATE key on this machine only (~/.dashclaw/identity/.pem — never logged, never sent), and POSTs the public key to /api/pairings. An admin then approves the pairing, which creates the agent identity and lets your recorded actions be signature-verified. Set wait:true to poll until approved/expired (max 5 min). After pairing, mark the request message read via dashclaw_messages_mark_read. |
| dashclaw_postureA | Read the org-wide governance posture score (0-100) and its prioritized remediation queue. Returns the gaming-resistant score, the six dimension breakdowns (identity, enforcement, spend, auditability, approval, data_protection), and the open findings (each with severity, points recoverable, evidence, and the prefilled fix). Read-only governance retrospection — "how well is my fleet actually governed, and what is the highest-leverage gap?" Resolving findings is operator-driven (UI/CLI); an agent can observe gaps but never activates enforcement. |
| dashclaw_posture_nextA | Return the single highest-priority open governance gap (the top of the posture remediation queue) with its severity, points recoverable, evidence, and prefilled fix. Use for "what is the one governance gap I should close next?" Read-only — preparing or activating the fix is operator-driven, not agent-driven. |
| dashclaw_work_order_submitA | Submit a DashClaw work order: a typed, budget-capped unit of agent work governed by policy. The order is validated against the registered contract for its type, guard-gated (may be blocked or parked for human approval), then queued for any worker to claim. Returns work_order_id + status + the guard decision. |
| dashclaw_work_order_statusA | Check a DashClaw work order: current lifecycle status, worker, guard decision, and — once terminal — the self-verifying receipt (cost, output hash, governance trail). |
| list_projectsA | List all known projects and which one is currently selected. |
| create_projectC | Create a new project in the default workspace. |
| select_projectA | Set the active project used by tools that omit an explicit project arg. |
| get_project_contextA | THE tool to call FIRST. Returns the full production context for a project/environment: GitHub repo, Vercel project + live latest deployment status/URL/failure, Supabase project, Stripe mode, what is allowed / blocked / approval-required, project memory, recent audit history, suggested safe next actions, and a human-readable summary. Pass |
| export_contextC | Export a versioned project context snapshot as JSON or Markdown. |
| add_environmentB | Add an environment (e.g. staging, production) to a project. |
| list_environmentsA | List environments for a project. |
| map_provider_resourceB | Bind a provider resource to a project environment. Examples of |
| list_provider_mappingsA | List all environment→provider-resource mappings for a project. |
| get_provider_mappingC | Get the concrete provider resource mapped to a given environment. |
| list_connectionsA | List configured provider connections. Secrets are never returned; only env var names are shown. |
| create_connectionB | Create an explicit provider connection backed by an environment variable. The secret value is never stored. |
| set_app_env_varsA | Set multiple environment variables on the mapped Vercel or Railway app under one governed env_change action. Values are sent to the target provider but are not included in DashClaw/audit summaries. Production changes require approval by default. |
| check_policyA | Ask whether a capability (read/write/deploy/env_change/delete/destructive_sql/purchase) is allowed, blocked, or requires approval for a provider in an environment — WITHOUT executing anything. |
| simulate_actionC | Simulate a provider capability in an environment without executing a provider call or writing audit entries. |
| list_policy_rulesA | List explicit policy rules (highest priority first). Built-in defaults also apply. |
| set_policy_ruleA | Add an explicit policy rule that overrides defaults. Higher priority wins. Use this to approve something normally gated (effect:'allow') or to tighten further (effect:'block'). |
| list_pending_approvalsC | List approval requests created by gated provider actions. |
| doctorA | Run local readiness checks: project/environment resolution, mappings, credential env vars, and audit writability. When DASHCLAW_URL and DASHCLAW_API_KEY are configured, the result also includes a read-only |
| approve_actionA | Approve a pending action request for one matching rerun. This never executes the provider call by itself; rerun the original action after approval. |
| reject_actionA | Reject a pending action request so it cannot be approved later. |
| read_project_memoryA | Read short notes saved for a project (optionally scoped to one environment). |
| write_project_memoryA | Save a short note for a project/environment so future agent sessions know what happened (e.g. 'Last Vercel deploy failed because DATABASE_URL was missing'). |
| list_audit_logB | List recent audit entries (every provider action is logged here). Filter by project, environment, provider. |
| export_audit_logC | Export recent audit entries as jsonl, csv, or markdown. |
| dashclaw_statusA | Check DashClaw authoritative gate configuration and reachability. |
| dashclaw_recent_decisionsC | Read recent DashClaw guard decisions scoped to project/environment when supported by DashClaw. |
| export_dashclaw_evidenceC | Export local audit entries that include DashClaw guard/evidence metadata. |
| explain_action_riskC | Dry-run local policy and DashClaw guard context for a provider action without executing it. |
| governed_action_summaryC | Summarize recent local audit entries with DashClaw correlation fields. |
| get_app_logsA | Fetch application/deployment logs for a project environment from the mapped provider(s). If |
| get_latest_deployment_logsA | Convenience: find the latest deployment for the mapped provider (default Vercel) and fetch its logs. Returns deployment status + logs. Read-only and audited. |
| create_launch_planA | Create a stateful launch plan for a project: an ordered step checklist derived from the launch playbook for the declared stack (subset of: domain, vercel, neon, stripe, resend, clerk, upstash, r2, sentry, posthog). Plans TRACK the launch — each step names the existing guarded tool that performs it and a machine-evaluable reality check; nothing is executed by this tool. Stored locally under .dashclaw-local/launches/. |
| get_launch_statusA | Load a launch plan and report done / pending / blocked-on-approval / failed per step plus THE single next action. Completion is verified, not self-reported: every step's reality check is re-evaluated against provider/local state (reads only, audited), so a crashed session cannot leave phantom done marks. Resumable across sessions. |
| preflight_launchA | Run before step 1 — verifies the declared stack is actually launchable: provider tokens present AND valid (cheap authenticated read each), mappings complete, Stripe mode sanity (live vs test key for the target environment), Namecheap client IP whitelisted. Returns pass/fail per check with remediation hints. Run before any money is spent. |
| verify_launchA | Run after the last step — end-to-end verification that the launch actually works: domain resolves, latest deployment READY, required env vars present on the app, Stripe webhook enabled, email sending domain verified. Reads only, audited. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| DashClaw Policies | Current active governance policy set for the organization. |
| DashClaw Capabilities | Available capabilities and their health status. |
| DashClaw Status | Instance health and operational summary metrics. |
| Code Sessions Projects | All Claude Code projects with ingested session data plus per-project rollups. |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/ucsandman/DashClaw'
If you have feedback or need assistance with the MCP directory API, please join our Discord server