Why SafeClaw Is Open Source and Always Will Be

Why SafeClaw Is Open Source and Always Will Be

SafeClaw is licensed under the MIT license. Every line of the client -- the agent runner, the gateway, the classifier, the policy engine, the audit ledger, the dashboard, and all 446 tests -- is published at github.com/AUTHENSOR/SafeClaw. This is not a marketing strategy. It is a core design requirement for the kind of software SafeClaw is.

The Trust Problem

SafeClaw sits in the most sensitive position in your development workflow. It intercepts every action your AI agent takes. It decides what executes and what does not. It has access to tool call metadata, file paths, shell commands, and network request targets.

If SafeClaw were closed source, you would be trusting a black box with that authority. You could not verify that the classifier actually redacts secrets before sending data to the control plane. You could not verify that the gateway actually fails closed when the control plane is unreachable. You could not verify that the audit chain actually uses SHA-256 hashing.

We could tell you it does all those things. But telling you is not the same as showing you. Open source means you do not have to take our word for it.

What Is Open Source

Everything that runs on your machine is open source:

• src/ -- 25 source files: the CLI, server, agent runners (Claude and OpenAI), gateway, classifier, policy engine, audit ledger, container runner, notifications, webhooks, config management, analytics, budget controls, caching, rate limiting, scheduler, workspace scoping, validation, and logging.
• ui/ -- The browser dashboard: a PWA with the setup wizard, task runner, approval center, analytics, policy editor, and diagnostics clinic. All HTML, CSS, and JavaScript, served from localhost.
• policies/ -- Default policy templates and the policy schema.
• tests/ -- 446 tests across 24 files. Every test is runnable with npm test.
• Dockerfile -- The container image for sandboxed execution.

You can read every file, run every test, and verify every claim we make about SafeClaw's behavior by inspecting the source.

What Is Not Open Source

The Authensor control plane is a hosted service. It evaluates action metadata against your policy and returns decisions. We are transparent about what it receives: action types (like filesystem.write or code.exec) and sanitized resource strings (like file paths with secrets redacted and truncated to 200 characters). It never receives your API keys, file contents, prompts, or data.

We chose this architecture -- open client, hosted control plane -- because it lets teams get started without running their own infrastructure while keeping the entire enforcement layer auditable. The client is where trust matters most. That is why the client is fully open.

Why MIT

We chose the MIT license because it imposes the fewest restrictions on adoption. You can use SafeClaw in commercial projects, modify it, embed it in proprietary systems, and distribute it however you want. The only requirement is preserving the copyright notice.

We considered more restrictive licenses. We decided against them because AI agent safety is an industry-wide problem, and we want the fewest barriers possible between teams and the tooling that keeps their agents safe.

If a company wants to fork SafeClaw, modify the classifier for their custom tool set, and deploy it internally, they should be able to do that without calling a lawyer. If a framework author wants to integrate SafeClaw's gateway as a first-class safety layer, they should not need to worry about license compatibility.

MIT makes all of that trivially possible.

Open Source as Accountability

Publishing our source code is a form of accountability. When we say SafeClaw fails closed, you can read gateway.js line 113 and see the deny() call in the catch block when the control plane is unreachable. When we say policy regex patterns are validated for ReDoS safety, you can read validate.js and see the static pattern analysis. When we say audit entries use SHA-256 hash chaining, you can read audit.js and trace the chain from GENESIS through every entry.

This accountability extends to our testing practices. Our 446 tests are not a vanity metric. They are executable documentation of every safety guarantee we make. If we claim the gateway denies actions when the control plane is down, there is a test that proves it. If we claim risk signals do not affect policy decisions, there is a test that proves it.

Open source means our claims are verifiable. Verifiable claims build trust. Trust is the currency of security software.

Community and Contributions

SafeClaw is young. We shipped the first version on January 31, 2026, and reached 1.0 Beta two weeks later. We are building in the open because we believe the community's feedback, scrutiny, and contributions make the software better and safer.

If you find a security vulnerability, we want to hear about it. Our SECURITY.md outlines responsible disclosure. If you have ideas for policy patterns, classifier improvements, or new integration targets, open an issue or a pull request.

The code is at github.com/AUTHENSOR/SafeClaw. It is not going behind a paywall. It is not going to switch to a source-available license. SafeClaw is open source, MIT licensed, and it will stay that way.

Install it and see for yourself:

``bash