SafeClaw Roadmap: What's Coming in 2026
SafeClaw Roadmap: What's Coming in 2026
SafeClaw 1.0 Beta shipped on February 10, 2026. In two weeks, we went from an internal tool to an open-source product with multi-provider support, a browser dashboard, a policy engine, tamper-proof audit logs, container mode, and 446 tests. That was the foundation. This post is about what we are building on top of it.
Our roadmap is organized around four themes: team workflows, integration depth, policy intelligence, and platform reach. Here is what is coming.
Team Policies and RBAC
SafeClaw today is designed for individual developers. One machine, one policy, one approval flow. But teams running AI agents need shared governance.
Team policy management will let organizations define policies centrally and distribute them to team members. A security lead writes the baseline policy. Developers can layer project-specific rules on top but cannot weaken the baseline. Policy changes are versioned, auditable, and propagated automatically. Role-based access control (RBAC) will introduce principal types beyond the current single-user model. An organization can define roles likedeveloper, ci-agent, senior-engineer, and admin, each with different policy scopes. A CI agent might have a stricter policy than a senior engineer's interactive session. An admin can modify policies; a developer can only view them.
We are designing RBAC to work with existing identity providers. If your team uses GitHub organizations or SSO, we want SafeClaw roles to map naturally to your existing structure.
API Integration Mode
SafeClaw currently runs as a CLI tool with a browser dashboard. For teams that want to embed agent safety into their own applications, pipelines, or orchestration layers, we are building an API integration mode.
This mode exposes SafeClaw's gateway as a programmatic interface. You send an action request, get back a decision, and handle the result in your own code. No CLI, no browser, no dashboard required.
The API will support the full decision lifecycle: evaluate an action, create an approval request, poll for resolution, and append an audit entry. This makes SafeClaw composable -- you can integrate it into CI/CD pipelines, backend services, Jupyter notebooks, or any environment where a CLI is not appropriate.
For teams building multi-agent systems, API mode means each agent can have its own SafeClaw gateway with its own policy, all managed programmatically from an orchestration layer.
Plugin System
SafeClaw's classifier maps tool names to action types using a static mapping table. This works well for known tools (Claude SDK tools, OpenAI function calls, MCP tools), but teams with custom agent frameworks have tools we have never seen.
The plugin system will let you extend the classifier, policy engine, and notification pipeline with custom logic:
- Custom classifiers for proprietary tools or domain-specific action types
- Custom policy evaluators that integrate with external authorization services (OPA, Cedar, custom APIs)
- Custom notifiers beyond the built-in SMS, webhook, and browser notifications
- Custom risk signal detectors for domain-specific threat patterns
Plugins will be standard ES modules loaded at startup. They will have access to a defined plugin API but will be sandboxed from SafeClaw's core. A buggy plugin cannot break the gateway.
Policy Intelligence
Today, SafeClaw's policy engine evaluates rules deterministically. A rule either matches or it does not. We are exploring features that make policies smarter without sacrificing predictability:
Anomaly detection. Using the audit ledger's history, SafeClaw could flag actions that deviate from the agent's normal pattern. If an agent that typically reads files and runs tests suddenly tries tocurl data to an external endpoint, the anomaly signal adds context to the approval request.
Policy recommendations. Based on your approval patterns -- what you consistently approve, what you consistently reject -- SafeClaw could suggest new rules to reduce approval fatigue without weakening safety.
Cost-aware gating. Extending the existing budget controls with per-action cost estimation. Before an agent runs a command that might incur cloud costs (provisioning resources, running expensive API calls), the policy can factor in the estimated cost.
These features will always be advisory. The policy engine remains deterministic. Intelligence surfaces information; it does not make decisions.
Platform Reach
SafeClaw currently supports Claude (via the Anthropic Agent SDK) and OpenAI (via our custom agent loop). We are expanding to more platforms:
- Additional model providers -- Gemini, Llama, Mistral, and other models as agent frameworks mature
- Framework integrations -- First-class support for LangChain, CrewAI, AutoGen, Mastra, and the Vercel AI SDK
- IDE integrations -- SafeClaw as a sidecar for Cursor, Windsurf, and other AI-powered development environments
- Cloud deployment -- Managed SafeClaw instances for teams that want gating without local infrastructure
Each integration will use the same core gateway and policy engine. The classifier will be extended with framework-specific tool mappings, but the safety model remains identical.
Timeline
We are not putting dates on individual features. SafeClaw is a beta, and our priority order may shift based on feedback. What we can commit to:
- Q1 2026: API integration mode, additional provider support
- Q2 2026: Team policies, RBAC foundations, plugin system alpha
- Q3 2026: Policy intelligence features, managed cloud deployment
- H2 2026: Framework integrations, IDE sidecar mode
The roadmap is published here for transparency. If something matters to your team, tell us. Open an issue at github.com/AUTHENSOR/SafeClaw or reach out directly.
What We Will Not Do
A roadmap is also a statement of what we are not building:
- We will not add a "disable gating" mode. SafeClaw always gates.
- We will not make fail-closed configurable. If the control plane is unreachable, actions are denied.
- We will not add telemetry or analytics that send data about your agents or actions to us without explicit opt-in.
- We will not change the license. MIT, forever.
SafeClaw's roadmap is about making agent safety more powerful, not less strict. Every feature we ship will make it easier to run agents safely. None will make it easier to run them unsafely.