The SafeClaw Setup Wizard: Zero to Safe in 60 Seconds
The SafeClaw Setup Wizard: Zero to Safe in 60 Seconds
The fastest way to lose a new user is a complicated setup process. Developer tools live and die by their onboarding experience. If someone installs SafeClaw and can't figure out how to configure it in the first few minutes, they'll uninstall it and move on.
We built the SafeClaw setup wizard to make the path from npm install to "my AI agent is protected" as short as possible. Our target: 60 seconds. Here's how we got there.
The Onboarding Challenge
SafeClaw has a lot of configuration surface area. Policy profiles, workspace boundaries, rate limits, budget controls, notification channels, escalation preferences — a full configuration file can be 50+ lines of YAML. Asking a new user to write that from scratch is unreasonable.
But a minimal configuration file doesn't work either. A config with only defaults gives the user protection but no understanding of what's happening or why. They'll hit their first escalation, not understand it, and get frustrated.
The setup wizard threads this needle: it produces a fully functional, customized configuration while teaching the user what each setting does.
The Wizard Flow
Running safeclaw init launches the interactive setup wizard. It asks five questions:
Options: web app, API, library, data science, infrastructure, other. The answer selects a policy template optimized for that project type. A web app template allows network requests but restricts file system access. A data science template allows file writes broadly but restricts package installations.
2. How cautious do you want to be?Options: relaxed, standard, strict. This sets the overall sensitivity — rate limits, escalation thresholds, and risk signal weights. Most users choose standard. Strict is recommended for production environments.
3. Where should your agent be allowed to work?The wizard detects the current directory and suggests it as the workspace root. Users can adjust this, add additional directories, or specify exclusions. The wizard validates that the paths exist and warns about overly broad boundaries.
4. How do you want to handle escalations?Options: dashboard only, push notifications, Slack/Discord webhook. The wizard collects the necessary configuration (webhook URLs, etc.) and tests the connection immediately.
5. Do you want budget controls?Options: no budget limit, daily limit, per-session limit. If the user sets a limit, the wizard asks for the amount and explains what happens when it's reached.
What the Wizard Produces
After five answers, the wizard generates a complete safeclaw.config.yml file, starts the SafeClaw daemon, and runs safeclaw doctor to verify everything is working.
The generated configuration is annotated with comments explaining each section:
``yaml
Policy profile: standard (web-app template)
Change to 'strict' for production environments
profile: standard
Workspace boundary
Your agent can only access files within these paths
workspace:
root: "~/projects/my-app"
# Add more paths with 'include:'
`
These comments serve as inline documentation. When the user eventually needs to customize their configuration, the comments guide them without requiring a trip to the docs.
Smart Defaults
The wizard's templates are informed by real usage data. We analyzed anonymized configuration patterns from our beta users to determine the most common settings for each project type. The defaults aren't arbitrary — they're the settings that most users in similar situations converge on.
For example, we learned that web app developers almost always want to allow
curl and wget but restrict rm -rf. Data science users almost always want unrestricted pip install` but want escalation on file writes outside their data directory. These patterns are baked into the templates.
Post-Wizard Experience
After the wizard completes, it prints a summary of what's configured and suggests next steps: "Try running your AI agent now — SafeClaw is watching." The first escalation includes an extra explanatory message for new users, linking to our documentation for deeper understanding.
The wizard source code is on GitHub. We're always looking for feedback on the onboarding flow — if something confused you, we want to know.
Sixty seconds from install to protection. That's the bar we set, and the setup wizard is how we clear it.