agent-security credential-injection protocol-gating production-ops open-source

Deno open-sources agent credential gating layer

Claw Patrol intercepts agent tool calls at the network layer, parsing and filtering by protocol semantics (SQL verbs, K8s resources, HTTP paths) before credentials are injected, eliminating the trust problem of giving agents production access.

June 24, 2026

Summary

Agents need real production system access to be useful, but credential theft via prompt injection or hallucination is one tool call away. Moving credential injection and request filtering outside the agent process removes the attack surface entirely—a compromised agent never holds the keys.

Why it matters

Implementation verdict

Replaces homegrown credential proxies and LLM gateways for non-HTTP protocols. Requires WireGuard/Tailscale tunnel setup, HCL rule authoring, and protocol support (currently K8s, SQL, HTTP; others require custom parsing). Alpha software with five-minute setup documented. Worth adopting now if you run agents against Postgres, Kubernetes, or multi-protocol backends; skip if agents only call REST APIs.

Sources

1.An agent cannot be trusted to police itself. The agent process holds tools (psql, kubectl, gh, curl) and the credentials those tools need.
2.Credentials live on the gateway, not the agent. The agent sends a placeholder like {{github_pat}} and the gateway swaps in the real token on the wire.
3.Rules match on parsed protocol facets: HTTP method, path, and body; SQL verb, tables, and functions; Kubernetes verb, resource, and namespace.
4.it is currently alpha software

Dev Signal

Get briefs like this in your inbox — free, every weekday.

100+ sources compressed into one 4-minute read. Ranked, cited, implementation-ready.

Read the full issue →All briefs