clash
Be an agentic engineer, not an agent babysitter.
You define the capabilities. Clash enforces them. Your agent never sees a choice.
The problem
Every tool call your agent makes requires a decision. Right now, that decision is yours — every single time.
Approve everything
git status — Allow. cat file.rs — Allow. cargo test — Allow. Hundreds of times a session. Your flow is gone.
Approve nothing
Skip permissions entirely. Fast, until git push --force hits the wrong remote or rm -rf finds your home directory.
Approve once
Write a policy file. Clash enforces it on every tool call, at the OS level. Safe commands run instantly. Dangerous ones are blocked. You stay in flow.
Get started
curl -fsSL https://raw.githubusercontent.com/empathic/clash/main/install.sh | bash
clash init
claude
Three commands. One binary, one policy file, full enforcement. See the Quick Start for details.
Agent support
| Agent | Status |
|---|---|
| Claude Code | Supported |
| Codex CLI | Planned |
| Gemini CLI | Planned |
| OpenCode | Planned |
Clash is agent-independent. Contributions welcome.