User Guide · 13 steps to ship

Start from zero — get ClawHeart running

A beginner-friendly walkthrough. 5 chapters, 13 screenshots — scroll top to bottom and you'll have the full Agent-onboarding → monitoring-alert loop wired up.

Start with step 1 Haven't downloaded ClawHeart yet

目录 · Table of Contents

Ch.01 · Chapter 1

Getting StartedFirst launch — meet the home dashboard

2 steps

STEP 01

Pick a monitoring tier

Three options; "Endpoint Mapping" is the recommended default

First launch shows an onboarding screen where you pick the monitoring intensity.

"Endpoint Mapping" is the zero-touch app-layer option; almost everyone starts there. The other two (System Proxy / Sandbox Isolation) are advanced options you can switch to later from the "Monitoring Mode" page.

tier1 Endpoint Mapping = point the Agent's BASE_URL to ClawHeart
tier2 System Proxy = MITM covers every process honoring the system proxy
tier3 Sandbox Isolation = kernel-enforced, impossible to escape

STEP 02

Home overview

One screen, seven tool entry points

The home page has a Hero animation up top (showing the 8-layer defense intercepting in real time) and a row of 7 tool cards below — Agent Discovery, Monitoring, Scanning, Skills, Usage, Settings, and more.

Treat the home page as your dashboard: jump straight into any tool, with breadcrumbs to step back from anywhere.

end of Ch.01

Ch.02 · Chapter 2

ConfigurePlug Agents and channels in

3 steps

STEP 03

Agent Discovery page

All local AI tools at a glance

Open the first card "Agent Discovery" from the home page. The top tab switches between agents (Claude Code / Codex / Cursor / OpenClaw / Hermes …); the bottom shows the channels currently assigned to the active agent.

The "Importable" badge in the top-right means ClawHeart can parse that agent's local config and import its channels in one click.

STEP 04

Reverse-import existing config

Pull channels straight out of the config file

"Import from config" opens a candidate list showing each provider / base_url / key status detected in the active agent's config file.

If the agent uses login-based auth (no native API key), a yellow warning at the top of the dialog tells you "no local key available" — just hit OK and skip.

OpenClaw / Codex / Gemini support reverse-import
Selected items are bulk-added to "Model Channels" and auto-assigned to the current agent

STEP 05

Add a channel manually

65 built-in presets + custom

If reverse-import can't find what you want, or you want to add a third-party relay, hit "New" to open the add-channel dialog. The top half is a grid of 65 common upstream presets (one click auto-fills base_url / protocol); the bottom half is a free-form form.

API keys go straight into the OS Keychain on submit; the database only ever sees a masked value.

end of Ch.02

Ch.03 · Chapter 3

UseOne-click takeover, rollback any time

2 steps

STEP 06

Enable takeover

Route the agent's outbound traffic through ClawHeart

Pick a channel and flip the "Takeover" switch in the toolbar. ClawHeart rewrites the agent's config (base_url becomes 127.0.0.1:19112) and every request now flows through the ClawHeart gateway.

Green switch + lit status dot = it's live. Restart the agent and you're done.

The original config is backed up before any change
Credentials are swapped for a virtual `sk-claw-xxx` key; the real key never leaves the Keychain

STEP 07

Takeover history & rollback

Every change is traceable

Click "Takeover History" in the toolbar to open a right-side drawer listing every takeover change for that agent — time / before / after / rollback button.

Any change can be reverted to that point-in-time config state. The operation is atomic — no half-applied state.

end of Ch.03

Ch.04 · Chapter 4

Core FeaturesMonitor / Scan / Usage / Skills

4 steps

STEP 08

Real-time monitoring

See every agent call

The monitoring page has the request stream on the left (a timeline) and intercept events / token usage on the right. Click any row to expand the payload, normalized form, and any rules that fired.

Everything lands in local SQLite — close the app, reopen later, all of it is still there.

STEP 09

80 security audits

Offline scan, zero LLM dependency

The scan page runs 80+ checks across 8 categories: file permissions · credential leaks · MCP config · agent behavior · skill supply chain · process allowlist · network egress · Registry / Keychain.

Results are grouped by severity; click any item to see the evidence trail and suggested fix.

STEP 10

Usage stats

Token spend at a glance

The usage page groups token spend by Agent / Provider / Model with a sparkline per row. It's the fastest way to spot which tool or model is burning money.

Set a budget threshold and ClawHeart fail-closes the traffic when you exceed it.

STEP 11

Skill management

SkillGuard scores every local skill

Wildcard-scans `~/.<agent>/skills/` and runs the SkillGuard rule set to score each skill (command exec / network egress / file access / credential leakage).

The page lets you one-click bundle, back up, and compare historical score changes.

end of Ch.04

Ch.05 · Chapter 5

AdvancedSwitching tiers and customization

2 steps

STEP 12

Switch monitoring tier

Side-by-side comparison page, switch on demand

The Monitoring Mode page lays tier1 / tier2 / tier3 out horizontally and clearly labels each: coverage scope, install steps, whether a CA cert is required.

Switching is atomic — the old tier's config is uninstalled, the new tier installed automatically.

STEP 13

All-in-one Settings

Language · Security · Advanced

10-language switcher, rule-set toggle / customization, log retention policy, backup & restore, replay the onboarding flow — all from the settings page.

Sensitive operations (delete all data / reset, etc.) all show a confirmation dialog.

end of Ch.05

13 steps in, and you've covered every core feature of ClawHeart

Got questions? Open Settings → Replay onboarding to walk through it again. Or file a GitHub issue or check the full docs.

Download ClawHeart GitHub Source