Anyone letting AI agents run tasks in Cursor or similar tools has probably had that moment of dread: did it just delete something important? ClawDiary is an open-source project that addresses this with two simple ideas - log everything the agent does, and block the dangerous stuff until a human says yes.
The tool runs on Cloudflare Workers and exposes two main API endpoints. The audit endpoint (/v1/audit) records completed actions asynchronously to a D1 database, so logging doesn't slow the agent down. The guard endpoint (/v1/guard) is where it gets interesting: when an agent tries something risky, the request blocks until you approve or reject it through a Telegram bot.
How Risk Classification Works
ClawDiary sorts agent actions into three tiers. Safe operations like file reads, web searches, and calculations are auto-approved and logged silently. Medium-risk actions like file deletion and curl piped to shell get flagged. Critical operations - rm -rf, drop table, format - require explicit approval before they execute. Unrecognized actions default to medium risk but auto-approve, which is a pragmatic choice that avoids blocking every unknown command.
The free self-hosted tier allows 50 guard calls and 200 audit logs per day. There's also a hosted version at clawdiary.org with a web dashboard and paid plans.
For Cursor users, setup means adding rules that instruct agents to call the guard endpoint before destructive operations. MCP-compatible tools can fetch a descriptor at /mcp.json and use the request_human_approval tool directly. The whole thing deploys with standard Cloudflare Wrangler commands and stores data in D1 (Cloudflare's SQLite-based database).
It's a straightforward solution to a real problem. As AI agents gain more autonomy inside development environments, having an audit trail and a human checkpoint for the scary commands is basic hygiene.