Get started

Features

The policy loop is visible from device to admin.

  • Category policies per group

    Block UT1 content categories per policy group — adult, gambling, malware, AI chat tools, and more — from the admin console.

  • Allow and block lists

    Tenant-wide allowlists override category blocks; blocklists add domains on top of URLhaus, OpenPhish, and PhishTank feeds.

  • Threat indicator feeds

    URLhaus, OpenPhish, and PhishTank ship in an ed25519-signed gzip bundle refreshed every 15 minutes. Agents verify the signature before trusting a bundle.

  • Local block page

    Blocked DNS queries sinkhole to 127.0.0.1 with the domain, category, source feed, and policy group on screen. A desktop toast shows the reason.

  • False-positive review queue

    End users submit a review request from the block page. It lands in the admin queue with the original policy reason and device context attached.

  • Device audit and block feed

    Every block writes a JSONL audit record on the endpoint. In managed mode, events also post to the admin block feed at /v1/report.

  • Offline filtering from cache

    Blocklist and policy live in a local cache — %PROGRAMDATA%\ClearScreen on Windows, /var/lib/clearscreen on Linux. If the edge is unreachable, the last verified bundle keeps filtering.

  • DoH upstream, no TLS decryption

    Allowed queries forward upstream over DoH to Cloudflare 1.1.1.1 and are cached. No TLS inspection, PAC file, or network gateway in the policy path.

  • Standalone and managed enrollment

    Standalone runs on a public bundle with default policy — no account required. Run clearscreen enroll <key> to exchange an enrollment key at /v1/enroll for a device-scoped API key and central policy.

How it works.

  1. Deploy the agent

    Install the Go binary on Windows, Linux, or macOS. The agent binds 127.0.0.1:53, sets system DNS to loopback, and restores the resolver on stop.

  2. Set policy per group

    Choose blocked UT1 categories, add tenant allowlists and blocklists, and assign policy groups from the admin console. Managed agents pull policy from /v1/policy.

  3. Review on device and in admin

    Blocked domains show a local block page with the reason. False-positive reports land in the admin queue. Block events export as CSV or JSON.

Start with one policy group.

Deploy the agent to a pilot fleet, set UT1 categories, and review blocks on device before a wider rollout.

Get started Book a demo