Tools
AgentWard
By AgentWard โ Built for all, hardened for OpenClaw.
Install
openclaw plugins install /path/to/agent-wardConfiguration Example
{
"plugins": {
"allow": ["agent-ward"],
"entries": {
"agent-ward": {
"enabled": true
}
}
}
}README
# AgentWard ยท ็็ฒOS
**AgentWard (็็ฒ)** is a full-stack security operating system purpose-built for trustworthy, scalable AI agent deployment, with native code adaptation to OpenClaw. AgentWard unifies agent onboarding, secure reasoning, and trusted execution in one cohesive security architecture, with upcoming native support for other leading mainstream agent frameworks. Its heterogeneous defense-in-depth design rearchitects the agent workflow into five coordinated security layers across startup, perception, memory, decision-making, and execution, with dynamic cross-stage protections that verify foundation integrity, block adversarial deception, stop memory tampering, and validate every autonomous decision and high-risk command โ a complete, end-to-end closed security loop that delivers on the promise of "trustworthy at inception, controllable throughout the process, and reliable in outcomes".
## Why AgentWard
- ๐ก๏ธ **Comprehensive Risk Coverage** โ Heterogeneous Defense-in-Depth (DiD) architecture delivers full-scope agent security assurance, blocking diverse attack vectors across the entire agent attack surface.
- โก **One-Click Deployment** โ Plugin-native design weaves security natively into the full agent lifecycle. Enable comprehensive agent security with one click via non-intrusive integration, which guarantees seamless and fast version adaptation for OpenClaw.
- ๐ **Deterministic System-Level Controls** โ Delivers deterministic, fully auditable, code-enforced security that outperforms skill-based solutions depending on endogenous security, with native support for large-scale deployment and production-grade readiness.
- ๐ **Open & Extensible Security Standard** โ Community-driven, transparent and auditable open standard with a modular architecture designed for extensibility. Built with complete framework-algorithm decoupling for effortless integration of advanced detection algorithms, with a roadmap to extend support to general agentic systems.
## Quick Start
1. โก **Installation**
```bash
# One-click deployment
openclaw plugins install /path/to/agent-ward
```
2. ๐ฅ **Enable Plugin**
Edit `~/.openclaw/openclaw.json`:
```json
{
"plugins": {
"allow": ["agent-ward"],
"entries": {
"agent-ward": {
"enabled": true
}
}
}
}
```
3. โ
**Verify Installation**
```bash
openclaw plugins list
```
Then enjoy enhanced security for your OpenClaw!
## Systematic Architecture
**AgentWard** is natively and deeply integrated with the OpenClaw platform and embeds native security capabilities into the full lifecycle workflow of AI agents. Its heterogeneous defense-in-depth architecture reconstructs isolated single-point security checks into a closed-loop, coordinated system-level protection system, delivering end-to-end, full-chain trustworthy assurance for AI agents from startup through to execution.
### Five Coordinated Defense Layers
AgentWard delivers **system-level security** through five tightly integrated layers that work in tandem โ transforming isolated security checks into a unified, end-to-end protection system for AI agents.
| Layer | Focus |
| ----------------------------- | ----------------------------------------- |
| ๐๏ธ Foundation Scan Layer | Supply chain trust and baseline integrity |
| ๐งผ Input Sanitization Layer | Prompt injection and jailbreak detection |
| ๐ง Cognition Protection Layer | Memory poisoning and context drift |
| ๐ฏ Decision Alignment Layer | Intent consistency before action |
| ๐ง Execution Control Layer | High-risk operation guardrails |
### ๐จ Threat Response and Mitigation
- ๐ข Send alert messages via IM when threats are detected
- ๐ Automatically block dangerous operations without human intervention
- ๐ Clear warning descriptions to help understand risks
### โ๏ธ Flexible Configuration
- ๐๏ธ Each protection layer can be enabled/disabled independently
- ๐๏ธ Supports "detection-only" mode to reduce false positive impact
- ๐ Some layers support custom rules to meet specific scenario requirements
## Defense Visualization
### ๐๏ธ Layer 1: Foundation Scan
Ensures the agent starts from a trustworthy foundation.
<div align="center">
<table>
<tr>
<td align="center" width="50%"><p style="margin:0 0 8px 0; color:#666; font-size:13px;">English Version</p><video src="https://github.com/user-attachments/assets/201a59de-232e-47e9-a57e-515b2b3961e5" controls preload="metadata" style="width:100%; max-width:400px; height:225px; object-fit:cover;"></video></td>
<td align="center" width="50%"><p style="margin:0 0 8px 0; color:#666; font-size:13px;">Chinese Version</p><video src="https://github.com/user-attachments/assets/3842d195-635f-4b22-a9ef-1c4a3aaf12bf" controls preload="metadata" style="width:100%; max-width:400px; height:225px; object-fit:cover;"></video></td>
</tr>
</table>
</div>
### ๐งผ Layer 2: Input Sanitization
Identifies adversarial inputs before they propagate into the agent.
<div align="center">
<table>
<tr>
<td align="center" width="50%"><p style="margin:0 0 8px 0; color:#666; font-size:13px;">English Version</p><video src="https://github.com/user-attachments/assets/d0ba7218-2e9d-4bba-893c-36bddc2b397d" controls preload="metadata" style="width:100%; max-width:400px; height:225px; object-fit:cover;"></video></td>
<td align="center" width="50%"><p style="margin:0 0 8px 0; color:#666; font-size:13px;">Chinese Version</p><video src="https://github.com/user-attachments/assets/9491c8cd-4d30-4b57-8e88-7cc438762cb6" controls preload="metadata" style="width:100%; max-width:400px; height:225px; object-fit:cover;"></video></td>
</tr>
</table>
</div>
### ๐ง Layer 3: Cognition Protection
Protects long-term memory and contextual continuity from poisoning.
<div align="center">
<table>
<tr>
<td align="center" width="50%"><p style="margin:0 0 8px 0; color:#666; font-size:13px;">English Version</p><video src="https://github.com/user-attachments/assets/914c0d4b-32ee-4336-9de9-3dff9ccc1bc8" controls preload="metadata" style="width:100%; max-width:400px; height:225px; object-fit:cover;"></video></td>
<td align="center" width="50%"><p style="margin:0 0 8px 0; color:#666; font-size:13px;">Chinese Version</p><video src="https://github.com/user-attachments/assets/33ee07a9-8311-4952-9439-d22471b9939c" controls preload="metadata" style="width:100%; max-width:400px; height:225px; object-fit:cover;"></video></td>
</tr>
</table>
</div>
### ๐ฏ Layer 4: Decision Alignment
Keeps agent decisions aligned with authorized user intent.
<div align="center">
<table>
<tr>
<td align="center" width="50%"><p style="margin:0 0 8px 0; color:#666; font-size:13px;">English Version</p><video src="https://github.com/user-attachments/assets/59e0235c-b794-4971-b36d-667279629388" controls preload="metadata" style="width:100%; max-width:400px; height:225px; object-fit:cover;"></video></td>
<td align="center" width="50%"><p style="margin:0 0 8px 0; color:#666; font-size:13px;">Chinese Version</p><video src="https://github.com/user-attachments/assets/72cbb62a-d91e-4b09-8b28-84423833c2c4" controls preload="metadata" style="width:100%; max-width:400px; height:225px; object-fit:cover;"></video></td>
</tr>
</table>
</div>
### ๐ง Layer 5: Execution Control
Enforces safety boundaries at the point of execution.
<div align="center">
<table>
<tr>
<td align="center" width="50%"><p style="margin:0 0 8px 0; color:#666; font-size:13px;">English Version</p><video src="https://github.com/user-attachments/assets/eb705acf-12c7-4b86-a3bb-73e8ecfeb249" controls preload="metadata" style="width:100%; max-width:400px; height:225px; object-fit:cover;"></video></td>
<td align="center" width="50%"><p style="margin:0 0 8px 0; color:#666; font-size:13px;">Chinese Version</p><video src="https://github.com/user-attachments/assets/39d9886f-4083-45d3-a5c6-d15a13c77ed7" controls preload="metadata" style="width:100%; max-width:400px; height:225px; object-fit:cover;"></video></td>
</tr>
</table>
</div>
## Roadmap
### ๐ End-to-End Full-Stack Security System
Our roadmap is structured around a multi-layered defense architecture designed to secure the entire agent lifecycle, from configuration and input processing to cognition, decision-making, and execution.
#### ๐ System Infrastructure Framework
- โ
Plugin-native modular architecture
- โ
Base adapter suite
- โ
Core detection engine
- โ
Heuristic rule-based detection module
- โ
Intent risk evaluation system
- ๐ Trust-aware risk assessment capabilities
#### ๐๏ธ Foundational Scanning Layer
- โ
Global and plugin-level configuration security checks
- โ
Semantic malicious skill detection
- ๐ Skill source verification
- ๐ Plugin dependency analysis
- ๐ Hybrid natural language and code vulnerability detection
#### ๐งผ Input Sanitization Layer
- โ
Rule-based injection and jailbreak detection
- โ
Semantic coherence analysis for user inputs
- โ
Fragmented malicious instruction detection
- ๐ Multi-turn stealth attack detection
- ๐ Secure malicious content rewriting and replacement
- ๐ Multimodal injection attack detection
#### ๐ง Cognitive Protection Layer
- โ
Memory consistency evaluation and calibration
- ๐ Malicious memory corpus construction and threat matching
- ๐ Memory vectorization and outlier detection
- ๐ Checkpoint-based memory recovery
- ๐ Context drift detection and correction
#### ๐ฏ Decision Alignment Layer
- โ
Consistency validation between agent decisions and user intent
- ๐ Static rule filtering and compliance verification
- ๐ Multi-step trajectory reasoning audit
- ๐ Risk-adaptive dynamic permission allocation
- ๐ High-risk action identification and safe rewriting
#### ๐ง Execution Control Layer
- โ
Real-time interception and blocking of high-risk system instructions
- โ
Behavioral intent analys
... (truncated)
tools
Comments
Sign in to leave a comment