Tools
Axonflow Openclaw
By AxonFlow governance plugin for OpenClaw โ policy enforcement, PII detection, and audit trails for OpenClaw tool execution
Install
openclaw plugins install @axonflow/openclaw-pluginConfiguration Example
plugins:
@axonflow/openclaw-plugin:
endpoint: http://localhost:8080
clientId: your-client-id
clientSecret: your-secret
highRiskTools:
- web_fetch
- messageREADME
# @axonflow/openclaw-plugin
AxonFlow governance plugin for [OpenClaw](https://github.com/openclaw/openclaw). Adds centralized policy enforcement, PII detection, and audit trails to OpenClaw tool execution.
## What It Does
| Hook | When | Action |
|------|------|--------|
| `before_tool_call` | Before tool executes | Evaluates tool arguments against policies. Blocks dangerous commands, detects PII, enforces rate limits. |
| `tool_result_persist` | Before result is saved | Scans tool output for PII/secrets. Redacts sensitive data before it reaches the session transcript. |
| `after_tool_call` | After tool executes | Logs execution to AxonFlow audit trail. Fire-and-forget (non-blocking). |
## Install
```bash
openclaw plugins install @axonflow/openclaw-plugin
```
## Configure
In your OpenClaw config:
```yaml
plugins:
@axonflow/openclaw-plugin:
endpoint: http://localhost:8080
clientId: your-client-id
clientSecret: your-secret
highRiskTools:
- web_fetch
- message
```
### Configuration Options
| Option | Required | Default | Description |
|--------|----------|---------|-------------|
| `endpoint` | Yes | โ | AxonFlow agent gateway URL |
| `clientId` | Yes | โ | AxonFlow client ID |
| `clientSecret` | Yes | โ | AxonFlow client secret |
| `highRiskTools` | No | `[]` | Tools that require human approval even when policy allows |
| `governedTools` | No | `[]` (all) | Tools to govern. Empty = all tools. |
| `excludedTools` | No | `[]` | Tools to exclude from governance |
| `defaultOperation` | No | `"execute"` | Operation type for mcp_check_input (`"execute"` or `"query"`) |
## How It Works
```
User sends message โ OpenClaw selects tool
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ before_tool_call (AxonFlow plugin) โ
โ โ mcp_check_input(openclaw.{tool}, args) โ
โ โ BLOCK if policy violated โ
โ โ REQUIRE APPROVAL if high-risk tool โ
โ โ ALLOW if clean โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
Tool executes (web_fetch, message, MCP, etc.)
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ tool_result_persist (AxonFlow plugin) โ
โ โ mcp_check_output(openclaw.{tool}, result) โ
โ โ REDACT PII/secrets in result โ
โ โ BLOCK if exfiltration detected โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ after_tool_call (AxonFlow plugin) โ
โ โ audit_tool_call(tool, params, result) โ
โ โ Non-blocking audit log โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
```
## Prerequisites
- [AxonFlow](https://github.com/getaxonflow/axonflow) running (Docker or production)
- OpenClaw 1.0+
## Starter Policies
See [policies/README.md](./policies/README.md) for recommended policy setup for OpenClaw deployments.
## Links
- [AxonFlow Documentation](https://docs.getaxonflow.com)
- [OpenClaw Integration Guide](https://docs.getaxonflow.com/docs/integration/openclaw/)
- [Policy Enforcement](https://docs.getaxonflow.com/docs/mcp/policy-enforcement/)
## License
BSL-1.1 (Business Source License)
tools
Comments
Sign in to leave a comment