Tools
Clawgovernor
By Enterprise Governance for OpenClaw. Generate hardened plugins with built-in redaction, rate-limiting, and audit streams.
Install
openclaw plugins install ./outputConfiguration Example
version: "1.0"
policies:
- operation: "GET:/store/inventory"
redact:
- jsonPath: "$.secretStock"
action: removeREADME
<div align="center">
<h1>🛡️ ClawGovernor</h1>
<p><strong>Enterprise Governance for OpenClaw</strong></p>
<p>Stop leaking API keys and start auditing agent actions.</p>
</div>
ClawGovernor is an open-source toolchain that generates hardened, secure OpenClaw plugins directly from any OpenAPI specification. It embeds a lightweight, in-process policy engine into every plugin it generates, offering field-level redaction, rate limits, and audit streams—without requiring an external proxy.
## Key Features
- **Local & Fail-Closed:** Policy enforcement happens in-process. If the engine cannot load your `clawgovernor.policy.yaml`, all operations are strictly blocked to prevent accidental data leaks.
- **Zero-Trust Secrets:** API credentials are automatically mapped to runtime environment variables and are never hardcoded or saved inside the generated openclaw plugin package.
- **Smart Redaction:** Intercept API responses *before* they return to the LLM agent. Strip out SSNs, credit cards, emails, or custom JSONPaths to keep PII out of context windows.
- **Audit Streams:** Every single tool execution and redacted field is immutably logged to a structured JSONL file.
## Quick Start
### 1. Generate the governed plugin
To generate a governed API integration, point the CLI at any standard OpenAPI v3 specification:
```shell
npx @clawgovernor/cli generate --spec ./petstore.yaml
```
### 2. Configure your policies
The CLI will generate a generic `clawgovernor.policy.yaml` inside your output folder. Open it and define your governance rules:
```yaml
version: "1.0"
policies:
- operation: "GET:/store/inventory"
redact:
- jsonPath: "$.secretStock"
action: remove
```
### 3. Install into OpenClaw
Since the output is a standard OpenClaw plugin (just wrapped inside our policy engine), you can install it directly:
```shell
openclaw plugins install ./output
```
## Architecture
This repository is structured as a monorepo consisting of three core packages:
- `packages/cli` - The CLI generator tool that users run.
- `packages/openclaw-templates` - The plugin execution template which wraps your custom APIs.
- `packages/policy-core` - The low-latency policy engine that evaluates requests, checks rate limits, and redacts fields at runtime.
## Open-Core Model
The CLI, local engine, basic redaction, and OSS templates are free forever for individual and community use. For advanced regex presets, SIEM webhooks, custom VPC deployments, and unified Team approval streams, [check out our Website pricing plans](#) or Contact Sales.
---
*Built to bring enterprise-grade security to the OpenClaw ecosystem.*
tools
Comments
Sign in to leave a comment