Live on Sui Testnet

ClawAll

Constraint, Governance, and Audit Layer for OpenClaw on Sui

Autonomous agents should not hold unrestricted execution power.
ClawAll enforces policy checks, operator governance, and on-chain safety constraints.

View on GitHub Watch Demo $ npm run setup

Demo Shell current runtime flow

$ npm run gateway

[clawall-gateway] listening on http://127.0.0.1:3011

[clawall-gateway] transfer gate: enforced=true key_configured=true

$ npm run setup

Bootstrap and runtime refresh complete

$ openclaw clawall status

kill_switch=frozen:false policy_gate=enabled source=plugin

$ openclaw clawall transfer --amount 10000000 --recipient 0x...

risk=MEDIUM approval=required

$ openclaw clawall tx --limit 3

digest=D6gKSC...jfAS status=EXECUTED layer=CHAIN

digest=-- status=BLOCKED layer=RISK_ENGINE

Local dashboard exists for operators only. Use docs section "Local Dashboard" for setup.

The Problem

AI agents with raw
execution power are dangerous

Without a constraint layer, autonomous agents can drain wallets, execute destructive commands, and escalate privileges — silently.

Wallet Drain

Rapid micro-transactions bypass manual review, draining funds before anyone notices.

Destructive OS Commands

Unconstrained agents can execute rm -rf and other irreversible system commands.

Privilege Escalation

Cross-domain actions let agents bootstrap elevated access through chained operations.

No Audit Trail

Without enforcement events, there's no record of what an agent did or why.

Bypassed Human Intent

Agents optimizing for a goal can take paths that violate user intent — legally and technically.

No Override Mechanism

Once an agent is running, there's no reliable way to stop a single bad action mid-execution.

How it works

Seven-layer enforcement
pipeline

Every intent passes through all layers in sequence. Any layer can halt execution — permanently.

AI Agent

Submits intent to the pipeline

Intent Firewall

Blocks unsafe commands instantly

Risk Engine

Multi-factor behavioral scoring

Policy Engine

Allow / Alert / Block / Require Approval

Telegram Governance

Human-in-the-loop approval

Move Enforcement

On-chain constraint execution

Walrus Audit

Immutable event trail

Risk Factors Scored

Policy Levels

∞

Kill-switch survives restarts

100%

On-chain audit coverage

Security Layers

Every layer is a hard stop

Layers are independent — a failure in one doesn't bypass the others.

Layer 01

Intent Firewall

Inspects raw intent before any scoring. Blocks destructive OS commands, unauthorized domain escalation, and known attack patterns outright.

rm -rf domain escalation pattern match

Layer 02

Risk Engine

Computes a 0–100 risk score from eight independent signals including transfer size, recipient novelty, velocity, and behavioral anomalies.

score 0–100 8 signals compounding

Layer 03

Policy Engine

Maps risk level to action. LOW auto-approves. MEDIUM allows with Telegram alert. HIGH requires explicit human approval before execution proceeds.

LOW → allow MEDIUM → alert HIGH → approval

Layer 04

Telegram Governance

Real-time human oversight via Telegram bot. Inline approve/reject buttons, live logs, freeze/resume commands, and on-chain transaction lookup.

/freeze /resume /logs /status

Layer 05

Kill Switch

Persistent file-based kill switch survives process restarts. Triggered by critical OS violations or manual /freeze. Cross-domain: OS violation freezes blockchain actions.

persistent cross-domain kill-switch.json

Layer 06

Move Enforcement

Transfer constraints are minted on-chain with max_amount, allowed_recipient, and expiry_ms. Execution is enforced by the Move runtime — not just application logic.

max_amount expiry TransferExecuted

Risk Level	Score Range	Action	Telegram
● LOW	0 – 39	Auto-approved	Silent
● MEDIUM	40 – 69	Allowed with alert	Alert sent
● HIGH	70 – 100	Blocked pending approval	Approve / Reject

Demo

Watch it in action

Live runtime simulation: risk scoring, governance approval, freeze controls, and on-chain execution records.

Runtime Demo

Risk scoring, governance approval, and execution flow in a single run.

clawall-demo.mp4

ClawAll Setup Walkthrough

Step-by-step bootstrap flow for local setup with subtitle support.

clawall-setup.mp4

Tech Stack

Built on real infrastructure

No mocks. Real on-chain transactions, real Telegram bot, real Walrus blobs.

01 Sui Move Smart contract enforcement layer — on-chain constraint minting & execution

02 Sui JSON-RPC Transaction signing, execution, and event querying

03 Node.js ESM Agent runtime — modular, async, fully typed pipeline

04 Telegram Bot API Human governance interface — approvals, freeze, audit commands

05 Walrus Decentralized audit blob storage — every execution logged immutably

06 Custom Risk Engine Multi-factor behavioral scoring — 8 signals, compounding logic

Get Started

Run it locally

Clone

$ git clone https://github.com/tejas0111/clawall

Install

$ npm install

Configure .env

PRIVATE_KEY=<your_private_key>
GUARD_CAP_ID=<your_guard_cap_id>
PACKAGE_ID=<deployed_package_id>
TG_BOT_TOKEN=<telegram_bot_token>
TG_CHAT_ID=<telegram_chat_id>
CLAWALL_PLUGIN_KEY=<plugin_key>

Run Services

$ npm run gateway
Gateway started on 127.0.0.1:3011
$ openclaw clawall status
Runtime status available

============================================================================
===     ===  ===========  =====  ====  ====  =====  =====  ========  =======
==  ===  ==  ==========    ====  ====  ====  ====    ====  ========  =======
=  ========  =========  ==  ===  ====  ====  ===  ==  ===  ========  =======
=  ========  ========  ====  ==  ====  ====  ==  ====  ==  ========  =======
=  ========  ========  ====  ==   ==    ==  ===  ====  ==  ========  =======
=  ========  ========        ===  ==    ==  ===        ==  ========  =======
=  ========  ========  ====  ===  ==    ==  ===  ====  ==  ========  =======
==  ===  ==  ========  ====  ====    ==    ====  ====  ==  ========  =======
===     ===        ==  ====  =====  ====  =====  ====  ==        ==        =
============================================================================

ClawAll Demo Shell
Real OpenClaw path with security and tamper controls.

1 → Normal Transaction
2 → Medium Risk Transaction
3 → High Risk Transaction (Approval Required)
4 → Simulate OS Attack
5 → Show Frozen Status
6 → Reset In-Memory State
0 → Exit

clawall>

Roadmap

What's next

01 Multi-sig governance with operator quorum approvals

02 Expanded tx-history and chainlogs analytics in local dashboard

03 Policy bundle lifecycle tooling (sign, anchor, verify)

04 Stronger automated red-team and forensics pipelines

05 Production-safe proxy pattern for hosted operations UI

06 Attested agent identity and verifiable governance actions