Integrations

OpenClaw Integration (NomoClaw)

OpenClaw is a personal AI assistant that operates while you sleep — deleting emails, running shell commands, moving files, submitting forms. That power is exactly why it needs governance. A misunderstood “clean up my inbox” can become a mass delete. A creative interpretation of “reorganize my files” can move things you didn’t expect.

The managed-agents package wraps OpenClaw’s tool execution with Nomotic governance. Before any action fires, it is evaluated against policy. Low-risk reads proceed silently. High-risk actions — shell commands, file deletions, form submissions — require your approval via your configured messaging channel.

Installation

pip install "managed-agents>=2.0.0"

You will also need a Nomotic agent identity from amp.nomotic.ai/identity.

Quick start

python

from managed_agents import (
    NomoticHarness,
    StandardPrescreener,
    ToolPolicy,
    GovernanceDenied,
)

harness = NomoticHarness(
    api_key="nm_live_...",       # from amp.nomotic.ai/settings
    agent_id="nmc-...",          # from amp.nomotic.ai/identity
    platform="openclaw",
    prescreener=StandardPrescreener(
        block_destructive_shell=True,    # rm -rf, DROP TABLE, mkfs, fork bombs
        block_bulk_operations=True,      # >10 emails, >20 files, >5 calendar items
        escalate_credential_access=True, # .ssh/, .env, /etc/passwd, API keys
    ),
    policy=ToolPolicy.DEFAULT,
    block_on_escalate=False,     # route escalations to approval queue, don't block
    on_escalate=send_approval_request,  # your messaging channel handler
    on_deny=notify_user_of_block,
)

async def execute_tool(tool_name: str, tool_input: dict) -> str:
    await harness.govern(tool_name, tool_input)
    return await openclaw_runtime.execute(tool_name, tool_input)

try:
    await execute_tool("bash", {"command": "rm -rf ~/old-invoices"})
except GovernanceDenied as e:
    print(f"Blocked: {e}")

How it works

You (WhatsApp / Telegram / Slack)
  ↓
OpenClaw Agent
  ↓  tool call about to fire
managed-agents harness
  ↓  prescreening layer (deterministic, <1ms, no network)
  ↓  Nomotic governance evaluation → amp.nomotic.ai
Verdict
  ├─ ALLOW    → tool executes
  ├─ DENY     → GovernanceDenied raised, tool never executes
  └─ ESCALATE → on_escalate callback fires, approval sent to your channel
                 reply with token to allow

Prescreening

Before any action reaches Nomotic governance, StandardPrescreener runs a deterministic check in under 1 millisecond with no network call.

Destructive shell patterns are hard-denied at this layer: rm -rf and all flag-order variants, DROP TABLE, DROP DATABASE, TRUNCATE TABLE, mkfs, disk format commands, dd if=, fork bombs, and dangerous redirects to system paths.

Bulk operations above category thresholds are blocked: more than 10 emails, more than 20 files, more than 5 calendar items in a single operation.

Credential and secret file access triggers forced escalation rather than a hard deny — .ssh/, .aws/credentials, .env, .env.production, /etc/passwd, /etc/shadow, and any parameter containing api_key, private_key, client_secret, or access_token.

Policy presets per tool category

Apply the policy preset that matches the OpenClaw tool being called. Each preset encodes the right dimension weights, trust thresholds, and veto dimensions for that category:

python

from managed_agents import ToolPolicy

# Shell tools (bash, run, exec)
policy=ToolPolicy.SHELL        # trust_threshold=0.85, veto: scope+ethics+proportionality

# File operations (read, write, delete, move)
policy=ToolPolicy.FILESYSTEM   # trust_threshold=0.75, veto: reversibility+scope

# Email (send, delete, archive)
policy=ToolPolicy.EMAIL        # trust_threshold=0.70, veto: scope+data_sensitivity

# Browser (navigate, submit, fetch)
policy=ToolPolicy.BROWSER      # trust_threshold=0.75, veto: auth_level+data_sensitivity

# Calendar (create, update, delete)
policy=ToolPolicy.CALENDAR     # trust_threshold=0.60, no vetoes

# Everything else
policy=ToolPolicy.DEFAULT      # trust_threshold=0.65, no vetoes

For an agent that uses multiple tool categories, resolve the policy at call time:

python

from managed_agents import resolve_policy

async def execute_tool(tool_name: str, tool_input: dict) -> str:
    harness.policy = resolve_policy(tool_name)  # auto-selects preset
    await harness.govern(tool_name, tool_input)
    return await openclaw_runtime.execute(tool_name, tool_input)

Governance thresholds by category

CategoryAuto-allow aboveEscalate belowDeny below
Shell0.850.650.45
Filesystem0.750.550.30
Browser0.750.550.35
Email0.700.500.30
Calendar0.600.400.20
Default0.650.450.25

Handling escalations via messaging channel

When governance escalates an action, your on_escalate callback fires. Route the approval request to your user via Telegram, WhatsApp, Slack, or any channel:

python

import secrets

pending_approvals = {}

def send_approval_request(verdict):
    token = secrets.token_urlsafe(6).upper()
    pending_approvals[token] = verdict.evaluation_id

    message = (
        f"🔐 Approval Required\n"
        f"────────────────────\n"
        f"Action: {verdict.reasoning}\n\n"
        f"Reply with your code to allow:\n"
        f"  ✅ Allow: {token}\n"
        f"  ❌ Deny:  DENY\n\n"
        f"Expires in 5 minutes."
    )
    send_to_channel(message)  # your Telegram/WhatsApp/Slack send function

harness = NomoticHarness(
    api_key="nm_live_...",
    agent_id="nmc-...",
    platform="openclaw",
    prescreener=StandardPrescreener(),
    block_on_escalate=False,
    on_escalate=send_approval_request,
)

Production configuration

For a production OpenClaw deployment with full resilience:

python

from managed_agents import (
    NomoticHarness, StandardPrescreener,
    ToolPolicy, CircuitBreaker, GovernanceDenied
)

harness = NomoticHarness(
    api_key="nm_live_...",
    agent_id="nmc-...",
    platform="openclaw",
    prescreener=StandardPrescreener(
        block_destructive_shell=True,
        block_bulk_operations=True,
        escalate_credential_access=True,
    ),
    circuit_breaker=CircuitBreaker(
        failure_threshold=5,
        reset_timeout=60.0,
    ),
    fail_open=True,
    block_on_escalate=False,
    on_escalate=send_approval_request,
    on_deny=notify_user_of_block,
    local_log=True,   # verdicts logged to ~/.nomotic/managed-agents.log
)

Requirements

  • OpenClaw installed and running
  • Python 3.10+
  • pip install "managed-agents>=2.0.0"
  • A Nomotic account and agent certificate (amp.nomotic.ai)
  • A configured messaging channel (Telegram, WhatsApp, or Slack) for escalation approval requests

Governance dimensions

Every action is evaluated across 14 dimensions: intent alignment, scope compliance, reversibility, authorization level, data sensitivity, policy adherence, context appropriateness, instruction fidelity, ethical alignment, proportionality, transparency, temporal appropriateness, resource proportionality, and behavioral consistency. Each policy preset weights these differently — reversibility carries the highest weight (3.0) in the filesystem preset, scope compliance carries the highest weight (3.0) in the shell preset.

← Previous Webhooks and Event Triggers Next → Portable Agent Intelligence: AIR Quickstart

Was this article helpful?

Related articles

Integrations AIR Schema Reference Integrations Portable Agent Intelligence: AIR Quickstart Integrations OpenAI SDK Integration Integrations OpenTelemetry and Monitoring Integrations

On this page

Get Started