Docs Frameworks

OpenClaw

New to KIFF? Start with the quickstart or connect an existing agent — this page is the framework-specific attach for that same journey. The model behind it: how the guard works.

Status: verified. The adapter ships in the JS guard SDK (@kiff/kiff-guard, packages/js/src/adapters/openclaw.ts) and passes the conformance suite ported from the Python guard. It was verified against the OpenClaw plugin SDK’s before_tool_call hook. This is KIFF’s first TypeScript adapter — the Python kiff_guard package can’t host it, so it lives in the JS package instead.

Shape: vote / approval-native. The before_tool_call hook runs the tool itself; the guard only votes via its return value — one governed receipt per call, same as the Python vote adapters. OpenClaw is the first framework where KIFF’s middle outcome, approval_required, maps onto a native human-in-the-loop primitive (OpenClaw pauses the run and routes a real /approve flow) rather than collapsing to a block.

Why OpenClaw matters

OpenClaw isn’t a quick fifth adapter — it widens the whole picture:

  1. It forces the TypeScript guard SDK. Every shipped adapter is Python; OpenClaw is Node/TS. A TS port unlocks the entire JS agent ecosystem (LangGraph.js, Vercel AI SDK, Mastra) — the vibecode crowd KIFF Cloud targets first.
  2. First native approval_required. OpenClaw has a real approval primitive (title, severity, timeout, resolution) plus an /approve UX. This is the first integration where “clearance held for a human” renders as the experience the whitepaper describes, not just a refusal.
  3. Control-plane to control-plane. OpenClaw is itself a Gateway with channels, approvals, and audit. KIFF governing OpenClaw is two control planes composing — KIFF as the shared clearance authority above OpenClaw’s runtime.

The seam

Register the guard on your OpenClaw plugin’s api via the shipped registerKiffGuard helper. It wires KIFF’s outcomes onto the before_tool_call return contract for you:

import { definePluginEntry } from "openclaw/plugin-sdk/plugin-entry";
import { Guard } from "@kiff/kiff-guard";
import { registerKiffGuard } from "@kiff/kiff-guard/adapters/openclaw";

const guard = new Guard({ mode: "observe" }); // switch to enforce when ready

export default definePluginEntry({
  id: "kiff-guard",
  name: "KIFF Guard",
  register(api) {
    registerKiffGuard(api, guard); // before_tool_call, priority 50
  },
});

Under the hood the adapter votes on each call: allowed proceeds and records that the tool ran; approval_required returns a requireApproval directive (title, severity, a timeoutMs that fails closed) so OpenClaw routes a real human approval; anything else returns { block: true }. Enforce mode fails closed — if the guard can’t reach KIFF, the tool is blocked. One governed receipt is recorded per call either way.

Status and tracking

Shipped. OpenClaw was the forcing function for the TypeScript guard SDK (RFC 015), which now lives in packages/js of the public guard repo. The adapter and its conformance test ship there (adapters/openclaw.ts), which is what moved this page from preview to verified.