Docs Frameworks
OpenClaw
New to KIFF? Start with the quickstart or connect an existing agent — this page is the framework-specific attach for that same journey. The model behind it: how the guard works.
Status: verified. The adapter ships in the JS guard SDK
(@kiff/kiff-guard,
packages/js/src/adapters/openclaw.ts) and passes the conformance suite
ported from the Python guard. It was verified against the OpenClaw
plugin SDK’s before_tool_call hook. This is KIFF’s first TypeScript
adapter — the Python kiff_guard package can’t host it, so it lives in
the JS package instead.
Shape: vote / approval-native. The before_tool_call hook runs the
tool itself; the guard only votes via its return value — one governed
receipt per call, same as the Python vote adapters. OpenClaw is the
first framework where KIFF’s middle outcome, approval_required, maps
onto a native human-in-the-loop primitive (OpenClaw pauses the run
and routes a real /approve flow) rather than collapsing to a block.
Why OpenClaw matters
OpenClaw isn’t a quick fifth adapter — it widens the whole picture:
- It forces the TypeScript guard SDK. Every shipped adapter is Python; OpenClaw is Node/TS. A TS port unlocks the entire JS agent ecosystem (LangGraph.js, Vercel AI SDK, Mastra) — the vibecode crowd KIFF Cloud targets first.
- First native
approval_required. OpenClaw has a real approval primitive (title, severity, timeout, resolution) plus an/approveUX. This is the first integration where “clearance held for a human” renders as the experience the whitepaper describes, not just a refusal. - Control-plane to control-plane. OpenClaw is itself a Gateway with channels, approvals, and audit. KIFF governing OpenClaw is two control planes composing — KIFF as the shared clearance authority above OpenClaw’s runtime.
The seam
Register the guard on your OpenClaw plugin’s api via the shipped
registerKiffGuard helper. It wires KIFF’s outcomes onto the
before_tool_call return contract for you:
import { definePluginEntry } from "openclaw/plugin-sdk/plugin-entry";
import { Guard } from "@kiff/kiff-guard";
import { registerKiffGuard } from "@kiff/kiff-guard/adapters/openclaw";
const guard = new Guard({ mode: "observe" }); // switch to enforce when ready
export default definePluginEntry({
id: "kiff-guard",
name: "KIFF Guard",
register(api) {
registerKiffGuard(api, guard); // before_tool_call, priority 50
},
});
Under the hood the adapter votes on each call: allowed proceeds and
records that the tool ran; approval_required returns a requireApproval
directive (title, severity, a timeoutMs that fails closed) so OpenClaw
routes a real human approval; anything else returns { block: true }.
Enforce mode fails closed — if the guard can’t reach KIFF, the tool
is blocked. One governed receipt is recorded per call either way.
Status and tracking
Shipped. OpenClaw was the forcing function for the TypeScript guard SDK
(RFC 015),
which now lives in packages/js of the public guard repo. The adapter
and its conformance test ship there
(adapters/openclaw.ts),
which is what moved this page from preview to verified.
Links
- Seam research (full): openclaw.md
- OpenClaw plugin hooks: docs.openclaw.ai