Docs Frameworks

OpenClaw

Status: preview. The seam is fully researched, but the adapter is not yet shipped — OpenClaw is a TypeScript Gateway, so it needs a TS port of the guard (kiff-guard-js), which doesn’t exist yet. The Python kiff_guard package cannot host it. Don’t expect a runnable Python import on this page; it would misrepresent the integration.

Shape: inverted-control / approval-native. The before_tool_call hook runs the tool itself; the guard only votes — and OpenClaw is the first framework where KIFF’s middle outcome, approval_required, maps onto a native human-in-the-loop primitive rather than collapsing to a block.

Why OpenClaw matters

OpenClaw isn’t a quick fifth adapter — it widens the whole picture:

  1. It forces the TypeScript guard SDK. Every shipped adapter is Python; OpenClaw is Node/TS. A TS port unlocks the entire JS agent ecosystem (LangGraph.js, Vercel AI SDK, Mastra) — the vibecode crowd KIFF Cloud targets first.
  2. First native approval_required. OpenClaw has a real approval primitive (title, severity, timeout, resolution) plus an /approve UX. This is the first integration where “clearance held for a human” renders as the experience the whitepaper describes, not just a refusal.
  3. Control-plane to control-plane. OpenClaw is itself a Gateway with channels, approvals, and audit. KIFF governing OpenClaw is two control planes composing — KIFF as the shared clearance authority above OpenClaw’s runtime.

The seam (researched)

A TS plugin via definePluginEntry + api.on("before_tool_call", ...). KIFF’s three outcomes map natively and completely:

import { definePluginEntry } from "openclaw/plugin-sdk/plugin-entry";

export default definePluginEntry({
  id: "kiff-guard",
  name: "KIFF Guard",
  register(api) {
    api.on("before_tool_call", async (event) => {
      const decision = await kiff.decide({ tool: event.toolName, args: event.params });
      if (decision.allowed) return;                       // proceed
      if (decision.outcome === "approval_required") {
        return { requireApproval: {
          title: `Approve ${event.toolName}`,
          description: decision.reason,
          severity: "warning",
          timeoutMs: 60_000,
          timeoutBehavior: "deny",                        // fail closed
        }};
      }
      return { block: true, blockReason: `KIFF: ${decision.reason}` };  // blocked/invalid
    }, { priority: 50 });
  },
});

OpenClaw also exposes api.registerTrustedToolPolicy(...), a host-trusted pre-hook tier purpose-built for a governance gate — the seam a first-party KIFF integration would use.

Status and tracking

Tracked as the forcing function for the TypeScript guard SDK in RFC 015. The public repo already reserves packages/js/ for it. This page flips to verified when kiff-guard-js ships the OpenClaw adapter.

← Quickstart kiff-guard on GitHub ↗