Integration Guide

OpenClaw

Connect OpenClaw to DashClaw and get your first governed action into /decisions in under 20 minutes.

Instance URL detected: https://dash-claw.vercel.app

Deploy DashClaw

Get a running instance. Click the Vercel deploy button or run locally.

Already have an instance? Skip to Step 2.

Install the plugin

Install through the OpenClaw plugin CLI. The plugin self registers via openclaw.plugin.json; no manual import or wiring is required.

Terminal

openclaw plugins install @dashclaw/openclaw-plugin

Set environment variables

Export your DashClaw connection details before the gateway starts. API keys for self hosted instances start with oc_live_.

.env

DASHCLAW_BASE_URL=https://dash-claw.vercel.app
DASHCLAW_API_KEY=oc_live_...
DASHCLAW_AGENT_ID=my-openclaw-agent

Configure the plugin

Drop a config block into your OpenClaw settings. Pick the tools that should always start at high risk; the classifier may raise the score further for known dangerous commands but will not lower it.

openclaw.config.json

{
  "plugins": {
    "entries": {
      "dashclaw-governance": {
        "enabled": true,
        "config": {
          "dashclawUrl": "https://dash-claw.vercel.app",
          "dashclawApiKey": "oc_live_...",
          "agentId": "my-openclaw-agent",
          "failClosed": true,
          "highRiskTools": ["bash", "exec", "write_file"]
        }
      }
    }
  }
}

failClosed defaults to true. If DashClaw is unreachable, the plugin blocks the action instead of allowing it. This is the correct default for governance. Do not flip it to false unless you have a specific reason and you have thought through what happens when your governance plane goes down.

Run your OpenClaw agent and trigger a tool call

Start your agent and ask it to do something that uses a governed tool (bash, write, edit). The plugin classifies the tool call, runs guard against your policies, waits for approval if required, and records the outcome to DashClaw.

Example prompt

Create a file called hello.txt with the contents "Hello from a governed agent"

Watch the gateway logs. You should see [dashclaw-governance] entries as the plugin classifies and guards each tool call.

See the result in DashClaw

Open your DashClaw dashboard to confirm the action was recorded.

Go to /decisions. You should see your tool call in the ledger with agent_id 'my-openclaw-agent' and a classified action_type (apply for a file write, deploy for a git push, security for sensitive paths, or other for unknown tools).

What success looks like

Go to /decisions. You should see your OpenClaw tool call in the ledger with agent_id 'my-openclaw-agent', a classified action_type that matches the tool call, and status 'completed'. Token usage and cost are attributed automatically once the agent's next LLM turn completes.

Navigate to /decisions in your DashClaw instance. Your action should appear in the ledger within seconds of the agent run.

Governance as Code

Drop a guardrails.yml in your project root to enforce policies without code changes. DashClaw evaluates these rules at the guard step before any action executes.

guardrails.yml

version: 1
project: my-openclaw-agent
description: >
  Governance policy for an OpenClaw agent.
  Block destructive shell commands.
  Require approval on deployment commands.

policies:
  - id: block_destructive_shell
    description: Block irreversible filesystem destruction
    applies_to:
      tools:
        - bash
        - exec
    rule:
      block: true
    when:
      command_contains:
        - "rm -rf"
        - "drop table"

  - id: approve_deploys
    description: Production deploys require human approval
    applies_to:
      tools:
        - bash
    rule:
      require: approval
    when:
      command_contains:
        - "git push origin main"
        - "vercel deploy"
        - "kubectl apply"

What gets governed

The plugin classifies each tool call before it executes. Bash commands are parsed against known intent sets (git, rm, curl, npm). File operations are scanned for sensitive paths (.env, credentials, private keys). Unknown tools fall through to action_type other with a configurable default risk score of 50. Tools listed in highRiskTools always start at risk 85; the classifier may raise the score further but will not lower it.

Tool call	action_type	Risk	Reversible
bash: git push origin main	deploy	80	no
bash: rm -rf /tmp/data	security	90	no
write: .env.production	security	85	yes
read: config.json	review	15	yes

The classification vocabulary matches the DashClaw Claude Code hooks, so guard policies you write for one apply automatically to the other. Full reference and configuration options: @dashclaw/openclaw-plugin README.