Neurosymbolic Governance for AI Agents

Gate every action through formal ontological constraints. Audit every decision. Never let your agent go astray.

View on GitHubQuick Start

Key Features

Everything you need to keep autonomous agents safe

🧠

OWL + SHACL Validation

Formal ontology constraints, not just pattern matching. Your agent's actions are validated against a real knowledge graph.

🔗

9-Step Pipeline

Every tool call passes through classification, role checks, SHACL, policy, preferences, dependencies, and rate limits.

📋

Full Audit Trail

Append-only JSONL logs with machine-readable ontological justification for every allow and block decision.

👥

Multi-Agent Governance

Kill switches, delegation detection, role-based access control, and temporary scoped permissions.

💉

Context Injection

The knowledge graph feeds live constraints directly into the LLM's system prompt for better self-regulation.

🔌

Zero Core Modifications

Pure plugin architecture. OpenClaw updates independently. No fork drift, no vendor lock-in.

How It Works

Three steps between intent and execution

1

Agent Proposes

The AI agent requests a tool call — file write, shell command, API call.

2

SafeClaw Validates

The request passes through 9 constraint checks against the OWL ontology.

3

Allow or Block

SafeClaw returns a decision with a formal, auditable justification.

See It In Action

SafeClaw evaluating tool calls in real time

safeclaw — terminal
$ safeclaw serve
SafeClaw engine ready on :8420
 
[14:32:01] EVALUATE exec("rm -rf /tmp/important")
→ Classified: DeleteFile (CriticalRisk, irreversible)
→ SHACL: ForbiddenCommandShape violated
→ BLOCKED: "Recursive deletion of critical paths is prohibited"
 
[14:32:05] EVALUATE exec("git status")
→ Classified: ShellAction (LowRisk, reversible)
→ All 9 checks passed
→ ALLOWED

The 9-Step Pipeline

Every tool call passes through these gates in order

Agent
Request
Auth &
Governance
Action
Classifier
Role
Access
SHACL
Validation
Policy
Check
Preference
Check
Dependency
Check
Rate
Limits
Allow /
Block

Quick Start

Get governed in under a minute

Use the hosted service

Install the OpenClaw plugin and point it at our hosted service. No server setup needed.

# Sign up at safeclaw.eu and get your API key
$ npm install -g openclaw-safeclaw-plugin
$ safeclaw connect sc_your_key_here

That's it. safeclaw connect writes your key to ~/.safeclaw/config.json and verifies the connection.

# Default: https://api.safeclaw.eu/api/v1
# No URL configuration needed

Or self-host

Run the SafeClaw engine on your own infrastructure.

$ git clone https://github.com/tendlyeu/SafeClaw.git
$ cd SafeClaw/safeclaw-service
$ python -m venv .venv && source .venv/bin/activate
$ pip install -e ".[dev]"
$ safeclaw init --user-id yourname
$ safeclaw serve
# Engine ready on http://localhost:8420