Security Rules Guard for OpenClaw - enforces ironclads via before_prompt_build hook

Install

openclaw plugins install clawhub:openclaw-rules-guard

openclaw-rules-guard (OpenClaw Extension)

Version: 1.0.1 | Author: kamusis

Security Rules Guard for OpenClaw - enforces mandatory security rules (ironclads) via the before_prompt_build lifecycle hook.

Features

  • Mandatory Rule Injection: Automatically injects rules from a RULES.md (uppercase) file into every agent turn.
  • Dual-Layer Search:
    1. Workspace Level: Checks for RULES.md in the current project root.
    2. Global Fallback: If no workspace rule exists, falls back to the RULES.md in the extension directory.
  • Security Enforcement: Ensures that critical security guidelines are always present in the context immediately before the user's prompt.
  • Context Management: Uses prependContext to maintain priority and visibility of the injected rules.

Installation

Via ClawHub (recommended):

bash
clawhub package publish openclaw-rules-guard
# or install from registry:
openclaw plugins install clawhub:openclaw-rules-guard

Manual:

  1. Place this extension directory in ~/.openclaw/extensions/openclaw-rules-guard.
  2. (Optional) Create a workspace-specific RULES.md in your project root to override the global one.

Configuration

The plugin is configured via openclaw.plugin.json. By default, it requires no additional configuration beyond its presence.

How it Works

The plugin registers a listener for the before_prompt_build event. When an agent is about to build its prompt, the plugin:

  1. Tries to find RULES.md in ctx.workspaceDir.
  2. If not found, uses the RULES.md located in the extension folder itself.
  3. Reads the determined file and prepends the content to the prompt context under a ### 🚨 SECURITY RULES (MANDATORY) header.